Chapter 1. Introduction

Ansible Automation Platform from AWS Marketplace is an offering that you can deploy from the AWS Marketplace portal. Ansible Automation Platform from AWS Marketplace provides access to a library of Ansible content collections, and it is integrated with key AWS services, so you can start automating the deployment, configuration, and management of infrastructure and applications quickly.

The following Red Hat Ansible Automation Platform components are available on Ansible Automation Platform from AWS Marketplace:

  • Automation controller
  • Ansible automation hub
  • Private automation hub
  • Ansible Content Collections
  • Automation execution environments
  • Ansible content tools, including access to Red Hat Insights for Red Hat Ansible Automation Platform
Note

Automation mesh is not available on Ansible Automation Platform from AWS Marketplace at this time.

1.1. Application architecture

Ansible Automation Platform from AWS Marketplace is installed into infrastructure resources running within your AWS account.

AWS existing deployment architecture

Ansible Automation Platform from AWS Marketplace is designed to be private, with no public access allowed by default.

This requires customers to expose the deployed internal Application Load Balancers (ALBs) themselves pursuant to their own network requirements and security practices. Some potential ways to expose the ALBs include VPC Peering, Transit Gateway, VPN, External Load Balancers, amongst others.

All cloud infrastructure components are deployed in a Virtual Private Cloud (VPC).

Customers can choose between deploying into an existing VPC, or have the product deploy a new VPC for them. All VM instances and Cloud infrastructure have private IP addresses (allocation determined by the VPC and subnetworks specified at deployment time) by default.

All internal traffic is encrypted using self-signed certificates generated at deployment time. External traffic can also be encrypted by deploying your own certificate on the Application Load Balancers deployed by the product.

The Ansible Automation Platform software runs as containers on the deployed VM instances.

Autoscaling Groups (ASG) manage VM instances and monitor the health of each service running on the VM instances. ASGs will automatically cycle the VM instances down and replace them with new VM instances if the health check fails to respond ensuring that the Ansible Automation Platform services stay up and available to process requests.

The VM instances run a customized RedHat Enterprise Linux (RHEL) Amazon Machine Image (AMI) as their base image. This AMI is preloaded with all the required container images and packages to run the Ansible Automation Platform (automation hub, automation controller, and Execution Node components).

A shared EFS (Elastic File Store) volume is mounted into each VM instance provisioned by the product and is used for shared access to common files and resources.

A Relational Database Service (RDS) is provisioned by the product at deployment time and contains databases for both the automation controller and automation hub.

AWS full deployment architecture

The Foundation product includes two Execution Nodes running on the same VM instances as the automation controller components (this is called a Hybrid Node configuration in Ansible Automation Platform). Additional Execution Node offerings can be purchased to increase the scale (total number of managed nodes) the Ansible Automation Platform deployment is licensed to automate. When deploying the Execution Node offerings into an existing Ansible Automation Platform Foundation deployment, additional Execution Node VM instances can be deployed and automatically connected to the automation controller of the Foundation deployment, where they immediately begin processing automation tasks.

The Ansible Automation Platform components are run as containers using the Podman container runtime on the VM instances. The Podman runtime configuration is managed as a system service using systemd to ensure uptime and availability, and restarting any failed containers automatically.

SELinux is enabled on the VM instances and is supported down to the container level.

Additional operational automations are provided by the offering, available as a separate docker container for download from registry.redhat.io. These additional operational automations include backup, restore, and upgrade.

Any Common Vulnerabilities and Exposures (CVEs) found in the RHEL OS base image, the Ansible Automation Platform containers, or any included packages are addressed during upgrade of the Ansible Automation Platform offering by swapping out the base RHEL AMI with a newer version including all required software, packages, and containers.

This is done automatically for you through the use of the included upgrade automation.

Customers can take advantage of these operational automations to simplify the operational readiness of Ansible Automation Platform within their own corporate standards freeing themselves up to focus on developing Ansible Automation to manage their own infrastructure and applications rather than spending time developing automations to manage Ansible Automation Platform.

1.2. Service descriptions

Service NameDescription

Elastic Compute Cloud (EC2)

AWS VM compute platform

Relational Database Service (RDS)

AWS database service

Systems Manager

AWS operations and application management service.

Cloud Watch

AWS logging service

Virtual Private Cloud (VPC)

AWS networking service

NAT Gateway

A NAT gateway is a Network Address Translation (NAT) service

Elastic Block Storage (EBS)

AWS block storage service

Elastic File Storage (EFS)

AWS file storage service with support for NFS