Ansible Cloud Dynamic Inventory

When your infrastructure lives in the cloud, the server list changes constantly. Auto-scaling adds and removes instances, deployments create and destroy environments, and spot instances come and go. Dynamic inventory bridges the gap between Ansible's need for a host list and the cloud's fluid reality.

How Dynamic Inventory Works

Instead of a static file, a dynamic inventory source is a program that Ansible calls at runtime. That program queries an external API — AWS, Azure, GCP, VMware, or any other data source — and returns the current host list as JSON. Ansible consumes that JSON exactly as it would a static inventory file, with full support for groups, host variables, and connection parameters.

Setting Up the AWS EC2 Inventory Plugin

First, install the AWS collection:

ansible-galaxy collection install amazon.aws

Install the required Python library:

pip3 install boto3 botocore

Configure AWS credentials (use environment variables or the AWS credentials file):

export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key
export AWS_DEFAULT_REGION=us-east-1

Create an inventory configuration file named aws_ec2.yml:

plugin: amazon.aws.aws_ec2
regions:
  - us-east-1
  - eu-west-1
filters:
  instance-state-name: running
  tag:Environment: production
keyed_groups:
  - key: tags.Role
    prefix: role
  - key: placement.region
    prefix: region
hostnames:
  - dns-name
  - private-ip-address
compose:
  ansible_host: public_ip_address
  ansible_user: "'ubuntu'"

Understanding the Configuration Options

filters limits which instances are returned — only running instances tagged Environment=production. keyed_groups automatically creates inventory groups from instance attributes — instances tagged Role=webserver appear in the group role_webserver. compose sets inventory variables from instance attributes — ansible_host is set to the public IP address.

Testing the Dynamic Inventory

ansible-inventory -i aws_ec2.yml --list
ansible-inventory -i aws_ec2.yml --graph

The --list output shows all discovered hosts and their variables as JSON. The --graph output shows the group hierarchy in a readable tree format. Use these commands to verify the inventory is discovering the correct instances before running any playbooks.

Running Playbooks Against Dynamic Inventory

ansible all -i aws_ec2.yml -m ping
ansible-playbook -i aws_ec2.yml deploy-app.yml --limit role_webserver

The --limit flag restricts execution to a subset of the dynamic inventory — in this case, only instances in the auto-generated role_webserver group.

Azure Dynamic Inventory

Install the Azure collection and dependencies:

ansible-galaxy collection install azure.azcollection
pip3 install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements.txt

Create azure_rm.yml:

plugin: azure.azcollection.azure_rm
auth_source: auto
include_vm_resource_groups:
  - production-rg
keyed_groups:
  - key: tags.role
    prefix: role

GCP Dynamic Inventory

plugin: google.cloud.gcp_compute
projects:
  - my-gcp-project
filters:
  - status = RUNNING
  - labels.environment = production
keyed_groups:
  - key: labels.role
    prefix: role

Combining Static and Dynamic Inventory

Ansible supports mixed inventory sources. Create an inventory/ directory containing both a static hosts.ini and a dynamic aws_ec2.yml:

inventory/
  hosts.ini        # On-premises servers
  aws_ec2.yml      # Cloud servers
  group_vars/
    all.yml

Run with ansible-playbook -i inventory/ site.yml. Ansible merges all inventory sources and makes all hosts available under their respective groups. This hybrid approach is common in organisations migrating gradually from on-premises to cloud.

Try This: Explore Your Dynamic Inventory

If you have an AWS Free Tier account, launch two EC2 instances tagged with Role=webserver and one tagged Role=database. Configure the aws_ec2.yml plugin and run ansible-inventory -i aws_ec2.yml --graph. Verify that the instances appear in the correct auto-generated groups. Then run ansible role_webserver -i aws_ec2.yml -m ping to confirm connectivity.

Summary

Dynamic inventory solves the static-list problem in cloud environments by querying live APIs at runtime. The AWS EC2 plugin is the most commonly used and supports powerful filtering and auto-grouping based on instance tags. Azure and GCP plugins follow the same pattern. Mixed static and dynamic inventory sources are supported simultaneously, enabling hybrid infrastructure management. Dynamic inventory is a production-grade skill that separates competent from advanced Ansible practitioners.

Previous lessons
Back to courses
Next lessons

Leave a Comment