Step-by-Step Guide to Integrate Ansible Dynamic Inventory Plugin for AWS EC2 Instances

TABLE OF CONTENT

1. Overview

2. Why Ansible Dynamic Inventory?

3. Step-by-Step Guide

4. Method 1: [Attach Role with EC2 permission]

5. Method 2: [AWS Credentials]

6. Final Takeaway

7. About CloudThat

Overview

This blog will talk about how we configure Ansible to get inventory hosts from Amazon Web Services dynamically using the aws_ec2 plugin.

Ansible is an open-source intelligent automation tool. It is used to automate configuration, provisioning, application deployment, management, and many other manual IT processes. The ansible intelligence is on its configuration management capabilities.

Why Ansible Dynamic Inventory?

With the rapidly scaling cloud environment, it’s difficult to maintain target instances just by using static inventory. Hence Ansible community came up with the concept of dynamic inventory.

We can set up dynamic inventory in two different ways:

inventory scripts
inventory plugin (recommended)

We will be using the EC2 plugin as it’s more up-to-date and easier to set up and manage.

Step-by-Step Guide

Let us start working with the ec2 dynamic inventory

Install the aws_ec2 ansible plugin and its dependencies (boto3 and botocore)
Now a days aws_ec2 ansible plugin is by default included in the ansible.
Let’s install the dependencies boto3 and botocore.
$ pip3 install boto3 botocore
Note: Check the Below link for more information about the dynamic inventory
Setup ansible.cfg file
Create inventory aws_ec2.yml file

plugin: aws_ec2
regions:
  - "ap-southeast-1"
keyed_groups:
  - key: tags.Name
filters:
  instance-state-name : running
compose:
  ansible_host: public_ip_address

plugin: aws_ec2

regions:

- "ap-southeast-1"

keyed_groups:

- key: tags.Name

filters:

instance-state-name : running

compose:

ansible_host: public_ip_address

Add the above code to the file we’ll be using this access the inventory information.

To use this plugin, we need credentials to access other instances. We can do this in two ways.

Attach Role (aws_profile) [Recommended]
AWS Credentials (aws_access_key, aws_secret_key)

Method 1: [Attach Role with EC2 permission]

Go to –> Action – Security – Modify IAM (Identity and Access Management) role

Create And Attach role with EC2 permission

Click on Update IAM role and now your ansible have credentials to access the instances information

$ ansible-inventory -i aws_ec2.yml --list

1	$ ansible-inventory -i aws_ec2.yml --list

Method 2: [AWS Credentials]

$ aws configure

1	$ aws configure

Pass your AWS credentials.

$ ansible-inventory -I aws_ec2.yml --list

1	$ ansible-inventory -I aws_ec2.yml --list

Currently, in my AWS Console only one instance is running, let’s launch a few more instances and check the result.

Dynamic Inventory is a working file in this we can see under all we have multiple children these are nothing but tags you are passing to the instances with aws_ec2 for plugin and ungrouped is by-default children.

To see the graph view for ansible inventory, use this command

$ ansible-inventory -I aws_ec2.yml --graph

1	$ ansible-inventory -I aws_ec2.yml --graph

Let’s connect the inventory with an ansible configuration file.

Open ansible.cfg file and add inventory=<location_of_inventory_file>

In my case, config file and dynamic inventory file are in the same location. Hence in the ansible.cfg file I have added inventory=aws_ec2.yml.

Let’s check whether inventory connects to the configuration file

$ ansible all –list-hosts

1	$ ansible all –list-hosts

The above command lists all the hosts available in the inventory

We can even use tags to list the hosts

$ ansible <tag_name> --list-hosts

1	$ ansible <tag_name> --list-hosts

As we can use all the results from the tag_name Webserver.

Let’s configure the web server on Ansible_TargetNode Diagram

As above it is visible that I have a private key file name key.pem which helps me to login into the target node as well as configure the web server on the target node.

Webserver.yml is a playbook where the instruction is defined.

The above file is ansible.cfg here the remote_user helps you to connect with the target with this username and private_key_file helps to authenticate the user.

The challenge is to configure the webserver we need root permissions and ec2_user is not a root user hence we are using privilege escalation to use Sudo. Hence with this, we can configure the web server in the target node.

The above file is webserver.yml. Used to decide where to run this playbook at the top. We it’s visible in the screen shot we are running this playbook on Ansible_TargetNode.

In the Task part, all the instructions are written like installing the Apache webserver to starting the Apache service.

Now let’s run the playbook.

$ ansible-playbook webserver.yml

1	$ ansible-playbook webserver.yml

Results of the above command.

In all the target node webserver is configured successfully.

Final Takeaway

We learned how to configure dynamic inventory for AWS instances. And how we can use tags to filter the results according to our requirements. Nowadays, dynamic inventory is widely used in many environments as it is automating the inventory. We can also use the dynamic inventory concept in any of the clouds like Azure, GCP, and even for DevOps tools like Docker and Kubernetes. We just need to know the right plugin.

About CloudThat

CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. Our blogs, webinars, and case studies enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding the Ansible tool or other consulting opportunities, and I will get back to you quickly. To get started, go through our Expertise Page which is CloudThat’s offerings.