I am setting up a fresh EC2 deployment for a client and am hoping to do the following:
- Set up a management host for the cluster and deploy Ansible to it along with the client’s playbooks
- Allow users to successfully execute playbooks based on whether their IAM user has been assigned the IAM role for a service
Does Ansible support a setup like this? How would the IAM credentials (or role) be specified? I assume the idea would be to create a linux user mapping to each IAM user, but not positive on this.
The alternative it seems is to have users run Ansible from their local machine via a jump host where each of the IAM credentials can be self-managed.