Skip to main content
Ansible Configuration
CHAPTER 13

Cloud Automation with Ansible

Updated: May 15, 2026
30 min read

# CHAPTER 13

Cloud Automation with Ansible

1. Introduction

We have spent this course assuming our servers already exist. We wrote inventories containing IP addresses and used Ansible to configure the software running on those IPs. But what if the IP address doesn't exist yet? What if we need to build the actual hardware? While tools like Terraform are the undisputed kings of Infrastructure Provisioning, Ansible possesses robust modules to communicate directly with Cloud APIs (AWS, Azure, GCP). In this chapter, we will expand Ansible's role from purely Configuration Management to Cloud Provisioning, allowing us to build the server and configure it in a single fluid motion.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Understand the difference between Infrastructure Provisioning and Configuration Management.
  • Configure Ansible to authenticate with Cloud Provider APIs (specifically AWS).
  • Utilize the amazon.aws collection to provision cloud resources.
  • Create an EC2 virtual machine and a Security Group using Ansible.
  • Understand the integration of dynamic inventories with cloud provisioning.

3. Beginner-Friendly Explanation

Imagine opening a new restaurant.
  • Provisioning (Building the Hardware): You hire construction workers to build the walls, run the plumbing, and install the ovens. (Creating the EC2 server and Firewalls in the cloud).
  • Configuration (Setting up the Software): You hire a chef to organize the kitchen, design the menu, and start cooking. (Installing Nginx and your application code).

Usually, Terraform is the construction worker, and Ansible is the chef. However, Ansible is powerful enough that you can give the chef a hammer and tell them to build the kitchen themselves before they start cooking.

4. Setting up the AWS Environment

To command the cloud, Ansible needs the official AWS collection and the boto3 Python library (the official AWS SDK for Python).

*On your Control Node:*

bash
12 
pip install boto3
ansible-galaxy collection install amazon.aws

Authentication: Ansible relies on your environment variables. Never hardcode AWS keys in your playbook.

bash
12 
export AWS_ACCESS_KEY_ID="your_access_key"
export AWS_SECRET_ACCESS_KEY="your_secret_key"

5. Provisioning Cloud Infrastructure

Let's look at the Ansible tasks required to build an AWS Security Group (Firewall) and an EC2 Instance (Server).
yaml
12345678910111213141516171819202122232425262728 
---
- name: Provision Cloud Infrastructure
  hosts: localhost # We run this on the control node to talk to the AWS API
  gather_facts: no
  
  tasks:
    # 1. Build the Firewall
    - name: Create Web Security Group
      amazon.aws.ec2_security_group:
        name: web_sg
        description: Allow HTTP traffic
        region: us-east-1
        rules:
          - proto: tcp
            ports: 80
            cidr_ip: 0.0.0.0/0
            
    # 2. Build the Server
    - name: Launch an EC2 Instance
      amazon.aws.ec2_instance:
        name: "My-Ansible-Web-Server"
        key_name: "my_ssh_key"
        instance_type: t2.micro
        security_group: web_sg
        region: us-east-1
        # The Amazon Linux 2 OS Image ID
        image_id: ami-0c02fb55956c7d316 
        wait: yes # Wait for the server to fully boot before finishing the task

6. Mini Project: The Ultimate End-to-End Workflow

The holy grail of automation is building the server, grabbing its dynamically generated IP address, and immediately configuring it. We use the add_host module to do this.

Step-by-Step Architecture Concept:

yaml
123456789101112131415161718192021222324252627282930313233343536373839 
---
# PLAY 1: Build the Hardware
- name: Provision the EC2 Server
  hosts: localhost
  tasks:
    - name: Launch EC2 Instance
      amazon.aws.ec2_instance:
        name: "Dynamic-Web"
        instance_type: t2.micro
        image_id: ami-xyz
        wait: yes
      # Save the AWS response (which contains the new IP address) to a variable
      register: ec2_data

    # Magically add the brand new IP address to our in-memory inventory!
    - name: Add new instance to temporary host group
      add_host:
        # Extract the public IP from the JSON response
        hostname: "{{ ec2_data.instances[0].public_ip_address }}"
        groupname: new_cloud_servers

# PLAY 2: Configure the Software
# Target the group we JUST created in Play 1!
- name: Configure the New Server
  hosts: new_cloud_servers 
  become: yes
  # Wait for SSH to become available before attempting to log in
  gather_facts: no 
  
  tasks:
    - name: Wait for SSH to come up
      wait_for_connection:
        delay: 10
        timeout: 300
        
    - name: Install Apache
      yum:
        name: httpd
        state: present

*You run this playbook once. Ansible talks to AWS, builds a server, waits for it to turn on, logs into it via SSH, and installs the web server. Complete end-to-end automation.*

7. Real-World Scenarios

A testing team needed a disposable environment to run load tests every Friday. Initially, an administrator manually clicked through the AWS console to build 10 servers, ran an Ansible playbook to configure them, and then manually deleted them on Monday. The team refactored the workflow using Ansible's AWS modules. A single playbook executed on Friday morning: it provisioned the EC2 instances, dynamically added them to the inventory, and configured the application stack. A second "Teardown" playbook ran on Monday morning, using state: absent to perfectly terminate the test environment, saving the company hundreds of dollars in idle compute costs.

8. Best Practices

  • Ansible vs Terraform: While the end-to-end workflow is cool, it is generally considered an anti-pattern for large production environments. Terraform is a "Declarative State Machine" designed specifically for hardware. Ansible is a "Procedural Task Runner" designed for software. The enterprise best practice is to use Terraform to build the AWS infrastructure, and use Terraform's local-exec provisioner to automatically trigger Ansible to configure the newly built servers. Use the best tool for the job.

9. Security Recommendations

  • IAM Instance Profiles: If you are running an Ansible Control Node on an EC2 instance in AWS, you do NOT need to use Access Keys or Secret Keys. You can assign an "IAM Instance Profile" to the Control Node. Ansible will automatically adopt the permissions of the underlying server, eliminating the need to manage vulnerable, long-lived API keys.

10. Troubleshooting Tips

  • Boto3 Version Errors: The AWS API changes constantly. If your ec2instance module fails with a strange Python error, it almost always means your boto3 and botocore libraries are outdated. Run pip install --upgrade boto3 botocore on your Control Node to fix it.

11. Exercises

  1. 1. Explain the operational function of the addhost module in a cloud provisioning workflow.
  1. 2. Why do we set hosts: localhost when using modules like ec2instance or ec2securitygroup?

12. FAQs

Q: Does Ansible support Azure and GCP? A: Yes. You simply install the azure.azcollection or google.cloud collections. The methodology is identical; only the module names (e.g., azurermvirtualmachine) and authentication mechanisms change.

13. Interview Questions

  • Q: Compare and contrast the operational paradigms of using Ansible versus Terraform for cloud infrastructure provisioning. In what scenario would utilizing Ansible's ec2instance module be appropriate?
  • Q: Describe the end-to-end automation workflow required to provision a cloud instance and immediately configure it within a single Ansible playbook run. Highlight the critical modules (register, addhost, waitfor_connection) required to bridge the gap between hardware creation and SSH availability.

14. Summary

In Chapter 13, we shattered the boundaries of Configuration Management, proving that Ansible is fully capable of commanding Cloud Provider APIs. We successfully orchestrated the provisioning of foundational AWS infrastructure—Security Groups and EC2 Instances—utilizing the amazon.aws collection. We mastered the holy grail of seamless automation: dynamically registering newly minted cloud IPs into temporary, in-memory host groups, waiting for boot cycles to complete, and instantly initiating software configuration. This end-to-end workflow demonstrates Ansible's vast power as a comprehensive IT automation engine.

15. Next Chapter Recommendation

Our automation is incredible, but it still requires a human to press "Enter" on their laptop. True DevOps requires removing the human entirely. Proceed to Chapter 14: CI/CD Integration with Ansible.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Ansible and Kubernetes
Next Chapter CI/CD Integration with Ansible

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5