Hardening guidance for Red Hat Ansible Automation Platform

Many Red Hat customers use Red Hat Ansible Automation Platform to automate end-to-end system configuration, software deployment and security-related use cases. Our customers use Ansible Automation Platform as part of their overall security strategy, whether it is to configure network devices, deploy security patches, or integrate security tools used by security operations teams during incident response. 

Customers who are looking to improve the security posture of the platform itself often ask:

• What are the recommended practices for hardening the Ansible Automation Platform components?  
• What does the data flow between components look like?  
• What security-related information is needed when planning a deployment?  
• How can I meet compliance requirements for the servers hosting Ansible Automation Platform?
• Should I apply controls from the automation controller STIG?  

Rather than asking customers to read through multiple documents and knowledge base articles, we decided to gather this information into a single location.

Introducing the Ansible Automation Platform Hardening Guide

We are pleased to announce the initial publication of the Ansible Automation Platform Hardening Guide on the Red Hat Customer Portal. This guide takes an opinionated approach to configuring Ansible Automation Platform with security in mind. Its initial scope focuses on Ansible Automation Platform running on top of Red Hat Enterprise Linux (RHEL), whether on bare metal or virtualized, on-premises or in the cloud. 

This hardening guide covers:

• Initial planning considerations and preparation
• Installation
• Configuration
• Day two operations
• Considerations when applying the RHEL STIG to the platform servers 

By following the recommended practices throughout this guide, customers can help improve the security posture of their Ansible Automation Platform installation while maintaining the flexibility to use the platform to automate existing IT and security requirements. This enables security teams to better meet compliance standards or organizational approvals needed for production operations. For customers who apply the RHEL STIG controls to their systems, we provide guidance on installing Ansible Automation Platform on RHEL servers configured for STIG requirements.

The Ansible Automation Platform Hardening Guide is meant to consolidate security-related information for Ansible Automation Platform into one document, and our goal is to expand the guide over time to cover additional security-focused topics. Feedback is welcome!

Ready to learn more?

• Getting Started with Red Hat Ansible Automation Platform
• Try it! 60 day free trial
• Ansible Security Integrations