AWX - AWS SSM Connectivity to Windows Servers

Get Help
, , ,
1

Overview of the issue:
In AWX, i have a job template and inventory(windows hosts) when executed we observer an intermittent issue with the task response from the server.

Explanation:
we have created a custom container image [Execution-Environment] with necessary configuration to make AWS SSM connectivity possible from AWX to target hosts. These EE are stored in jfrog and pulled when the job is launched. Now i have a simple YAML playbook to run against the windows server. But sometimes, we dont get the response back from the task when the playbook is running. Its intermittent in nature. Our job template run’s on the Execution node.

We have tried one more approach that is, we logged into the Execution node (which is a linux server) and switched to user AWX, logged into the container (AWX Execution enviornment) created the template and inventory and ran it. It worked all the time without any issue.

So our conclusion was, from the network standpoint with respect to AWS SSM, there is no issue. But one when the job is triggered via AWX, sometimes we dont get response back on the Logs.

Playbook:

  • name: Fetch local user information including enabled status
    hosts: all
    gather_facts: no
    tasks:

    • name: Get local users with enabled status in JSON format
      win_shell: |
      $users = Get-LocalUser | Select-Object Name, Enabled
      $result = @{
      users = $users
      }
      $result | ConvertTo-Json
      register: script_output

    • name: Show PowerShell script output
      debug:
      msg: “{{ script_output.stdout | from_json }}”

Inventory:
i-1234567890 ansible_connection=amazon.aws.aws_ssm ansible_aws_ssm_profile=ssm-assume-role-987654321 ansible_aws_ssm_region=us-east-1 ansible_shell_type=powershell ansible_aws_ssm_bucket_name=s3_bucket-us-east-1
i-1234567891 ansible_connection=amazon.aws.aws_ssm ansible_aws_ssm_profile=ssm-assume-role-876543219 ansible_aws_ssm_region=us-east-1 ansible_shell_type=powershell ansible_aws_ssm_bucket_name=s3_bucket-us-east-1
i-1234567892 ansible_connection=amazon.aws.aws_ssm ansible_aws_ssm_profile=ssm-assume-role-76543219 ansible_aws_ssm_region=us-east-1 ansible_shell_type=powershell ansible_aws_ssm_bucket_name=s3_bucket-us-east-1