Configuring Instances with Ansible Playbooks

Correct Answer - D.

In the question, as Ansible playbooks need to run locally, you cannot configure other EC2 instances or servers to execute the playbooks.

Another requirement is that instances should be managed based on tags.

Systems Manager Run Command is a good candidate.

Option A is incorrect: Because the Jenkins server is another host that is not allowed to run the playbooks for selected EC2 instances.

Option B is incorrect: Because CloudFormation is an orchestration tool to configure AWS resources.

A CloudFormation stack is not suitable to run Ansible playbooks.

Option C is incorrect: Lambda function still acts as a remote server when executing the Ansible playbooks.

It does not align with the requirement of the question.

Option D is CORRECT: With Systems Manager Run Command, users can easily pick up the targets with a tag and Ansible playbooks are executed on Systems Manager managed instances.

The most appropriate method to configure instances via Ansible playbooks is D. In Systems Manager Run Command, use the AWS-ApplyAnsiblePlaybooks document to run the playbooks on selected EC2 instances.

Explanation:

Ansible is a configuration management tool that automates software deployment, cloud provisioning, and other IT tasks. It uses playbooks, which are a series of instructions that describe how to configure and deploy a system.

In this scenario, Ansible is being used to configure more than 50 EC2 instances, and the playbook files are stored in an S3 bucket. The playbooks should only be executed locally on the instances, which means other hosts such as a jump host cannot run the playbook remotely for the EC2 instances. Additionally, the playbooks need to be run for selected instances with specific tags.

Option A, Configure a job in a Jenkins server to execute the Ansible playbooks with a tag parameter, is not the most appropriate method because it involves setting up a separate server, which adds complexity to the architecture. Furthermore, Jenkins is primarily used for continuous integration and deployment, not configuration management.

Option B, Create a CloudFormation template with a tag parameter, is not the most appropriate method because CloudFormation is primarily used for infrastructure as code (IaC) and orchestration, not configuration management. Although CloudFormation can configure EC2 instances during stack creation or update, it is not as flexible as Ansible and does not have the same level of customization and control.

Option C, Create a Lambda function that gets Ansible playbooks from the S3 bucket and executes the playbooks on selected EC2 instances based on tags, is not the most appropriate method because Lambda is a serverless compute service that is designed for short-lived, event-driven functions. Although it is possible to use Lambda to run Ansible playbooks, it is not recommended for long-running tasks such as configuration management.

Option D, In Systems Manager Run Command, use the AWS-ApplyAnsiblePlaybooks document to run the playbooks on selected EC2 instances, is the most appropriate method because it leverages AWS Systems Manager, which is a managed service that provides a unified interface for managing resources across AWS services and on-premises environments. AWS-ApplyAnsiblePlaybooks is a pre-built document that integrates Ansible with Systems Manager, enabling you to run playbooks on selected EC2 instances based on tags or other criteria. This approach is highly scalable, secure, and reliable, and does not require additional infrastructure or tools.

In conclusion, option D, In Systems Manager Run Command, use the AWS-ApplyAnsiblePlaybooks document to run the playbooks on selected EC2 instances, is the most appropriate method to configure instances via Ansible playbooks in this scenario.