I'm trying to figure out if Ansible is actually a necessary part of our Amazon Linux 2023 setup. We don't use Ansible, and I don't remember installing it, so I'm wondering if it might have come pre-installed with the base image. We're looking to remove it since it's currently using a vulnerable version of the aiohttp package, which is raising concerns for our CIS team. Thanks for any insights!
4 Answers
Ansible just runs scripts and needs some sort of elevated permission to do anything significant. If someone could run scripts with those rights, they don’t need Ansible to make a mess. It seems safe to remove it, but just be aware that this type of compliance check can sometimes be a bit questionable. I've dealt with CISO types who only go by the scanner results without really understanding the risks involved, which can lead to unnecessarily strict rules.
I would be surprised if Ansible came with the base image. Has anyone actually installed it on your instance? If you’re aiming to tighten security, it’s always better to start with a minimal image and only add what you actually need.
No way! I generally steer clear of Ansible since I find that infrastructure as code and containers make managing machines a lot easier.
Nah, you don't need Ansible at all. It's really just an automation tool and doesn't do anything that a user couldn't accomplish themselves.
Thanks for clearing that up!
Totally agree! But since we have to use our organization's "golden image", it seems the team that created it must have needed Ansible at some point. Thanks for the input!