Tagging recently created instances can result in
InvalidInstanceID.NotFound errors.

By delaying the tagging until the last part of instance creation,
we should be typically more fortunate (avoiding all such race
conditions might need more work)

If `get_all_instances` returns multiple reservations, the old wait loop only
dealt with the first reservation. Thus, the wait loop may end before all
instances get to be running/stopped.

Also clean up the code a little.

Created common module doc fragment, and applied to all
modules that use ec2_connect or connect_to_aws as
they definitely share the common doc fragments

added version

Checked 1.4.5 and this option doesn't exist. Will check/update/pull docs next.

Allow security tokens and profiles to be used as arguments
to the 'common' ec2 modules

Mostly refactoring to provide two new methods,
`get_aws_connection_info`, which results in a dict that can be
passed through to the boto `connect_to_region` calls, and
`connect_to_aws` that can pass that dict through to the
`connect_to_region` method of the appropriate module.

Tidied up some variable names

Works around boto/boto#2100

profiles don't work with boto < 2.24, but this detects for that
and fails with an appropriate message. It is designed to work
if profile is not passed but boto < 2.24 is installed.

Modifications to allow empty aws auth variables to be passed
(this is useful if wanting to have the keys as an optional
parameter in ec2 calls - if set, use this value, if not set,
use boto config or env variables)

Reworked validate_certs improvements to work with refactoring

Added documentation for profile and security_token to affected modules

the primary name of the parameter in the examples.

When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.

Fixes #3978

tagged_instances is initialised in a scope not visible
when state is not absent.

Change standard AWS access and secret key parameter names to aws_access_key and aws_secret_key. Fixes an authentication problem with the rds module and standardizes the naming convention on something more encompassing than ec2_*_key.

Refactor the currently well-factored ec2 modules (i.e. those that already use ec2_connect) to
have a common argument spec. The idea is that new modules can use this spec without duplication
of code, and that new functionality can be added to the ec2 connection code (e.g. security
token argument)

This allows a volume to be cloned from a snapshot, a brand new
volume to be created, or an ephemeral volumes to be associated
at time of instance creation.

This avoids any race conditions associated with creating extra volumes
after instance creation (e.g. writes happening before the volume is
mounted).

In addition, this allows the root volume to be edited

Moved `AWS_REGIONS` into `ec2` module
Created `ec2_connect` method in `ec2` module
Updated modules able to use `ec2_connect` and `AWS_REGIONS`