Ansible : Privilege escalation (become)

Ansible uses the become, become_user, and become_method directives to achieve privilege escalation. You can apply them to an entire play or playbook, set them in an included playbook, or set them for a particular task.

- name: checkout repo
  git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
  become: yes
  become_user: some_user

You can use become_with to specify how the privilege escalation is achieved, the default being sudo.

More Examples:

- name: Ensure the httpd service is running
  service:
    name: httpd
    state: started
  become: yes

To run a command as the apache user:

- name: Run a command as the apache user
  command: somecommand
  become: yes
  become_user: apache

To do something as the nobody user when the shell is nologin:

- name: Run a command as nobody
  command: somecommand
  become: yes
  become_method: su
  become_user: nobody
  become_flags: '-s /bin/sh'

Setting up Ansible in AWS Linux RHEL

Enable PING
Edit Security Groups>Add Rule>>ICMP

Connect to AWS using putty
Follow the steps mentioned here/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

To convert the .pem to .ppk file use the latest PuttyGen otherwise you will encounter the issues like 'Cant load the private key'

Modify the shell prompt

vi /etc/bashrc
Edit the below line as you like
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@MyServer>\w]\\$ "

Enable Root Login in AWS Linux machine

Uncomment PermitRootLogin in /etc/ssh/sshd_config

Setup SSH Passwordless authentication

copy the generated .pem file to he server using winscp (if you are using windows)
1. As root run ssh-keygen (generate the key to id_rsa.pub)
2. As ec2-user copy this file to Target server:/home/ec2-user
scp -i "/home/ec2-user/clients.pem" /root/.ssh/id_rsa.pub ec2-user@x.x.x.x:/home/ec2-user/
2. Login to target Server
    cat /home/ec2-user/id_rsa.pub >> /root/.ssh/authorized_keys

Now you have setup the SSH passwordless login for Ansible.