DEV Community

Nurul Ramadhona for AWS Community Builders

Posted on • Updated on

Automate AWS IAM Using Ansible: Let's Play with Variables and Tags!

Hi everyone! I'm Dhona and this is my first series as well as first post on DEV. Here I'll create a series of how to use ansible to automate IAM service (because it's too long to explain it into a single post). If people are mostly busy with ansible to build infrastructure or deploy applications, now I want to start with something different.

As we all know, IAM is the free and most basic service in AWS but please never underestimate or skip it. IAM is the first service we need after we created an AWS (root) account. More about IAM, click here!

Before we start, we have to prepare two things just like we use ansible as usual. Those are inventory and playbook. Don't worry if you never use ansible! Ansible is easy to learn even for beginners or even don't have coding skills like me. Please ensure you have latest version of ansible along with the aws collection installed on your local device.

Click here for ansible installation!

To install AWS collections, you can simply run:
ansible-galaxy collection install
ansible-galaxy collection install

Note*: The services supported are based on modules availability of each collection.


Inventory is where we place list of our servers as the target hosts like this:

Enter fullscreen mode Exit fullscreen mode

We can use format in INI or YAML as we use it for our playbook. Example above is in INI format. To run ansible for AWS, the target host is different. We use our local device (such as laptop) as the target because we will use ansible to run AWS command. So, the inventory goes like this:

Enter fullscreen mode Exit fullscreen mode

I give the file name as host.yml. So, when we run the playbook. We will go with --inventory host.yml or -i host.yml for short.

Additional: In the inventory, we can also place variables.
For example:

      temp_pass: passwordup2U!
      user1: name1
      user2: name2
      user3: name3
      user4: name4
      user5: name5
      user6: name6
      group1: developer
      group2: programmer
      group3: engineer
Enter fullscreen mode Exit fullscreen mode

Never mind the value of the variables above. You can change them with your own values.


Playbook is where we place the tasks. We can divide multiple tasks inside a role or create it in a single task file. In this series, we will use and place it in a single task file because IAM is simple enough and we will use tag to run specific tasks. So we don't need too many playbook just for an IAM. I'll explain the task later.

- name: iam
  hosts: localhost
  connection: local
  gather_facts: no

Enter fullscreen mode Exit fullscreen mode

For the playbook file, I give it a name iam.yml.

Then, we will use variable as well to specify the value or even multiple values. To specify multiple values, we can use loop instruction. Loop is also suitable for repeatable action.

For example, we can use the following formats:

  - variable1
  - variable2
Enter fullscreen mode Exit fullscreen mode


loop: [variable1,variable2]
Enter fullscreen mode Exit fullscreen mode

Both version are the same. Ansible will read the first format as same as the second format which is string. The first format is recommended (by me) because we can comment by adding hashtag in the front of the line to disable the value we don't need or uncomment when we need it again like this:

#  - variable1
  - variable2
Enter fullscreen mode Exit fullscreen mode

And last but not least, before we start. Don't forget to setup the credential (at least one IAM user) on your local device. That's something that goes with aws configure, along with providing access key and secret access key. Please ensure you have AWS CLI installed on your local device first, click here for the instruction!

Note*: You can follow all the upcoming steps because we will delete all stuff at the end.

Alright! That's it for the Part 1. Please go to the Part 2 to start with the ansible.

Latest comments (0)