Using Ansible with Amazon Web Services – How to properly configure Ansible to connect to Amazon Web Services

Managing AWS resources that scale up and down runs into the limits of the static inventory host file, that’s why we need something dynamic. And that’s what the dynamic inventories are for. Let’s start:

Download these ec2.ini and ec2.py files to the your project folder:

cd my_ansible_project 
wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py    
wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.ini

Once done, make the ec2.py file executable:

chmod +x ec2.py

Now, export your AWS Secret and Access key as environnment variables:

export AWS_ACCESS_KEY_ID='ABCDEFGHIJKLM'
export AWS_SECRET_ACCESS_KEY='NOPQRSTUVWXYZ'

To use the ec2.py script we need the Python AWS SDK, boto so you need to install it:

sudo pip install boto

To test if everything is good, try executing the ec2.py by listing your resources:

./ec2.py --list

you should see something similar to:

{
  "_meta": {
    "hostvars": {}
  }
}

Now we want to use the dynamic inventory along with our static hosts file. First, create a folder called inventory, add ec2.py, ec2.ini and our hosts file to it then tell Ansible to use that folder as an inventory file:

mkdir inventory 
mv ec2.py inventory/ec2.py
mv ec2.ini inventory/ec2.ini
mv hosts inventory/hosts

Next we should define project level configuration for Ansible by creating an Ansible config file in your project folder called ansible.cfg and adding this:

[defaults]
hostfile = inventory
[ssh_connection]
pipelining = False
ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no

Next we need to configure Ansible to use an SSH key to authenticate access to our EC2 instances. Using an SSH agent is the best way to authenticate with resources, as this makes it easier to manage keys:

ssh-agent bash 
ssh-add ~/.ssh/keypair.pem  

That’s it! If you followed this, you can test it by using the ping module and then, you will see your running instances that have been configured to use your key responding with pong:

ansible -m ping all
11.22.33.44 | success >> {
    "changed": false, 
    "ping": "pong"
}

if you want to reproduce, please indicate the source:
Using Ansible with Amazon Web Services – How to properly configure Ansible to connect to Amazon Web Services - CodeDay