DEV Community

Nurul Ramadhona for AWS Community Builders

Posted on • Updated on

More Automation for Your AWS Resources, More Coffee Time for You!

Hi everyone! It's been a while since my latest post (2 months ago) but today I have an interesting topic to be discussed. Actually I already talked about this topic on AWS UG Indonesia event but the session was in Indonesian (here's the video) so I thought about to turn it into a blog post in English.

Alright! You may see that mostly I talked about Ansible for AWS on this blog, but at this time I'll talk on the other side about them where we can combine them. They can actually be "friends" and shouldn't always be comparisons. These works can help you to do more automation for your AWS resources which it means that you will have more time to enjoy your coffee :) I mean everybody loves it, right?

AWS Ansible Automation


  1. AWS CLI and setup at least one credential;
  2. Ansible;
  3. Ansible collection for AWS by running ansible-galaxy collection install and ansible-galaxy collection install

1. Dynamic Inventory For EC2 Instances

Yes, we usually manage our servers inventory manually which we input the IP addresses or hostnames manually like below:

Enter fullscreen mode Exit fullscreen mode

but Ansible has a plugin that enables to manage our EC2 instances and meets our needs. It's very easy to do, simple and you will get what you want in a short time.

To use this plugin, below are the steps:

  • Create new yaml file and input the code below:
plugin: aws_ec2
- ap-southeast-3
availability-zone: ap-southeast-3b
Enter fullscreen mode Exit fullscreen mode

It will enable us to get the EC2 details and create group for our instances based on the filter we use. For example above, I need to manage EC2 instances in the Jakarta region and I added a filter AZ because I just need to manage the instances in the AZ B. Any filter we can use is just the same as we use EC2 filter by AWS CLI (if we can use the filter using AWS CLI EC2, then we can use it too on this plugin).

  • After create the file, run the command:
ansible-inventory -i aws_ec2.yml --list
Enter fullscreen mode Exit fullscreen mode

Here's the sample output:

"aws_ec2": {
  "hosts": [
Enter fullscreen mode Exit fullscreen mode
  • If we just wanna see the grouping, run the command:
ansible-inventory -i aws_ec2.yml --graph
Enter fullscreen mode Exit fullscreen mode

Here's the sample output:

  |  |
Enter fullscreen mode Exit fullscreen mode
  • In case we wanna run some command or playbook to our instances for example to install an application on them, we can mention the inventory just like we use Ansible as usual. Below is sample by running ansible ad-hoc and we will see the output when it's done.
ansible -i aws_ec2.yml -u ubuntu -m shell -a "sudo apt install apache2 -y"
Enter fullscreen mode Exit fullscreen mode

Now we all see, how easy is for us to manage our EC2 instances. More about this plugin, you can find it here.

2. Running AWS CloudFormation using Ansible

In this concept, we automate the AWS IaC tool. As we all know, CloudFormation gives us easy way for infrastructure provisioning on AWS into a file, just by pushing a template. That sounds great, right? But do you know that Ansible has module for that?

Yup! Ansible has and we can get some benefits by combining them. As I mentioned before, they shouldn't always be comparisons but it will be better to run them together.

What can we do with them?

  • Create multiple stacks at once

In case we wanna create some stacks with the same resources along with their each own values, we can do that with Ansible. We don't need to copy-paste the same template just for the same resources. All we need to do is just turning it into variable. Let's see how it works!

Here's the sample task that we can use. The key is the template_body argument which allows us to use jinja2 template. In this case, I wanna create a bucket in two stacks and each stack has its own stack name and the bucket name as well. So in the stack1 I wanna create a bucket named nuruls3 and for the stack2, the bucket name is dhonas3.

    - name: create cloudformation stacks
        stack_name: "{{ }}"
        state: present
        template_body: "{{ lookup('template', 'cf-template.yml.j2') }}"
        - { name: stack1, bucket: nuruls3 }
        - { name: stack2, bucket: dhonas3 }
Enter fullscreen mode Exit fullscreen mode

How does the template look like? It's just as simple as this. We turn the bucket name which the data type is string into a variable.

    Type: 'AWS::S3::Bucket'
      BucketName: "{{ item.bucket }}"
Enter fullscreen mode Exit fullscreen mode

So when we wanna define different values for different stacks using one (same) template, we just need to change the variables under the loop action.

Here's the output:

TASK [create a cloudformation stack] *******************************************
changed: [localhost] => (item={'name': 'stack1', 'bucket': 'nuruls3'})
changed: [localhost] => (item={'name': 'stack2', 'bucket': 'dhonas3'})
Enter fullscreen mode Exit fullscreen mode

and the result:

CloudFormation Stacks Created By Ansible

$ aws s3 ls
2022-10-30 11:08:19 dhonas3
2022-10-30 11:07:51 nuruls3
Enter fullscreen mode Exit fullscreen mode

Note: We can also do update and delete as well as the creation. More about this module, click here!

  • Create a stack that contains resources in different accounts (in case you have more than one).

This is sample from the Ansible documentation:

- name: Create a stack set with instances in two accounts
    name: my-stack
    description: Test stack in two accounts
    state: present
    accounts: [1234567890, 2345678901]
    - us-east-1
Enter fullscreen mode Exit fullscreen mode

On this step, I'm not able to reproduce it because I just have one account and I think I don't need to create the new one just to do this :) it's enough for me to have one because it's just for personal use but in case you need to use it because you have more than one account, please let me give you some tips. For me, instead of using template_url which you have to upload on S3 bucket, you can use template_body. Why? Because you will be able to do something more flexible. For example, you can use jinja2 template where you can freely customize the parameters.

3. Running Ansible from AWS Systems Manager

SSM is a great thing to use to manage our EC2 instances and the good thing is we can run Ansible playbook from SSM.

All we need to do is just to attach IAM role on your EC2 instances you want to manage that allows them to communicate with SSM or we can say to make the SSM-Agent installed on the EC2 instances works. Yup! For the latest AMI, SSM-Agent has already installed by default so we don't need to install it again (check the full information here).

One more thing we need to do is install Ansible on our EC2 instances because it will be running on your instances which it acts as Ansible host, that's why it should be installed.
(This action can be done by SSM as well by SSM RunCommand but in this case we use Shell).

Here we will use RunCommand with document RunAnsiblePlaybook from Systems Manager and AFAIK it's free to do RunCommand so it can be one of your alternatives to run Ansible instead of using your localhost.

AWS SSM RunCommand

Here's the sample of the playbook. You can directly write it into the column provided or using URL where you store your playbook.

AWS SSM RunAnsiblePlaybook

In case you wanna run it using AWS CLI, below is the sample:

aws ssm send-command --document-name "AWS-RunAnsiblePlaybook" --document-version "1" --targets '[{"Key":"InstanceIds","Values":[your-instances-ids]}]' --parameters '{"playbook":["hosts: localhost\ntasks:\n - name: install web server\n apt: name=apache2"],"playbookurl":[""],"extravars":["SSM=True"],"check":["False"],"timeoutSeconds":["3600"]}' --timeout-seconds 600 --max-concurrency "50" --max-errors "0" --region ap-southeast-3
Enter fullscreen mode Exit fullscreen mode

Alright! Those are three cool things we can do with Ansible to automate our AWS resources. I hope they can help you to extend your time enjoying the coffee :) instead of spending more time to work for your system (just let them work for you).

That's it for now! Thank you for coming and I'm looking forward to your feedback. Follow me to get notified when my new post is published!

Top comments (0)