Ansible AWS Session Manager Plugin Use Cases

  • September 28, 2020

Today we announced the arrival of the Ansible AWS Session Manager plugin, compatible with Ansible 2.10. The solution enables Ansible users to take advantage of the full power of AWS Session Manager with Ansible, tightening network access and eliminating key management. (For more details on the full solution, read today’s blog announcement.)

Consistent with existing Ansible usage, users need only to configure the inventory to use the new plugin. Two different scenarios where you may consider the new plugin include:

Using Static Inventory

When specifying the hostname in the inventory file, instead of providing the IP address or DNS name we need the instance-ids. We have three examples in this scenario.

  1. Stop the Windows Spooler Service
  2. Install the Nginx Package on Linux Instance(s)
  3. Create a Directory in Windows Instances

Note: All the examples use the same Hosts file.

Hosts File:

all:

  hosts:

    linux1:

      ansible_aws_ssm_instance_id: i-0f303b65c4dba14f8

    linux2:

      ansible_aws_ssm_instance_id: i-0fef0bd908610ff64

    windows1:

      ansible_aws_ssm_instance_id: i-0aca5f297c4e80a95

    windows2:

      ansible_aws_ssm_instance_id: i-0eafbc6c61ece7b30

  children:

    Shell:

      hosts:

        linux[1:2]:

    PowerShell:

      hosts:

        windows[1:2]:

Stop the Windows Spooler Service

win_service.yaml

—– name: Stop Windows Service

  hosts: PowerShell

  gather_facts: true

  vars:

    ansible_connection: aws_ssm

    ansible_shell_type: powershell

    ansible_aws_ssm_bucket_name: nameofthebucket

    ansible_aws_ssm_region: us-east-1

  tasks:

    – name: Stop spooler service

      win_service:

        name: spooler

        state: stopped

Execution:

ansible-playbook win_service.yaml -i allhosts.yml

By calling `PowerShell` hostgroup, the task will be executed in both defined Windows hosts defined.
Ansible Plugin Use Cases

Install the Nginx Package on Linux Instance(s)

linux.yaml

– name: Install a Nginx Package

hosts: Shell

  vars:

    ansible_connection: aws_ssm

    ansible_aws_ssm_bucket_name: nameofthebucket

    ansible_aws_ssm_region: us-west-2

  tasks:

    – name: Install a Nginx Package

      shell: sudo amazon-linux-extras install nginx1.12 -y

    args:

      executable: /bin/bash

    become_method: sudo

Execution:

Ansible-playbook linux.yaml -i ./allhosts.yml 

Output:

Ansible Playbook YAML

Create a Directory in Windows Instances

win_dir.yaml

– name: Create a directory in Windows Instance

  hosts: PowerShell

  vars:

    ansible_connection: aws_ssm

    ansible_shell_type: powershell

    ansible_aws_ssm_bucket_name: nameofthebucket

    ansible_aws_ssm_region: us-east-1

  tasks:

    – name: Create a Directory

      win_file:

        path: C:\Windows\Temp\

        state: directory

Execution:

ansible-playbook win_dir.yaml -i allhosts.yml

Output:

Create a Directory in Windows Instances

Using Dynamic Inventory

The AWS Dynamic Inventory plugin works without any changes. We were able to leverage existing support for choosing the hostname from any of the instance attributes. So, in addition to the changes shown above for specifying the connection plugin to use, we need to specify that the AWS dynamic inventory plugin will use the Instance ID as the inventory hostname. For this scenario, we have 2 examples:

Create a Directory on Windows Instances

Dynamic Inventory

plugin: aws_ec2

regions:

    – us-east-1

hostnames:

    – instance-id

filters:

    tag:SSMTag: ssmwindows

From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.

Playbook

–—

– name: Create a dir.

  hosts: all

  gather_facts: false

  vars:

    ansible_connection: aws_ssm

    ansible_shell_type: powershell

    ansible_aws_ssm_bucket_name: test-ssm-instances

    ansible_aws_ssm_region: us-east-1

  tasks:

    – name: Create the directory

      win_file:

        path: C:\Temp\SSM_Testing5

        state: directory

Execution

ansible-playbook win_file.yaml -i aws_ec2.yml

The Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.

Output:

Create a Directory on Windows Instances

Install AWS CLI on Linux Instances

Dynamic Inventory

plugin: aws_ec2

regions:

    – us-east-1

hostnames:

    – instance-id

filters:

    tag:SSMTag: ssmlinux

From the above dynamic inventory file, the instances IDs will be returned based on the tag filter.

Playbook



– name: install aws-cli

  hosts: all

  gather_facts: false

  vars:

    ansible_connection: aws_ssm

    ansible_aws_ssm_bucket_name: test-ssm-instances

    ansible_aws_ssm_region: us-east-1

  tasks:

  – name: aws-cli

    raw: yum install -y awscli

    tags: aws-cli

Execution

ansible-playbook playbook.yml -i aws_ec2.yml

Dynamic Inventory plugin will fetch the instance-ids matching with the tag filter and the tasks in the playbook will be executed on the returned instances using SSM plugin.

Output:

Install AWS CLI on Linux Instances

Download the new Ansible AWS Session Manager Plugin today.

This post is contributed by Pat Sharkey, Gaurav Ashtikar, and HanumanthaRao MVL

Subscribe to our blog

ribbon-logo-dark
HanumanthaRao MVL

is an NTT DATA DevOps Engineer, Certified Kubernetes Application Developer (CKAD), AWS Certified Solutions Architect – Associate and RedHat certified Specialist in Ansible Automation. His expertise lies in implementing CI/CD, Agile methodologies, Build, Release and Deployment automation, designing, architecting, provisioning and administration of cloud infrastructure.

Related Blog Posts

Also of Interest: