Osirium Logo

View Untagged EC2 Instances

View Untagged EC2 Instances Playbook IconView Untagged EC2 Instances Playbook Icon

This task reports on untagged EC2 instances from all VPCs in a chosen region.

You can run this task interactively, from a schedule, or via an API call to PPA.

It requires an AWS API key that has permissions to read instance details from EC2.

Playbook Files

Running this Playbook

  • Click download playbook
  • Import the downloaded file via the Playbooks page on PPA
  • Build the playbook from the Edit & Build tab
  • Run the playbook from the Preview & Deploy tab
* Requires PPA v2.9.x or newer


Required PPA Configuration

If you run start this task from a schedule or API call, the untagged instance report will be sent via email.

When started interactively the user will have the choice to email the report.

To email this report you must have SMTP configured in PPA.

Required Vault Details


  • Access key ID
  • Secret access key

The key must have permissions to read instance details from EC2.

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.


Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

API/Schedule Payload

To run this task from a schedule or API call, you'll need to supply the following in the payload:

  • The EC2 region
  • Reporting email address

The payload should be in this format:

  "ec2_region": "ec2-region-name",
  "email_recipient": "example@domain.com",

You can use the example payload above as a template.

What the Task Does


When run interactively this task will:

  • Ask the user to select an EC2 region
  • Find all untagged EC2 instances in the selected region
  • Display them in a table
  • Ask the user whether to send the report in an email


When started from a schedule or API call, this task will:

  • Find all untagged EC2 instances in the region defined in the task payload
  • Display them in a table
  • Send the report in an email

Audit Failure Messages (optional)

This task can supply a message to the Activity page if sending the report email fails.

To test this do the following in PPA after you've built & tested the task:

  • Navigate to the Playbook Editor
  • Click the burger menu for your Playbook
  • Select Edit Metadata
  • Expand the Advanced section
  • Paste the JSON below into the Exit Codes section
  • Click Save
  "2": "Failed to send email report. SMTP is not configured in PPA.",
  "3": "Failed to send email report. Please view the logs for more information."

You can see how this is done below:


Product Boot Screen

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express


Theale Court
11-13 High Street, Theale
Reading, Berkshire, RG7 5AH
United Kingdom
+44 (0) 118 324 2444

Osirium Logo

Copyright 2020 Osirium Ltd.