Using-Ansible-with-Windows-Client-on-AWS

Ansible, a powerful IT automation tool, allows you to manage both Linux and Windows systems efficiently. In this guide, we’ll walk you through setting up Ansible to manage a Windows Client running on AWS EC2. From creating the Windows VM to running your first Ansible playbook, we’ll cover all the necessary steps. 

Key Features of Ansible 

  1. Agentless: Ansible operates without requiring any software to be installed on the client machines it manages, unlike many other automation tools. It uses SSH for Unix-based systems and WinRM (Windows Remote Management) for Windows systems. 
  2. Declarative Language: Ansible uses YAML to write playbooks, making it easy to read and write configurations. The declarative nature means you describe the desired state rather than how to achieve it. 
  3. Modules: Ansible has a vast array of modules, which are essentially scripts that Ansible runs to perform tasks like installing packages, managing files, or configuring services. 
  4. Idempotency: Ansible ensures that applying the same playbook multiple times will not alter the system’s state after the first application, provided the desired state is already achieved. 

Pre-requisite: 

  • Ansible needs to be installed on the control node. This can be done using various package managers like pip, apt, or yum, depending on your operating system. 
  • Ansible requires Python 3.8 or later. Python should be installed on the control node (the machine from which Ansible commands are run). 
  • Ensure that the control node has network access to the managed nodes. Firewalls, security groups, or network policies should allow SSH traffic between these nodes. 
  • An AWS account to create and manage EC2 instances. 

Step-by-Step Guide

Step 1: Create a Windows VM on AWS EC2

  • Launch an EC2 Instance: 
    1. Go to the AWS Management Console. 
    2. Select “Launch Instance.
    3. Choose a Windows Server AMI. 
    4. Select an instance type and configure instance details as needed. 
    5. Add storage and configure the security group 
    6. Review and launch the instance. 
  • Configure Security Group: 
    1. Ensure the security group allows inbound RDP access (port 3389) from your IP address. 
    2. Add an inbound rule for HTTPS (port 5986) to allow WinRM connections. 
Create a Windows VM on AWS EC2 ansible with windows client

Step 2: Configure RDP and WinRM on the Windows VM 

  • Connect to the Windows VM via RDP: 
    1. Extract the RDP password using the private key created during the instance setup. 
    2. Use Remote Desktop Connection to connect to the instance using the public IP and the extracted password. 
  • Allow HTTPS WinRM Connections: 
    1. Open “Windows Defender Firewall with Advanced Security.
    2. Create a new inbound rule allowing traffic on port 5986. 
Configure RDP and WinRM on the Windows VM
  • Set Up WinRM: 
    1. Open PowerShell as an administrator. 
    2. Create a self-signed certificate: 
      • New-SelfSignedCertificate -DnsName "<your-hostname>" -CertStoreLocation Cert:\LocalMachine\My 
      • Replace hostname with vm’s public IPv4 DNS 
           You can find this in Instance Summary 
Set Up WinRM:
  • Note the certificate thumbprint (e.g., C3A6A14B6C36B726843EAE474AC5ECC5C0EFA17E). 
  • Create an HTTPS listener: 
    • winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="<your-hostname>"; CertificateThumbprint="<thumbprint>"}'

Step 3: Configure Ansible to Manage the Windows VM

  • Install Ansible on Your Control Machine:
    1. Ensure you have Ansible installed. 
    2. Create the Inventory File: 
ansible with windows client
  • Create an Ansible Playbook: 
    • Create a playbook file named windows-playbook.yaml with the following details
ansible with windows client

Step 4: Run the Ansible Playbook 

  • Execute the Playbook: 
    • Run the following command to execute your playbook:
ansible with windows client

Conclusion 

By following these steps, you have successfully set up Ansible to manage a Windows Client of AWS EC2. This setup allows you to leverage Ansible’s powerful automation capabilities to manage your Windows infrastructure efficiently. Whether you’re gathering system information or performing more complex tasks, Ansible simplifies and streamlines your administrative tasks.