AWS Systems Manager lets you run Ansible Playbook on any number of servers(without Ansible Tower), without an SSH connection. We will see how to execute configuration management directives using Ansible on your instances using State Manager and Run Command, and the new AWS-RunAnsiblePlaybook
public document.
Follow this article in Youtube
-
- IAM Role - i.e
ManagedInstanceRole
- with managed permissions Get Help for setting up IAM RoleAmazonEC2RoleforSSM
- To allow Lambda to log events
- IAM Role - i.e
-
Lets use a RedHat 7.x Linux instances as our target instance.
- Assign the IAM Role created in the prerequisite
- Install SSM Agent
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm sudo systemctl enable amazon-ssm-agent sudo systemctl start amazon-ssm-agent sudo systemctl status amazon-ssm-agent
- Install Ansible in Redhat 7
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum -y install ansible
- Tag the instance
TagKey:OS TagValue:RedHat
-
- Choose
State Manager
from theSystem Manager Services
- Click on
Create Association
- Select the
AWS-RunAnsiblePlaybook
- For
Targets
Choose Specifying tags - Choose appropriate
schedule
. - In the Parameters Section, paste the playbook YAML directly.
- Define the max errors as
1
. This means that if the execution encounters 1error
it will stop on the remaining targets.
- Choose
-
Create an adhoc run using the
Run Command
manually, check the S3 Logs for execution results. -
- Load the playbook into CodeCommit and bring it under version control.
- or Use S3 version control for the playbook(s) to be stored.