I've used Ansible on AWS for 2 years to build out over 50,000 servers, to set up the vpc architecture, control IAM roles, nearly everything.
Ansible kept breaking. A minor patch on v2.5.x destroyed my VPC links, 2.6 broke my IAM, at one step I had to have an intern set log group expiration on 200 log group across several accounts because ansible doesn't support log group going from "undefined" expiration to any value.
I started with ansible because the the server modules are good... But I'm leaving them (for aws components) because there's just no quality control on the releases. I was tired of multiple sprints a year getting side tracked by a tool meant to help.
Now our DevOps team uses SAM templates, a superset/tool on CloudFormation. We've had 0 outages or sidetracks over the last year due to a SAM/CF bug, and we now have access to be features that came out in the last 18 months that ansible still doesn't support.
I don't suggest CloudFormation as a solution if you co-exist in multiple clouds, but I also reject the common belief among managers that teraform and ansible are the "god tools". Or team was almost forced onto teraform because a manager was convinced by a Hashicorp marketing guy that you could take a complex about setup from one cloud to another in 4-6 weeks using their product because the modules are cross-cloud. Right...
Anyway, Ansible is still our server control platform (though we are moving more serverless), but cloud formation is what we use to build the entire accounts supporting ecosystem
Ansible is awful to use with AWS. So many modules are "community" written with nowhere near the feature parity of Terraform [0] and are full of bugs [1].
Ansible kept breaking. A minor patch on v2.5.x destroyed my VPC links, 2.6 broke my IAM, at one step I had to have an intern set log group expiration on 200 log group across several accounts because ansible doesn't support log group going from "undefined" expiration to any value.
I started with ansible because the the server modules are good... But I'm leaving them (for aws components) because there's just no quality control on the releases. I was tired of multiple sprints a year getting side tracked by a tool meant to help.
Now our DevOps team uses SAM templates, a superset/tool on CloudFormation. We've had 0 outages or sidetracks over the last year due to a SAM/CF bug, and we now have access to be features that came out in the last 18 months that ansible still doesn't support.
I don't suggest CloudFormation as a solution if you co-exist in multiple clouds, but I also reject the common belief among managers that teraform and ansible are the "god tools". Or team was almost forced onto teraform because a manager was convinced by a Hashicorp marketing guy that you could take a complex about setup from one cloud to another in 4-6 weeks using their product because the modules are cross-cloud. Right...
Anyway, Ansible is still our server control platform (though we are moving more serverless), but cloud formation is what we use to build the entire accounts supporting ecosystem