Combining AWS CloudFormation with Ansible

Posted 01.11.2017 in Automation, AWS by Jakob Lundberg

Infrastructure as code is currently a hot topic. It gives advantages such as faster deployment, better security and improved stability. By using AWS it becomes a lot easier to use infrastructure as code. You no longer have to be concerned about physical servers to deploy your stack.

But there are still much complexity to handle to achieve infrastructure as code. There are tools needed that convert the code to infrastructure. The main tool given to use by AWS is CloudFormation.


With CloudFormation it is possible to deploy a stack consistently. A JSON or YAML template file describes the infrastructure. This template allows you to redeploy the stack and track any changes with an version control system such as git.

CloudFormation can handle most of the services from AWS. Such as S3 buckets, RDS databases and EC2 instances. But when it comes to the EC2 instances there is more to do than to just select instance type and network. The instance needs to be configured to become a useful part of the infrastructure.

When deploying an EC2 instance with CloudFormation it is possible to add UserData. This data can be used to bootstrap the server configuration. To help out even more AWS has provided the cfn-init helper script. This is a sort configuration management tool that can be included in the CloudFormation template.

But in my opinion this is still not powerful enough. And there are already many, very good configuration management systems out there.


One of the configuration management systems that has gained in popularity is Ansible. Ansible has a low learning curve by allowing the use of powerful functions through YAML configuration files, or Playbooks.

Ansible also has some infrastructure management functions. This means that it is possible to move all infrastructure and configuration management from CloudFormation to Ansible. But just as I find CloudFormation too weak in configuration management, I also find Ansible too weak in infrastructure management.

Splitting Infrastructure and Configuration Management

The solution is then to split infrastructure management and configuration management. Let CloudFormation handle the infrastructure and Ansible (or similar) handle the configuration.

A first reaction is most likely ‘Oh, no! Now I have to learn 2 different tools!’, but hear me out. There are advantages to having infrastructure and configuration loosely coupled.

  • Firstly you can choose the tool for the job. You can have CloudFormation or Terraform or something else for infrastructure. And Ansible or Puppet or Chef or even multiple systems if different teams prefer different tools.
  • And because the infrastructure and configuration is split, they can be housed in different repositories and developed independently. This makes it easier and faster to develop the stack.


Here is a simple example of a CloudFormation stack that depends on an Ansible playbook. It uses an WordPress/Nginx playbook from The repo or playbook can easily be swapped for something else.

Do you need help setting up your infrastructure? We can help you with AWS and Ansible!

Written by Jakob Lundberg

Jakob is a tech focused system designer. With a background in network management, system administration and development he has an interest in the entire stack.

Always looking for new and improved solutions. Never accepting that things have to be complicated.

Related articles

Amazon Web Services SSO authentication with Google GSuite

Introduction The use of Amazon Web Services(AWS) has become increasingly popular as organisations are moving their IT workloads to the cloud and cloud service providers(CSPs). According to reports by analyst…

How to develop and deploy a Serverless application

One of the currently hot buzzwords is Serverless. The idea with a serverless architecture is to be able to deploy web or mobile applications without having to have a server.…

Keeping secrets in AWS

The ability to keep secrets is very important on the internet. There is always someone who tries to get access to anything that is available. A common way to keep…