Osirium Logo

Launch EC2 Instance

Launch EC2 Instance Playbook IconLaunch EC2 Instance Playbook Icon

This is an interactive task that allows the user to configure & launch a new EC2 instance.

An email approval step is included before the instance is launched.

Playbook Files

Running this Playbook

  • Click download playbook
  • Import the downloaded file via the Playbooks page on PPA
  • Build the playbook from the Edit & Build tab
  • Run the playbook from the Preview & Deploy tab
* Requires PPA v2.9.x or newer


Email Configuration

This task contains an email approval step that requires SMTP to be configured in the PPA appliance.

Instance AMI & Region

By default the playbook is configured to use the Amazon Linux AMI in the London (eu-west-2) region.

You can change both the AMI ID & EC2 region on lines 17 & 18 of the playbook.

Instance Tags

A default list of tags is included in the playbook on line 10.

The user will be asked to supply a value for each tag.

You can change this list to suit your use case.

Required Vault Details


  • Access key ID
  • Secret access key

The key must have permissions to:

  • Read instances & instance types
  • Read key pairs
  • Launch instances

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.


Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

What the Task Does

Once started this task will:

  • Ask the user to select an instance type
  • Prompt the user for an instance name
  • Ask the user to select a key pair
  • Prompt for a value for each instance tag specified in tag_names (line 10)
  • Present the new instance configuration & ask the user to confirm or cancel
  • Prompt for an approval email address (see below for more information)
  • Launch the new instance if the request was approved

Approval Request

This task requires email approval before the instance is launched.

For demo purposes the task will ask the user for an email address to send the approval request to.

In production this should be changed to an alternative method, such as…

  • Configuring a list of approvers in the playbook
  • Looking up the user's manager in Active Directory (via the manager attribute)
  • Sending the approval email to members of an Active Directory security group
  • Using a private Slack channel

… or many others.

Product Boot Screen

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express


Theale Court
11-13 High Street, Theale
Reading, Berkshire, RG7 5AH
United Kingdom
+44 (0) 118 324 2444

Osirium Logo

Copyright 2020 Osirium Ltd.