How to deploy Red Hat Ansible Automation Platform on AWS to AWS GovCloud in the United States

June 26, 2023 by Zachary Kayyali

This blog is co-authored by Zack Kayyali and Hicham (he-sham) Mourad

Deploying Red Hat Ansible Automation Platform Foundation

The steps below detail how to install Ansible Automation Platform on AWS United States GovCloud from the AWS Marketplace. The steps to deploy into AWS GovCloud and AWS Commercial cloud are nearly identical. Before starting your deployment process, please ensure the AWS account you are using to deploy has the following IAM roles. These IAM roles are required to deploy the AWS foundation stack offering. The foundation stack offering here refers to the base Ansible Automation Platform 2 deployment.

This blog details how to deploy Ansible Automation Platform on AWS and access the application. This deployment process will be configured to set up Ansible Automation Platform in its own Virtual Private Cloud (VPC) that it creates and manages. We also support deploying into an existing VPC.

To begin, first log into your Commercial AWS account. If you have a private offer, ensure that these are accepted for both the foundation and extension node offerings.


  • The foundation offer refers to the “Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes” marketplace item. 
  • The extension node offer refers to the “Red Hat Ansible Automation Platform 2 Extension - 100 Managed Nodes”, and “200 Managed Nodes”, and “400 Managed Nodes” marketplace items (the foundation offer MUST be deployed first before any extension node offers can be used to scale the Ansible Automation Platform environment).

Navigate to the private offers page in AWS Marketplace to accept these subscriptions.

Once the subscriptions have been accepted, you can begin deploying Ansible Automation Platform 2 on AWS. 

From the subscriptions page, click Launch CloudFormation stack to begin the deployment of the foundation offering, as shown in the image below.

After clicking Launch Cloudformation stack, you will be taken to a page titled Configure this Software

Select Ansible Platform CloudFormations Topology for your fulfillment option 

Ensure that the Software version selected is the latest.

IMPORTANT: Select the correct region for your deployment. If you would like to deploy your application in AWS GovCloud, select one of the GovCloud regions in this dropdown.

Once the above options have been selected, you can click Continue to Launch to proceed with launching the Ansible Automation Platform deployment.

This will bring you to a page titled Launch this software, at this page, you must select the proper action to launch. In the dropdown, select Launch CloudFormation, then click Launch to proceed.

Once Launch is selected, you will be brought to the CloudFormation UI to begin configuring our Ansible Automation Platform deployment settings. This page is titled Create stack and is already pre populated with the correct settings for linking to the CloudFormation template. Click Next to proceed.

The next page is titled Specify stack details. In this page, you will name your CloudFormation stack (Ansible Automation Platform deployment), and configure basic and networking configuration options. 

Enter a Stack name; this will be the name of your CloudFormation Ansible Automation Platform Deployment stack. Stack names can include letters (A-Z and a-z), numbers (0-9), and dashes (-).

In the Basic Configuration section, you must select a valid EC2 Keypair. This keypair is mounted into our instances and can be used to SSH into the nodes, provided networking is set up correctly for SSH.

In the Select whether to create a new VPC or use an existing one section, select New to deploy Ansible Automation Platform into a VPC created as part of the CloudFormation deployment.

In the New network configuration section, you should check that your VPC and subnets are configured with the required network settings. Customize your network settings as appropriate. Once deployed, Ansible Automation Platform will create a VPC and subnets with the CIDR ranges you supplied.

Once the stack details have been finalized, click Next to proceed.

The next page will be titled Configure stack options, where you will be presented with further potential options to configure the stack.

(Optional) During this step, you can add custom tags to your resources if necessary. Up to 50 tags can be added natively this way.


At the bottom of this page, click Next. This will take you to the final page before the application begins deployment, titled Review <Stack_name>. Review the noted stack details and settings, and once final, scroll down to the very bottom of this page and ensure the checkbox next to I acknowledge that AWS CloudFormation might create IAM resources and then click Submit.

Once Submit has been clicked, you will be taken to the CloudFormation stacks page, where you will see the stack be in a CREATE_IN_PROGRESS status. The Ansible Automation Platform deployment can take about 30 minutes to complete. Once it has completed, it should have a status of CREATE_COMPLETE.


Accessing the Ansible Automation Platform deployment

Once the Ansible Automation Platform foundation has been deployed, follow the instructions below to begin accessing the application. 

In the steps detailed earlier, Ansible Automation Platform is deployed into a VPC that it created during the deployment process. This VPC by default has no external access configured. External access can be configured in a variety of ways. These access methods may include strategies like VPC peering, setting up VPN access, or configuring external load balancers.

For specific instructions and detailed information about setting up Networking and application access, please visit our documentation online.

To find the Internal load balancer URLs, click on the Outputs section in the created CloudFormation stack page.

The DNS name of the private automation hub load balancer can be found in the outputs section with an export name of <Stack_name>-aap-hub-dns-name.

The DNS name of the automation controller load balancer can be found in the outputs section with an export name of <Stack_name>-aap-controller-dns-name.

Open both of these URLs in new tabs respectively, to open the login pages for the private automation hub, and the automation controller. If you are unable to access these pages, this indicates a problem in your network connectivity.

Now that you can access the login pages, you can retrieve the “admin” password for the Ansible Automation Platform deployment. The login credentials are the same for the private automation hub and automation controller.

To find the login information, first navigate to AWS Secrets Manager and ensure you are in the same region as your CloudFormation stack. The secret containing your login information will be called <Stack_name>-aap-admin-secret. Click on this secret, and then click on Retrieve secret value to find your username “admin”,  and password.

With these credentials, you can now login to the automation controller and the private automation hub consoles.

After logging into the automation controller console for the first time, you will be guided to activate Ansible Automation Platform by pulling in the subscription.

Simply log in with the Red Hat account which triggered the subscription activation process at the start of the deployment steps, and then click Get subscriptions. This will retrieve a list of all active subscriptions, and from there, pick the required one, and click next.


What can I do next?

Watch Hicham (he-sham) Mourad walk through this deployment process in a video.

To learn more about Ansible Automation Platform in AWS Marketplace, visit the page here. You can watch the demo video covering this core automation use case for AWS - deploying and retiring cloud resources.

Try the hands on self-paced Ansible Automation Platform in AWS labs. There’s multiple labs covering these topics:

  • Cloud Operations (Day-2 operations on AWS)
  • Infrastructure Optimization (Cloud control on AWS)
  • Infrastructure Visibility (Infrastructure awareness and reporting on AWS)

For hands-on self-paced lab(s) on Ansible Automation Platform, you can visit here. You can also take a look at the Ansible Automation Platform in AWS documentation.



AWS, Cloud Automation, Ansible Automation Platform


Zachary Kayyali

Zachary Kayyali is a Senior Software Engineer at Red Hat Ansible Automation Platform on Clouds. Zack has spent several years in the software industry with a heavy focus on cloud technologies. With a focus and passion for technology and automation, Zack enjoys creating technical solutions to solve real world customer problems.

rss-icon  RSS Feed