Skip to content
Related Articles

Related Articles

AWX – Automate AWS services

Improve Article
Save Article
  • Last Updated : 15 Sep, 2021
Improve Article
Save Article

In this article, we will look into the process of Automating AWS services using the AWX, a VM provided by Ansible Tower. Ansible Tower is a simple IT automation engine that automates cloud provisioning, configuration, deployment, and orchestration.  AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is the upstream project for Ansible Tower.


  • Install AWX.
  • You must have an AWS free tier account, a user in IAM services having enough permissions to create a VPC, Subnet, IGW, RouteTables, EC2 Instance, and also have an Access Key ID and Secret Access Key.
  • Also, create a key-pair (key) in the region where we want to launch these services. Since we are not using Elastic IP services so doing this job costs nothing.

Now follow the below steps to automate AWS services using AWX:

Step 1: Add a credential in the AWX dashboard.

Step 2:Create a new project directory (e.g. AWS) inside /var/lib/awx/projects/ on the host where AWX is running. In this example, AWX is running on Docker containers, managed using docker-compose. Therefore, create this directory on the same host where the AWX is running

[root@localhost ~]# mkdir /var/lib/awx/projects/AWS

Step 3: Create a new playbook inside the project we had created earlier. (e.g. AWS)

[root@localhost ~]# cat << EOF >> /var/lib/awx/projects/AWS/playbook.yml

- name: "Run the playbook for AWS resources provisioning."
  hosts: localhost
    aws_region: us-east-1
    - name: "Create VPC with cidr block"
        name: "awx_vpc"
        region: "{{ aws_region }}"
          module: ec2_vpc_net
          this: works
        tenancy: default
      register: awx_vpc
    - name: "Create Internet Gateway and Associate it with above VPC"
        vpc_id: "{{ }}"
        region: "{{ aws_region }}"
        state: present
      register: awx_igw

    - name: "Create a subnet in the above VPC"
        state: present
        vpc_id: "{{ }}"
        region: "{{ aws_region }}"
          Name: "EC2 Instance Subnet"
      register: awx_subnet

    - name: "Create Route Table for the public Subnet"
        vpc_id: "{{ }}"
        region: "{{ aws_region }}"
          Name: Public
          - "{{ }}"
          - dest:
            gateway_id: "{{ awx_igw.gateway_id }}"
      register: awx_public_route_table

    - name: "Create Security Group rules for EC2 Instance"
        name: awx_sg
        description: "sg for allowing ssh connections"
        vpc_id: "{{ }}"
        region: "{{ aws_region }}"
          - proto: tcp
              - 22
            rule_desc: allow all connections on port 22

    - name: "Provisioning of a RHEL8 EC2 Instance"
        region: "{{ aws_region }}"
        key_name: aws-awk-key-us-east-1
        instance_type: t2.micro
        image: ami-098f16afa9edf40be
        wait: yes
        group: awx_sg
        count: 1
        vpc_subnet_id: "{{ }}"
        assign_public_ip: yes
      register: awx_instance

    - name: "Debug task to show the public IP of RHEL8 EC2 Instance"
        msg: "Public IP of the RHEL8 Instance is {{ awx_instance.instances[0].public_ip }}"

All the modules that are used in the above playbook have documentation available. Modules used in the above playbook:

  • ec2_vpc_net
  • ec2_vpc_igw
  • ec2_vpc_subnet
  • ec2_vpc_route_table
  • ec2_vpc_route_table
  • ec2_group, ec2

Step 4: Create a new project “AWS” from the AWX dashboard.

Step 5: Create a new template.

Step 6: Start a job using this template.

On running this job in the Debug ( verbosity ), so check the output whether it is failed or succeeded. If failed then run the failed job again. The last debug message we have used to display the public IP that is assigned to the EC2 instance.

Final verification, go to AWS Console, and the region where you had launched the ec2 instance and check if the instance is running or not.

Step 7: We can also take the help of AWS Dynamic Inventories to see the IP of newly created hosts in the AWS region we had chosen earlier. First, we have to add an inventory in the AWX.

After creating the inventory, go to the SOURCES option and Create a new SOURCE. Here we require our AWS region and the credentials that we had used to launch the ec2 instances.

Now sync from the SOURCE that we had created in the above step.

As the sync process gets completed, we can discover the new hosts in the host’s section of the inventory.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!