Ansible AWS Session Manager Plugin Use Cases
- septembre 28, 2020
Today we announced the arrival of the Ansible AWS Session Manager plugin, compatible with Ansible 2.10. The solution enables Ansible users to take advantage of the full power of AWS Session Manager with Ansible, tightening network access and eliminating key management. (For more details on the full solution, read today’s blog announcement.)
Consistent with existing Ansible usage, users need only to configure the inventory to use the new plugin. Two different scenarios where you may consider the new plugin include:
Using Static Inventory
When specifying the hostname in the inventory file, instead of providing the IP address or DNS name we need the instance-ids. We have three examples in this scenario.
- Stop the Windows Spooler Service
- Install the Nginx Package on Linux Instance(s)
- Create a Directory in Windows Instances
Note: All the examples use the same Hosts file.
Hosts File:
all:
hosts:
linux1:
ansible_aws_ssm_instance_id: i-0f303b65c4dba14f8
linux2:
ansible_aws_ssm_instance_id: i-0fef0bd908610ff64
windows1:
ansible_aws_ssm_instance_id: i-0aca5f297c4e80a95
windows2:
ansible_aws_ssm_instance_id: i-0eafbc6c61ece7b30
children:
Shell:
hosts:
linux[1:2]:
PowerShell:
hosts:
windows[1:2]:
Stop the Windows Spooler Service
win_service.yaml
—– name: Stop Windows Service
hosts: PowerShell
gather_facts: true
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
– name: Stop spooler service
win_service:
name: spooler
state: stopped
Execution:
ansible-playbook win_service.yaml -i allhosts.yml
By calling `PowerShell` hostgroup, the task will be executed in both defined Windows hosts defined.
Install the Nginx Package on Linux Instance(s)
linux.yaml
– name: Install a Nginx Package
hosts: Shell
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-west-2
tasks:
– name: Install a Nginx Package
shell: sudo amazon-linux-extras install nginx1.12 -y
args:
executable: /bin/bash
become_method: sudo
Execution:
Ansible-playbook linux.yaml -i ./allhosts.yml
Output:
Create a Directory in Windows Instances
win_dir.yaml
– name: Create a directory in Windows Instance
hosts: PowerShell
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
– name: Create a Directory
win_file:
path: C:\Windows\Temp\
state: directory
Execution:
ansible-playbook win_dir.yaml -i allhosts.yml
Output:
Using Dynamic Inventory
The AWS Dynamic Inventory plugin works without any changes. We were able to leverage existing support for choosing the hostname from any of the instance attributes. So, in addition to the changes shown above for specifying the connection plugin to use, we need to specify that the AWS dynamic inventory plugin will use the Instance ID as the inventory hostname. For this scenario, we have 2 examples:
Create a Directory on Windows Instances
Dynamic Inventory
plugin: aws_ec2
regions:
– us-east-1
hostnames:
– instance-id
filters:
tag:SSMTag: ssmwindows
From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.
Playbook
–—
– name: Create a dir.
hosts: all
gather_facts: false
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: test-ssm-instances
ansible_aws_ssm_region: us-east-1
tasks:
– name: Create the directory
win_file:
path: C:\Temp\SSM_Testing5
state: directory
Execution
ansible-playbook win_file.yaml -i aws_ec2.yml
The Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.
Output:
Install AWS CLI on Linux Instances
Dynamic Inventory
plugin: aws_ec2
regions:
– us-east-1
hostnames:
– instance-id
filters:
tag:SSMTag: ssmlinux
From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.
Playbook
—
– name: install aws-cli
hosts: all
gather_facts: false
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_bucket_name: test-ssm-instances
ansible_aws_ssm_region: us-east-1
tasks:
– name: aws-cli
raw: yum install -y awscli
tags: aws-cli
Execution
ansible-playbook playbook.yml -i aws_ec2.yml
Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.
Output:
Download the new Ansible AWS Session Manager Plugin today.
This post is contributed by Pat Sharkey, Gaurav Ashtikar, and HanumanthaRao MVL
Subscribe to our blog