🚀 Seamless AWS Automation: Terraform Cloud, Ansible, GitHub, and Session Manager in Action 🚀
- Rom Irinco
- Jul 5
- 2 min read
Just wrapped up a deployment where Terraform Cloud, Ansible, and GitHub come together to automate AWS infrastructure and configuration management—while using AWS Session Manager for secure, keyless access and Ansible’s dynamic inventory for effortless scaling.
How the Stack Works Together
Component | Role | Cool Factor |
GitHub | Stores all code, triggers automation | Version control & collaboration |
Terraform Cloud | Provisions AWS resources, manages state, and enforces policies and governance | Automated, secure, and scalable |
Ansible | Configures EC2s using dynamic inventory and SSM connection | Zero-touch, agentless management |
AWS SSM | Connects to EC2s securely (no SSH) | No open ports, no storing of private keys, full audit trail |
Dynamic Inventory | Auto-discovers EC2s for Ansible | Always up-to-date targeting |
Workflow Overview
Push to GitHub: All Terraform and Ansible code lives in GitHub. Pushing changes from your local IDE to GitHub triggers Terraform Cloud workflows.
Terraform Cloud Automation: Terraform Cloud detects the change, runs plan and apply, and provisions AWS infrastructure—EC2s, VPCs, security groups and others.
Remote State & Collaboration: State is managed and locked in Terraform Cloud, so teams can safely collaborate without stepping on each other’s toes.
Ansible Dynamic Inventory: Once resources are up, Ansible’s AWS EC2 plugin dynamically discovers all EC2 instances—no static host files required.
Secure Configuration via SSM: Ansible connects to EC2s through AWS Session Manager, eliminating SSH keys and open ports for a more secure setup.
Scale Effortlessly: Add or remove EC2s—Terraform Cloud provisions, Ansible configures, and inventory updates automatically.
Key Advantages
Security: No SSH keys or open ports; all access is logged via AWS SSM.
Scalability: Infrastructure and configuration scale together, with dynamic inventory and automated Terraform runs.
Collaboration: GitHub and Terraform Cloud enable team workflows, peer reviews, and policy enforcement.
Auditability: Every change, connection, and deployment is tracked and auditable.
Ansible Inventory & Connection
# /etc/ansible/ansible.cfg
[inventory]
enable_plugins = aws_ec2
[defaults]
# Point to the directory where your dynamic inventory file will be
inventory = /etc/ansible/inventory/
# Default remote_user for SSM connections (can be overridden per host/group)
remote_user = ssm-user
# Optional: If you want to explicitly define the connection type here
ansible_connection = amazon.aws.aws_ssm
In Practice
With this stack, you get a robust, automated, and secure AWS environment—from infrastructure provisioning in Terraform Cloud, to dynamic configuration with Ansible, to secure, keyless access via AWS Session Manager. No more manual steps, no more static inventories, and no more SSH headaches—just push, provision, and configure at scale.
Need Help?
If you’re looking to modernize your AWS automation or want to know more about setting up this stack, reach out if you need some help! I’m always happy to share insights, answer questions, or guide you through your own automation journey.
Happy automating! 🚀
Comments