Once we started linking multiple CloudFormation stacks together with Ansible we started to feel the need to query Amazon Web Services for both the output values from existing CloudFormation stacks and certain other values, such as security group IDs and Elasticache Replication Group Endpoints. We found that the quickest and easiest way to gather this information was with a handful of Ansible Lookup Plugins. I’ve put the code for the more generic Ansible AWS Lookup Plugins on github and even if you’re an Ansible user who’s not using AWS they are worth a look just to see how easy it is to write one. Read on →

As the Ansible/AWS investigations continue I had the need to lookup outputs from existing CloudFormation stacks. I spent ten minutes reading through the existing lookup plugins and came up with the Ansible CloudFormation Lookup Plugin. I’m not sure this is going to be our final solution. Michael DeHaan suggested that moving to a fact plugin might be better in terms of cleaner usage and easier testing, so I’m at the least going to implement a trial version of that. Read on →


We use Amazon CloudFormation for a number of our deployments at $WORK. Although it’s nice to have security group creation inside the same template as the resources it will secure, CloudFormations ‘helpful’ addition of a unique string at the end of the resource names it creates can sometimes be a problem. A couple of tools assume security groups will have an absolute, unchanging name and lack a way to search for an appropriately tagged security group whose name can change on stack rebuild. Read on →