Mastering Automation: Installing Ansible on Amazon Linux
Automation underpins scalable infrastructure. For those standardizing on AWS, Amazon Linux provides an optimized platform, yet installing Ansible isn’t a straight copy from generic CentOS or Ubuntu instructions. Amazon Linux’s package management ecosystem and repository setup introduce specific steps—miss one, and dependency conflicts or outdated versions follow.
Context: Why Install Ansible on Amazon Linux?
AWS-native Linux hosts benefit from tightly maintained kernel versions and improved lifecycle security, and integrating with Ansible unlocks:
- Consistent IaC across ephemeral EC2 fleets
- Low friction for patch workflows and ephemeral environment setups
- Smooth use of SSM or cloud-init layering
Many organizations underestimate operational pitfalls when Ansible is installed ad hoc, especially on older EC2 AMIs.
Prerequisites
- EC2 Host: Amazon Linux 2 (2023 or newer) or legacy Amazon Linux AMI.
- Privileges:
ec2-userwith sudo. - Network: Outbound internet connectivity to AWS repos and EPEL.
SSH in:
ssh -i ~/.ssh/aws.pem ec2-user@ec2-XX-XX-XX-XX.compute-1.amazonaws.com
Update the host OS immediately—skipping this risks mismatched dependencies:
sudo yum -y update
If a kernel update is included, a reboot is required before proceeding with heavy automation.
Amazon Linux 2: Installation
Key difference: Amazon Linux 2 does not ship with Ansible in its default repositories. Even yum search ansible will return no results until the correct channel is enabled.
Enable the EPEL-compatible repository via amazon-linux-extras:
sudo amazon-linux-extras enable epel
# Confirm epel status
amazon-linux-extras | grep epel
Once enabled, install:
sudo yum install -y ansible
Known issue: On some instances, amazon-linux-extras is present but fails if the OS is pre-2022. Check /etc/system-release for build date; consider replacement if OS is EOL.
Optional: For newer Ansible (v2.10+), consider pip-based installs—but that adds Python pip management complexity and isn’t best practice for long-lived hosts.
Verify install and path:
ansible --version
which ansible
Look for output like:
ansible [core 2.9.27]
config file = /etc/ansible/ansible.cfg
python version = 2.7.18 (default, Aug 17 2023, 23:00:38) [GCC 7.3.1 2020 Red Hat 7.3.1-16]
Note: Amazon Linux 2 commonly runs Python 2.7; several modern Ansible modules require Python 3. If you plan to use modules with Python 3 requirement, install Python 3 and re-link /usr/bin/python.
Amazon Linux 1 (Legacy): Installation
For pre-2018 AMIs, neither amazon-linux-extras nor consistent Ansible binaries are available from the main repos. Legacy approach:
1. Add EPEL manually:
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
2. Ensure Python and pip:
Some instances are missing even Python or pip.
sudo yum install -y python python-pip
sudo pip install --upgrade pip
3. Install Ansible using pip:
Repository Ansible is commonly too outdated; pip delivers a newer core.
sudo pip install 'ansible<2.10' --upgrade
Critical: Pin to <2.10 for compatibility with older Python unless you have upgraded system Python.
4. Validate install:
ansible --version
If you get:
-bash: ansible: command not found
Then ensure /usr/local/bin is in your $PATH. This is a recurrent gotcha on classic Amazon Linux AMIs.
Quick Validation
Create a minimal test inventory:
# hosts.ini
[local]
localhost ansible_connection=local
[aws-ec2]
ec2-XX-XX-XX-XX.compute-1.amazonaws.com ansible_user=ec2-user ansible_ssh_private_key_file=~/.ssh/aws.pem
Test connectivity:
ansible all -i hosts.ini -m ping
Expected output signals correct SSH key permissions and successful module execution:
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
ec2-... | SUCCESS => {
"changed": false,
"ping": "pong"
}
Pro tip: If you hit the error
Permission denied (publickey).
fatal: [ec2-...]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect"}
double-check SSH key file mode: chmod 400 ~/.ssh/aws.pem.
Troubleshooting & Notes
| Problem | Typical Cause | Fix |
|---|---|---|
No package ansible available | EPEL repo not enabled | Rerun amazon-linux-extras enable epel |
| Python version errors | Old default python | Install/alias Python3, relink if necessary |
ModuleNotFoundError (pip) | PATH issues | export PATH=$PATH:/usr/local/bin |
Note: Amazon Linux package life is coupled to AWS release cycles; if you require bleeding-edge Ansible versions or advanced plugins, develop a containerized control environment instead of system-level install—reduces semantic drift in multi-host workflows.
Conclusion
Correctly installing Ansible on Amazon Linux means respecting the specific repository layouts and Python versions shipped by AWS. Using amazon-linux-extras for Amazon Linux 2 or pip for legacy AMIs avoids the most common failure modes. For team-scale or CI/CD uses, standardize inventory and control node setup via code—manual installs drift over time.
For playbook development, avoid targeting multiple major Ansible versions unless justified by legacy host constraints. Reality: inventory or group_vars files sometimes require workarounds for old Python, especially on classic AMIs. If you run into inconsistent module support, default back to explicit interpreter definition in ansible.cfg.
A good install is boring: you won't think about it for months. That’s the goal.