Retrieve EC2 instance data for minions for ec2_tags and ec2_tags_list

The minion id must be the AWS instance-id or value in tag_match_key. For example set tag_match_key to Name to have the minion-id matched against the tag 'Name'. The tag contents must be unique. The value of tag_match_value can be 'uqdn' or 'asis'. if 'uqdn', then the domain will be stripped before comparison.

Additionally, the use_grain option can be set to True. This allows the use of an instance-id grain instead of the minion-id. Since this is a potential security risk, the configuration can be further expanded to include a list of minions that are trusted to only allow the alternate id of the instances to specific hosts. There is no glob matching at this time.


If you are using use_grain: True in the configuration for this external pillar module, the minion must have metadata_server_grains enabled in the minion config file (see also here).

It is important to also note that enabling the use_grain option allows the minion to manipulate the pillar data returned, as described above.

The optional tag_list_key indicates which keys should be added to ec2_tags_list and be split by tag_list_sep (by default ;). If a tag key is included in tag_list_key it is removed from ec2_tags. If a tag does not exist it is still included as an empty list.


As with any master configuration change, restart the salt-master daemon for changes to take effect.

  - ec2_pillar:
      tag_match_key: 'Name'
      tag_match_value: 'asis'
        - Role
      tag_list_sep: ';'
      use_grain: True
        - trusted-minion-1
        - trusted-minion-2
        - trusted-minion-3

This is a very simple pillar configuration that simply retrieves the instance data from AWS. Currently the only portion implemented are EC2 tags, which returns a list of key/value pairs for all of the EC2 tags assigned to the instance.

salt.pillar.ec2_pillar.ext_pillar(minion_id, pillar, use_grain=False, minion_ids=None, tag_match_key=None, tag_match_value='asis', tag_list_key=None, tag_list_sep=';')

Execute a command and read the output as YAML