Ansible AWS Session Manager Plugin Use Cases

Ansible AWS Session Manager Plugin Use Cases

Today we announced the arrival of the Ansible AWS Session Manager plugin, compatible with Ansible 2.10. The solution enables Ansible users to take advantage of the full power of AWS Session Manager with Ansible, tightening network access and eliminating key management. (For more details on the full solution, read today’s blog announcement.)

Consistent with existing Ansible usage, users need only to configure the inventory to use the new plugin. Two different scenarios where you may consider the new plugin include:

• Using Static Inventory 
• Using Dynamic Inventory

Using Static Inventory

When specifying the hostname in the inventory file, instead of providing the IP address or DNS name we need the instance-ids. We have three examples in this scenario.

1. Stop the Windows Spooler Service
2. Install the Nginx Package on Linux Instance(s)
3. Create a Directory in Windows Instances

Note: All the examples use the same Hosts file.

Hosts File:

all:   hosts:     linux1:       ansible_aws_ssm_instance_id: i-0f303b65c4dba14f8     linux2:       ansible_aws_ssm_instance_id: i-0fef0bd908610ff64     windows1:       ansible_aws_ssm_instance_id: i-0aca5f297c4e80a95     windows2:       ansible_aws_ssm_instance_id: i-0eafbc6c61ece7b30   children:     Shell:       hosts:         linux[1:2]:     PowerShell:       hosts:         windows[1:2]:

Stop the Windows Spooler Service

win_service.yaml

—– name: Stop Windows Service   hosts: PowerShell   gather_facts: true   vars:     ansible_connection: aws_ssm     ansible_shell_type: powershell     ansible_aws_ssm_bucket_name: nameofthebucket     ansible_aws_ssm_region: us-east-1   tasks:     – name: Stop spooler service       win_service:         name: spooler         state: stopped

Execution:

ansible-playbook win_service.yaml -i allhosts.yml

By calling `PowerShell` hostgroup, the task will be executed in both defined Windows hosts defined.

Install the Nginx Package on Linux Instance(s)

linux.yaml

– name: Install a Nginx Package hosts: Shell   vars:     ansible_connection: aws_ssm     ansible_aws_ssm_bucket_name: nameofthebucket     ansible_aws_ssm_region: us-west-2   tasks:     – name: Install a Nginx Package       shell: sudo amazon-linux-extras install nginx1.12 -y     args:       executable: /bin/bash     become_method: sudo

Execution:

Ansible-playbook linux.yaml -i ./allhosts.yml 

Output:

Create a Directory in Windows Instances

win_dir.yaml

– name: Create a directory in Windows Instance   hosts: PowerShell   vars:     ansible_connection: aws_ssm     ansible_shell_type: powershell     ansible_aws_ssm_bucket_name: nameofthebucket     ansible_aws_ssm_region: us-east-1   tasks:     – name: Create a Directory       win_file:         path: C:\Windows\Temp\         state: directory

Execution:

ansible-playbook win_dir.yaml -i allhosts.yml

Output:

Using Dynamic Inventory

The AWS Dynamic Inventory plugin works without any changes. We were able to leverage existing support for choosing the hostname from any of the instance attributes. So, in addition to the changes shown above for specifying the connection plugin to use, we need to specify that the AWS dynamic inventory plugin will use the Instance ID as the inventory hostname. For this scenario, we have 2 examples:

1. Create a Directory on Windows Instances
2. Install AWS CLI on Linux Instances

Create a Directory on Windows Instances 

Dynamic Inventory

plugin: aws_ec2 regions:     – us-east-1 hostnames:     – instance-id filters:     tag:SSMTag: ssmwindows

From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.

Playbook

–— – name: Create a dir.   hosts: all   gather_facts: false   vars:     ansible_connection: aws_ssm     ansible_shell_type: powershell     ansible_aws_ssm_bucket_name: test-ssm-instances     ansible_aws_ssm_region: us-east-1   tasks:     – name: Create the directory       win_file:         path: C:\Temp\SSM_Testing5         state: directory

Execution

ansible-playbook win_file.yaml -i aws_ec2.yml

The Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.

Output

Install AWS CLI on Linux Instances 

Dynamic Inventory

plugin: aws_ec2 regions:     – us-east-1 hostnames:     – instance-id filters:     tag:SSMTag: ssmlinux

From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.

Playbook

— – name: install aws-cli   hosts: all   gather_facts: false   vars:     ansible_connection: aws_ssm     ansible_aws_ssm_bucket_name: test-ssm-instances     ansible_aws_ssm_region: us-east-1   tasks:   – name: aws-cli     raw: yum install -y awscli     tags: aws-cli

Execution

ansible-playbook playbook.yml -i aws_ec2.yml

Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.

Output

Download the new Ansible AWS Session Manager Plugin today.

This post is contributed by Pat Sharkey, Gaurav Ashtikar, and HanumanthaRao MVL