Local Testing of Ansible Scripts running on EC2 Instance using AWS Mocks
Introduction of Article Series
A very important requirement of nowadays projects is time to market facilitating developing better products than other competitors do. We as developer can contribute to the time to market race by optimizing our development processes. In this article series, we focus on developing local tests for Ansible Scripts that will be later run on EC2 Instances via AWS System Manager, so that we can reduce the cycle times between detecting bugs and the fixing them. System Manager is the central place for managing your EC2 instances and integrates quite well with Ansible for having a standardized way of changing your EC2 Instances declarative. Anyhow, the way of mocking AWS Services for tests is not limited to the System Manager/Ansible Use Case.
Let’s make an example: we have EC2 Instances that runs our applications that are deployed from archives which are stored in S3. It is very critical that these artifacts are not tampered and thus, we employ an artifact signing process. Therefore, we implement our process by running an Ansible Script under control of AWS System Manager that downloads the artifacts and validates its checksum stored in our metadata store.
For testing the scenario we mock the AWS Services and simulate the EC2 Instances via docker containers.
On one hand, the exact testing with building up real infrastructure is less error prone. On the other hand, it might be difficult to be managed (e.g., guarantee decommissioning of infrastructure) and it takes usually more time than unit testing. Local testing with simulation the EC2 Instance with Docker Containers might be helpful here depending on your use case.
Testing with Localstack
In this article, we want to write unit tests with mocking AWS Service via Local Stack, which simulates AWS Services such as S3 Buckets. The example code for this article you can find on GitHub: Example Code
As you can see in that code, you need to redirect to the Local Stack directly (endpoint URL parameter for CLI (Link)) or indirectly (S3_URL Environment in Docker Compose (Link)). However, there are some extensions such as AWS Secret Manager lookup for which I couldn’t find a way to simulate it so far and so it must be controlled from outside. In the next article, I improve this solution to redirect to Local Stack transparently.
Thank you for reading this article. I am happy to read other opinions in the comments below and other helpful input. Please comment and let’s learn from each other.
Thank you to Stefan Kühnel for his valuable input on this small article series.