What’s New: Cloud Automation with amazon.aws 7.0.0

When it comes to Amazon Web Services (AWS) infrastructure automation, the latest release of the certified amazon.aws Ansible Content Collection for Red Hat Ansible Automation Platform brings a number of enhancements to improve the overall user experience and speed up the process from development to production.

This blog post goes through changes and highlights what’s new in the 7.0.0 release of this Ansible Content Collection. We have included numerous features, plugins, bug fixes, and code quality improvements that further enhance the amazon.aws collection. Let’s go through some of them! 

Looking to get started with Ansible for Amazon Web Services?   Check out the Amazon Web Services Guide Try out the hands-on Interactive Labs Read the e-book: Using automation to get the most from your public cloud

 

Forward-looking Changes

Much of our work in the 7.0.0 release has been focused on the following areas:

• Enhancing several modules from the upstream community.
• Promoting modules to being formally supported by Red Hat.
• Improving the overall quality of the collection code.
• Releasing various new enhancements and clarifying support policies.

 

New Modules

This release brings with it a number of new supported modules that have been promoted from community support to Red Hat support. The following table highlights the functionality covered by these new modules supported by Red Hat:

Module	Description
aws_region_info	Gather information about AWS regions.
s3_bucket_info	Lists S3 buckets and details about those buckets.
iam_access_key	Manage AWS IAM User access keys.
iam_access_key_info	Gather information about AWS IAM User access keys.
iam_group	Manage AWS IAM groups.
iam_managed_policy	Manage User Managed IAM policies.
iam_mfa_device_info	List the MFA (Multi-Factor Authentication) devices registered for a user.
iam_password_policy	Update an IAM Password Policy.
iam_role	Manage AWS IAM roles.
iam_role_info	Gather information on IAM roles.
sts_assume_role	Assume a role using AWS Security Token Service and obtain temporary credentials.

In addition to the newly promoted modules, three more new modules have been added to the collection.

Module	Description
ec2_import_image	Manage AWS EC2 import image tasks.
ec2_import_image_info	Gather information about importing virtual machine tasks.
rds_global_cluster_info	Obtain information about Aurora global database clusters.

In an upcoming blog post, we will showcase practical use case scenarios leveraging these newly supported modules. Stay tuned for some insightful tips!

 

New Features Highlights

This release brings several new features. Let’s take a look! 

amazon.aws.ec2_instance

The amazon.aws.ec2_instance module now supports setting placement and license_specifications. The placement and license_specifications options in AWS EC2 instances allow you to control where and how your instances are launched (e.g.,  in a particular availability zone and adhering to a dedicated tenancy), as well as how licensing is handled for software that requires specific licensing agreements. The following Ansible task shows how to achieve it.

 - name: Start an EC2 instance with placement and license specifications
   amazon.aws.ec2_instance:
     name: "{{ instance_name }}"
     key_name: "{{ ssh_key }}"
     vpc_subnet_id: "{{ vpc_id }}"
     instance_type: "{{ instance_type }}"
     security_group: "{{ security_group }}"
     placement:
       availability_zone: us-east-1a
       tenancy: dedicated
     license_specifications:
       - license_configuration_arn: "{{ license_configuration_arn }}"
     image_id: "{{ ami_id }}"

amazon.aws.ec2_instance_info

The amazon.aws.ec2_instance_info module enables you to describe specific attributes of an EC2 instance by setting include_attributes option. This can be useful when you want to retrieve detailed information about an EC2 instance for specific attributes without fetching all the instance details. For example, you can extract specific details such as the instance’s kernel, userData, ramdisk, and instanceType, as shown below.

 - name: Gather information about an EC2 instance using some specific attributes
   amazon.aws.ec2_instance_info:
     filters:
       "tag:Name": "{{ instance_name }}"
     include_attributes:
       - instanceType
       - kernel
       - ramdisk
       - userData

amazon.aws.ec2_vpc_igw

This release introduces the ability to remove an internet gateway that is not attached to a VPC. To remove an internet gateway, you can provide the ID of the internet gateway or the ID of the attached VPC. It is also possible to supply both IDs and, in this case, if the ID of the attached VPC does not match the user-supplied VPC ID, an error is generated.

 - name: Delete internet gateway using internet_gateway_id
   amazon.aws.ec2_vpc_igw:
     state: absent
     internet_gateway_id: "{{ gateway_id }}"

It is now possible to create an Internet gateway even without attaching it to a VPC, as shown below.

 - name: Create a detached internet gateway
   amazon.aws.ec2_vpc_igw:
     state: present

amazon.aws.rds_cluster

You might want to automate the management of an RDS cluster’s state (start and stop) and also remove the cluster from a global database, if it is part of one. The amazon.aws.rds_cluster module now enables you to stop an RDS cluster by using state: stopped and then remove from a global db by setting remove_from_global_db: true. The following tasks exemplify how to achieve this.

 - name: Stop RDS cluster
   amazon.aws.rds_cluster:
     cluster_id: '{{ cluster_id }}'
     state: stopped

 - name: Remove a cluster from global DB
   amazon.aws.rds_cluster:
     db_cluster_identifier: '{{ cluster_id }}'
     global_cluster_identifier: '{{ global_cluster_id }}'
     remove_from_global_db: true

amazon.aws.route53_health_check

The amazon.aws.route53_health_check module allows you to create and manage Route 53 health checks in AWS. You might want to create a Route 53 calculated health check that depends on the health status of multiple child health checks. The  amazon.aws.route53_health_check module now supports the calculated health check (by setting type: CALCULATED) to represent the overall health of a complex service that relies on multiple components or endpoints. The calculated health check must consider all child health checks (supplied using child_health_checks) and trigger an alert when a certain threshold of child health checks is unhealthy. This is useful for monitoring complex services and systems that rely on multiple components.

 - name: Create a Route 53 Child Health Check
   amazon.aws.route53_health_check:
     name: "{{ health_check_1 }}"
     resource_path: '{{ resource_path_1 }}'
     resource_ip: "{{ ip_1 }}"
     port: '{{ port }}'
     type: '{{ type_http }}'
     failure_threshold: 3
     use_unique_names: true
   register: __result_child_health_check1

 - name: Create Another Route 53 Child Health Check
   amazon.aws.route53_health_check:
     name: "{{ health_check_2 }}"
     resource_path: '{{ resource_path }}'
     resource_ip: "{{ ip_1 }}"
     port: '{{ port }}'
     type: '{{ type_http }}'
     failure_threshold: 3
     use_unique_names: true
   register: __result_child_health_check2

 - name: Create a Route 53 Calculated Health Check
   amazon.aws.route53_health_check:
     health_check_name: "{{ health_check_name }}"
     use_unique_names: true
     type: CALCULATED
     health_threshold: 2
     child_health_checks:
       - '{{ __result_child_health_check1.health_check.id }}'
       - "{{ __result_child_health_check2.health_check.id }}"

 

New boto3/botocore Versioning

The amazon.aws Collection has dropped support for botocore<1.29.0 and boto3<1.26.0. Most modules will continue to work with older versions of the AWS Software Development Kit (SDK), however, compatibility with older versions of the AWS SDK is not guaranteed and will not be tested. When using older versions of the AWS SDK, Ansible Automation Platform will display a warning. Check out the module documentation for the minimum required version for each module. 

 

New Python Support Policy

On July 30, 2022, AWS announced that the AWS Command Line Interface (AWS CLI) v1 and AWS SDK for Python (boto3 and botocore), will no longer support Python 3.7. To continue to support Red Hat customers with secure and maintainable tools, we aligned with this situation and deprecated support for Python versions lower than 3.7 in the previous 6.0 release of this collection. However, support for Python versions below 3.7 in this collection has been removed in this release. Also, support for Python versions lower than 3.8 is expected to be removed in a release after 2024-12-01, based on currently available schedules. 

 

Deprecated Features

This collection release also introduces some deprecations. The amazon.aws.ec2_instance module has undergone several deprecations. Specifically, passing tenancy  and placement_group has been deprecated in favor of  placement. The support will be removed in a release after 2025-12-01.

 

Changes for Developers

If you are an active contributor to the amazon.aws collection or are willing to become one, the following changes may be of interest to you:

Removed Features

distutils has been deprecated and will be removed from Python’s stdlib in Python 3.12 (see https://python.org/dev/peps/pep-0632) later this year. In preparation, we vendored a copy of distutils.version and we dropped this vendored copy to change from distutils.version.LooseVersion to packaging.version.Version.

Code quality improvement

In the previous 6.0 release of this collection, we started an initiative to improve the overall code quality. Because improving code quality is a continuous process that requires ongoing effort and attention, we continued this initiative by adopting isort and  flynt.

isort is a Python utility that helps  maintain consistency and readability by organizing and sorting  import statements in the Python code.

flynt is a Python code refactoring tool that converts old-fashioned Python string formatting expressions to modern f-strings. The f-strings provide a more concise and readable way to embed expressions into strings.

Both isort and flynt are valuable tools for improving code quality and style. 

Improving code quality is a continuous process that is ongoing and will be reflected in future releases. Stay tuned!

 

Where to go next

•  Red Hat Summit and AnsibleFest 2023 – if you missed out on this event, check out sessions available online and make sure to register for AnsibleFest 2024!
• Self-paced exercises – We have interactive, in-browser exercises to learn and dive into Ansible Automation Platform.
• Trial subscription – Are you ready to install Ansible Automation Platform? Get your own trial subscription for unlimited access to all the components of Ansible Automation Platform.