Start with the the Ansible configuration. This can be set in /etc/ansible/ansible.cfg or ~/.ansible.cfg (in the home directory) or ansible.cfg (in the current directory)
My suggestion is use one of the first 2 (ie. /etc/ or ~/.ansible.cfg if you’re going to be managing instances from your machine. Update the configuration as needed.
[defaults]
inventory = ./ansible_plugins
enable_plugins = aws_ec2
host_key_checking = False
pipelining = True
log_path = /var/log/ansible
You may need other plugins, this one is for aws_ec2. In the /etc/ansible/ansible_plugins directory, create the *_aws_ec2.yml configuration file for your inventory
# /etc/ansible/ansible_plugins/testing_aws_ec2.yml
---
plugin: aws_ec2
aws_profile: testing
regions:
- us-east-1
- us-east-2
filters:
tag:Team: testing
instance-state-name : running
hostnames:
- instance-id
- dns-name
keyed_groups:
- prefix: team
key: tags['Team']
You'll notice, I’m filtering using a tag:Team == testing and showing only running instances.
I’m also using the instance-id and dns-name attributes as hostname
And I’m using the tag['Team'] as a grouping.
So now, I can do the following from any directory (since my configuration is global in /etc/ansible)
$ ansible-inventory --list --yaml
all:
children:
aws_ec2:
hosts:
i-xxxxxxxxxxxxxxx:
ami_launch_index: 0
architecture: x86_64
block_device_mappings:
- device_name: /dev/sda1
ebs:
attach_time: 2020-08-10 15:20:58+00:00
delete_on_termination: true
status: attached
volume_id: vol-xxxxxxxxxxxxxx
...
team_testing:
hosts:
i-xyxyxyxyxyyxyxyy: {}
i-xyxyxy2321yxyxyy: {}
i-xyxyxyxyxy89yxyy: {}
i-xyxy1210xyyxyxyy: {}
i-xyxy999999yxyxyy: {}
i-xyxyxy44xyyxyxyy: {}
i-xyx2323yxyyxyxyy: {}
i-xyxyxyxyxy9977yy: {}
ungrouped: {}
I can also use the team_testing or the individual instance_id in my Ansible hosts calls.
Top comments (2)
Are there any advantages on using Ansible over AWS Systems Manager?
One does not rule out the other. In fact, they are better together. AWS Systems Manager allows you to reach the running instances (managed by SSM), and run commands there (SendCommand, etc.) See: aws.amazon.com/blogs/mt/running-an...
Running Ansible playbooks (via SSM or directly) is one of the better options to update instances, install additional software, and basically do more complicated tasks on those instances.
However, running playbooks from a "home" (AKA controller) machine is sometimes more convenient. In these cases, you need a way to connect to those instances. You will notice that I use
hostnames: [instance-id, dns-names]in my plugin configuration. This works well with my SSH over SSM setup on this home machine, and Ansible uses that. So sincessh i-xxxxxxxxxxworks,ansible -m ping i-xxxxxxxxxxalso works.See: docs.aws.amazon.com/systems-manage... for more information on getting started with that.