diff --git a/test/integration/targets/ec2_key/tasks/main.yml b/test/integration/targets/ec2_key/tasks/main.yml
index 05dd669288c..04aa2670741 100644
--- a/test/integration/targets/ec2_key/tasks/main.yml
+++ b/test/integration/targets/ec2_key/tasks/main.yml
@@ -5,9 +5,6 @@
 #  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
 #  - EC2_REGION -> AWS_REGION
 #
-# TODO - name: test 'region' parameter
-# TODO - name: test 'state=absent' parameter for existing key
-# TODO - name: test 'state=absent' parameter for missing key
 # TODO - name: test 'validate_certs' parameter
 
 # ============================================================
@@ -147,7 +144,7 @@
            - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr'
 
     # ============================================================
-    - name: test state=absent with key_material
+    - name: test removing a non-existent keypair
       ec2_key:
         name='{{ec2_key_name}}'
         ec2_region={{ec2_region}}
@@ -296,6 +293,25 @@
            - '"private_key" not in result.results[0].key'
            - 'result.results[0].key.fingerprint == "{{fingerprint}}"'
 
+    # ============================================================
+
+    - name: test force=no with another_key_material (expect changed=false)
+      ec2_key:
+        name: '{{ ec2_key_name }}'
+        ec2_region: '{{ ec2_region }}'
+        ec2_access_key: '{{ ec2_access_key }}'
+        ec2_secret_key: '{{ ec2_secret_key }}'
+        security_token: '{{ security_token }}'
+        key_material: '{{ another_key_material }}'
+        force: no
+      register: result
+
+    - name: assert force=no with another_key_material (expect changed=false)
+      assert:
+        that:
+          - 'not result.changed'
+          - 'result.key.fingerprint == "{{ fingerprint }}"'
+
     # ============================================================
     - name: test state=absent with key_material (expect changed=true)
       ec2_key:
diff --git a/test/integration/targets/setup_sshkey/tasks/main.yml b/test/integration/targets/setup_sshkey/tasks/main.yml
index a1254b18c28..18c571b6718 100644
--- a/test/integration/targets/setup_sshkey/tasks/main.yml
+++ b/test/integration/targets/setup_sshkey/tasks/main.yml
@@ -15,33 +15,41 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
-- name: create random file
-  shell: mktemp /tmp/id_rsa.XXXXXX
-  register: sshkey
+- name: create a temp file
+  tempfile:
+    state: file
+  register: sshkey_file
   tags:
     - prepare
 
 - name: generate sshkey
-  shell: echo 'y' | ssh-keygen -P '' -f {{sshkey.stdout}}
+  shell: echo 'y' | ssh-keygen -P '' -f {{ sshkey_file.path }}
   tags:
     - prepare
 
-- name: record key_material
-  command: cat {{sshkey.stdout}}.pub
-  register: key_material
+- name: create another temp file
+  tempfile:
+    state: file
+  register: another_sshkey_file
+  tags:
+    - prepare
+
+- name: generate another_sshkey
+  shell: echo 'y' | ssh-keygen -P '' -f {{ another_sshkey_file.path }}
   tags:
     - prepare
 
 - name: record fingerprint
-  shell: openssl rsa -in {{sshkey.stdout}} -pubout -outform DER 2>/dev/null | openssl md5 -c
+  shell: openssl rsa -in {{ sshkey_file.path }} -pubout -outform DER 2>/dev/null | openssl md5 -c
   register: fingerprint
   tags:
     - prepare
 
 - name: set facts for future roles
   set_fact:
-    sshkey: '{{sshkey.stdout}}'
-    key_material: '{{key_material.stdout}}'
-    fingerprint: '{{fingerprint.stdout.split()[1]}}'
+    sshkey: '{{ sshkey_file.path }}'
+    key_material: "{{ lookup('file', sshkey_file.path ~ '.pub') }}"
+    another_key_material: "{{ lookup('file', another_sshkey_file.path ~ '.pub') }}"
+    fingerprint: '{{ fingerprint.stdout.split()[1] }}'
   tags:
     - prepare