diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
index 7e8c55cc..076a79bf 100644
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@@ -13,6 +13,11 @@ ssh_users:
       [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsibU0nsQFFIdolD1POzXOws4VetV0ZNByINRzY8Hx0 arturo@ooni.org",
       ]
+  aagbsn:
+    login: aagbsn
+    comment: Aaron Gibson
+    keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiHINJ8m80H7PPgtnlx7nGL/rJzf1daW/YOnF78Wb0v aaron@ooni.org"
   majakomel:
     login: majakomel
     comment: Maja Komel
@@ -34,8 +39,8 @@ ssh_users:
     keys:
       - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHc04zv+G8vGOS/znLy6xd3lB0/B07uaFjgyh4UgqUMA luis@openobservatory.org"
 
-admin_usernames: [art, mehul, luis]
-root_usernames: [art, mehul, luis]
+admin_usernames: [art, aagbsn, mehul, luis]
+root_usernames: [art, aagbsn, mehul, luis]
 non_admin_usernames: []
 
 prometheus_metrics_password: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/ooni_services/prometheus_metrics_password', profile='oonidevops_user_prod') }}"
diff --git a/ansible/roles/ssh_users/tasks/main.yml b/ansible/roles/ssh_users/tasks/main.yml
index d67b7acb..6ab0e805 100644
--- a/ansible/roles/ssh_users/tasks/main.yml
+++ b/ansible/roles/ssh_users/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: ensure admin group exists
+  tags: ssh_users
   group:
     name: "{{ admin_group_name }}"
     state: present
@@ -52,6 +53,7 @@
   with_items: "{{ admin_usernames | union(non_admin_usernames) }}"
 
 - name: configure sshd
+  tags: ssh_users
   include_role:
     name: willshersystems.sshd
   vars:
@@ -60,6 +62,7 @@
       AllowUsers: "{{ admin_usernames | union(non_admin_usernames) | sort | join(' ') }}"
 
 - name: Enesure sudoers dir exists
+  tags: ssh_users
   ansible.builtin.file:
     path: /etc/sudoers.d
     state: directory
@@ -67,6 +70,7 @@
     group: root
 
 - name: sudoers.d/80-admins
+  tags: ssh_users
   template:
     src: sudoers
     dest: /etc/sudoers.d/80-admins
@@ -76,11 +80,13 @@
     validate: 'visudo -cf %s'
 
 - name: sudoers.d/adm
+  tags: ssh_users
   ansible.builtin.file:
     path: /etc/sudoers.d/adm
     state: absent
 
 - name: reload sshd
+  tags: ssh_users
   ansible.builtin.systemd_service:
     name: sshd
     state: reloaded