https://blog.yrhsk.work/tags/ansible/ Recent content in Ansible on 🛠️ blog.yrhsk.work Hugo -- 0.147.7 en-us Mon, 27 Apr 2026 12:04:31 +0300 https://blog.yrhsk.work/posts/ansible-connection-via-aws-ssm/ Mon, 27 Apr 2026 12:04:31 +0300 https://blog.yrhsk.work/posts/ansible-connection-via-aws-ssm/ <p>I really like using <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html">AWS SSM Session Manager</a> for EC2 instances management whenever it&rsquo;s possible, and recently faced a case where the requirement was to use Ansible for configuration management of EC2 instances, but without opening SSH access to them. That sounded like a good use case for SSM Session Manager, but I had to do some research to figure out how to make it work with Ansible.</p> <p>I ended up using two approaches - one with a static inventory for a single instance, and another with dynamic discovery for a fleet of instances. Both are based on the <a href="https://docs.ansible.com/ansible/latest/collections/community/aws/aws_ssm_connection.html"><code>community.aws.aws_ssm</code></a> connection plugin, which uses SSM Session Manager under the hood to connect to the target instances without SSH. The main difference is how the inventory is built - either hardcoded with instance IDs or dynamically discovered via EC2 API queries.</p>