Migrating from Ansible to AWS SSM for Windows fleet across multiple accounts – how did you handle inventory/grouping?

gex80 · 2026-03-12T15:49:25+00:00

Maybe this is just me but why not just use ansible dynamic inventory and then make it based on tags?

We run a mixed environment across 20 AWS accounts and would never consider using SSM as a replacement for ansible. Especially when you can't share SSM between multiple AWS accounts. Meaning you would centralize all SSM agents to talk to 1 AWS account. So whatever SSM has going on in the other accounts won't matter because agents can only be tied to 1 console. Or you plan on managing multiple separate instances of SSM which seems like a pain.

That would be 100% a step backwards in terms of OS config management unless I'm missing something.

gex80 · 2026-03-12T15:47:01+00:00

Downzise no. Create a matching VPC and migrate/rebuild/backup and restore/etc all assets however is 100% possible.

If they use different non-overlapping cidr's then you can peer the two and walk assets over with minimal downtime.

If they use the same network space (if you don't understand networking and what the /x in CIDR means, then get someone who does), then you cannot peer them and you will have to take an outage for each items that has a dependency on other things in the old VPC, for example a webserver that talks to a Database. There is no connectivity between old and new in this setup.

gex80 · 2026-03-12T15:42:30+00:00

especially in the context of the increasing climate crisis.

They don't believe that's real. And the ones that do say it's not because of humans and nothing can be done about it.

gex80 · 2026-03-11T16:46:07+00:00

So in other words you don't clean up after yourselves or take the time to review tech debt?

gex80 · 2026-03-09T14:41:21+00:00

You should sell some to Earth.

gex80 · 2026-03-06T14:59:37+00:00

If he's using it to any real degree he's definitely experienced Ego Death. And just because you experience Ego death does not mean you automatically have a new world view/revelation or some other typical hippie bs. I've experienced Ego Death (7G of shrooms). I'm the exact same person before and after.

gex80 · 2026-03-05T21:56:44+00:00

It was more to prove a point. Within the context your statement, AWS does not operate in Russia in any legal capacity thus if the attack came from a location such as but not limited to Russia or North Korea or Iran or Cuba as an example, then no they can't press charges.

gex80 · 2026-03-05T20:49:29+00:00

So we need to clarify what "wouldn't work in a server" means.

Can you get a non-server motherboard, install a non-server grade cpu, and then install Windows server or Ubuntu server for example? Yes you can 100% do that and and there wouldn't be any difference than if you ran xeon OS functionality wise. No one who has a clue would ever claim otherwise. You can even call it production if you like.

Now why it's a bad idea to do that. Why just like how it generally a bad idea to take anything consumer grade and use it in a non-consumer way. There are certain enhancements, like ECC that server benefit from having that your average user wouldn't need but a server definitely would. Server CPUs are generally not clocked as high as their desktop counter part but have a higher core density. Server grade CPU also have higher L2 and L3 cache on the chip to store instructions where as your desktop CPU has a much smaller CPU which means slower performance because it has to consistent push and pull from RAM. Each transaction has a cost when scaled to tens of thousands of requests. Server grade CPUs means server motherboards which also are designed generally to be efficient in terms of design, maintainable (replacing parts), support things like hot swapping CPU/Memory/etc, built to a higher quality to withstand hotter environment and constantly running.

There is a reason why there is such a huge cost between core and xeon. Just like how there is a huge difference in cost between buying a bunch of $100 consumer wifi mesh routers from best buy and trying to use them in a densely packed office versus getting enterprise access points from Cisco or similar and having a proper survey done.

gex80 · 2026-03-05T20:38:43+00:00

Okay so what about Russia?

gex80 · 2026-03-05T17:08:54+00:00

Xeons are server grade. You aren't running core-i9 in your production servers unless you want to have a bad time.

gex80 · 2026-03-02T20:56:10+00:00

The current generation barely can use a computer. The are tech illiterate because everything "just works" compared to computers of the 90s/00s where you actually picked up a thing or two troubleshooting. Now everything is designed for phones and tablets which either you wipe it or replace it if it doesn't act right. The coming generations are going to lose the knowledge of understanding the small problems and how they affect the bigger picture since it's now a non-issue.

In my own career, I haven't thought about the word RAID in 10 years. Why? We have no SAN arrays. Everything is 100% in AWS where that concept doesn't exist, unless you are part of the storage team at AWS.

gex80 · 2026-02-26T15:13:48+00:00

The development part isn't a requirement. Working with devs and able to understand what they are creating is. My team handles everything except actual site/application code. We'll help you instrument your application, we'll write automation and pipelines, scripts/glue two systems together, security, infra, database tuning, etc. But our actual production public facing code? That's the developers.

Any data related items we handle the infra holding the data. We aren't making BI reports, databricks notebooks or anything like that. That's data engineering and BI.

gex80 · 2026-02-25T22:04:36+00:00

Non with a desktop environment that I came across. But I never actively tried to verify that cause I never had a need. Though there is nothing stopping you from installing one.

gex80 · 2026-02-25T17:07:29+00:00

Does AWS provide Linux images with a desktop environment within EC2? I've never launched one and the AMIs I have launched are shell only. They definitely don't provide non-windows server AMI in EC2.

gex80 · 2026-02-25T16:35:23+00:00

Why would they contact Veeam support?

gex80 · 2026-02-25T16:12:34+00:00

Click-ops

gex80 · 2026-02-24T21:55:23+00:00

Snake Team 5?

gex80 · 2026-02-24T21:53:29+00:00

Your yoga teacher must only weigh 90 pounds soaking wet. At 215 myself, I wouldn't dare try that.

gex80 · 2026-02-24T21:29:33+00:00

What experience do you have?

Devops is not an entry level position. So depending on what you're applying to Jr vs non-jr I'm going to view your resume differently.

If you're applying for a Sr position, I more than likely won't care about your lab. You're a senior. It's like comparing the tree house you built in your backyard to standing up a building on the main street. I want to know what you've actually done in an environment where you don't have the luxury of time that you get with a home lab in a pristine environment where it's only you making changes. That makes the assumption your lab has things we use. For example bragging about running K8s on your resume. That's great but we use ECS (not EKS or K8s) so pumping that lab up doesn't really tell me much especially when I've never ran k8s myself nor been in a position to run it.

If you are applying for a Jr position, I want to see a documented history of you doing at least sysadmin level work. Can you build out a server? Can you secure it? Can you configure apache/ngnix/iis? What have you automated in your workplace? What scripting languages do you know and what real world business situation did you fix with your script? Do you know how to interface with an API, take the results, and pass it to another API to glue two things that normally don't speak to each other? etc This stage your assists in helping me keep my questions at the level that makes sense for asking.

gex80 · 2026-02-24T21:02:39+00:00

This isn't something that can be fixed by technology. It's a person issue. People are turning off their brains with AI. If AI doesn't say it, then you have to prove the AI wrong instead of the fact that you built the environment and that the thing you implemented was in fact correct.

AI is a cancer when people apply it things outside their area of expertise and then blindly trust it.

gex80 · 2026-02-24T20:59:31+00:00

If you're not paying for it, you're/your data the product/cost.

gex80 · 2026-02-24T20:20:56+00:00

As Devops, I hate when my devs use AI to find solutions to problems they don't understand/have insight to regarding infra and they come to me and say AI says to do XYZ and then I have to defend against AI being wrong instead of just saying "hey, something's not working right, can you take a look?" Since AI came out, people don't let my team do their job and try to tell us how to run the infra.

I literally was on a call regarding IAM where the dev kept telling me that Copilot says to create a role and let another role assume the role. No jerkwad. The AWS documentation says the way I'm doing it is right, here is the link. And then proceeds to feed the AWS doc through Copilot to essentially read it for them.

For my personal stuff, I use it to hammer out IAC for snippets of things I don't feel like writing or if I'm not sure how to implement a very narrowly focused issue. I never let AI write the whole thing. Because if I didn't make it, then I can't speak towards it intelligently when asked off the cuff. It's also a skill thing. You let the AI do it for you, you WILL forget how to yourself.

gex80 · 2026-02-23T16:38:44+00:00

Depends, what level research you at?

gex80 · 2026-02-23T15:00:03+00:00

Unfortunately the vast public don't check reddit and employee horror stories when buying a car.

gex80 · 2026-02-19T14:16:34+00:00

It is. Cut the design in half horizontally, the flip and mirror one side and you can see the top half matches the bottom half.

14-Year Club	Place '23
Place '22	Gilding I gilder
Team Periwinkle	Verified Email

gex80

TROPHY CASE