AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible Automation Platform Self-Service Portal: Automation as a Service (Complete Guide)

By Luca Berton · Published 2024-01-01 · Category: installation

Learn how the AAP Self-Service Portal enables automation as a service with admin-defined templates and user-friendly access.

The Ansible Automation Platform Self-Service Portal — available for RHEL 9 and RHEL 10 deployments starting with AAP 2.7 (GA June 3, 2026) — enables platform engineers to deliver automation as a service while domain experts consume it through an intuitive interface.

Two-Persona Design

The portal separates concerns between two roles:

Platform Admin

Defines automation use cases and sets access permissions.

The platform admin: • Selects which job templates to publish in the portal • Organizes templates by category (RHEL Operations, Network Operations, AWS Operations, etc.) • Sets RBAC permissions controlling who can access which templates • Curates the automation catalog for different teams

Domain Subject Matter Expert

Views and runs automation relevant to their work with an easy-to-use self-service experience.

The domain expert (e.g., a RHEL Operations User): • Logs into the AAP Self-Service Portal • Sees only the automation relevant to their role • Launches jobs without needing to understand the underlying playbooks • Fills in required parameters through guided forms

See also: Setting Up the Self-Service Automation Portal in AAP 2.6

How It Works

Step 1: Admin Selects Templates

The platform admin navigates to the portal configuration and adds roles:

Add roles → Select resources:
├── Select automation
├── Select resources
├── Select roles to apply
└── Review and finish

Available templates:
├── AWS Operations / Create EC2 Instance
├── AWS Operations / Terminate EC2 Instances
├── Network Operations / Create IoT Network Backup
├── Network Operations / Remote Config
├── RHEL / Configure Services         ← Selected
├── RHEL / Update RHEL Time Servers   ← Selected
├── Instances Operations / Create VM
└── Windows Operations / Delete VM

The admin selects the RHEL-specific templates they want to provide to RHEL Operations users.

Step 2: Admin Sets Permissions

From the dropdown, the admin selects "Job Template" and configures: • Which users/teams can access each template • What level of access (execute only, view, admin) • Parameter restrictions (fixed values vs user-editable)

Step 3: Domain Expert Uses the Portal

A domain RHEL Operations User logs into the AAP Self-Service Portal and sees:

┌─────────────────────────────────────┐
│   Ansible Automation Platform       │
│   Self-Service Portal               │
│                                     │
│   Welcome, RHEL Operations User     │
│                                     │
│   Available Automation:             │
│   ┌─────────────────────────────┐   │
│   │ ▶ Configure Services       │   │
│   │ ▶ Update RHEL Time Servers │   │
│   └─────────────────────────────┘   │
└─────────────────────────────────────┘

They see only the templates the admin published — no access to the full AAP UI, inventories, or credentials.

Use Cases

IT Operations Team

# Published templates for IT Ops:
- name: RHEL Patching
  description: "Apply latest security patches to RHEL servers"
  parameters:
    - host_group: "Select target servers"
    - reboot: "Allow reboot after patching (yes/no)"
    - schedule: "Run now or schedule"

- name: User Account Management
  description: "Create/modify user accounts on Linux servers"
  parameters:
    - username: "Account name"
    - groups: "Group membership"
    - ssh_key: "Public SSH key"

Network Operations

# Published templates for NetOps:
- name: Network Backup
  description: "Backup running config for network devices"
  parameters:
    - device_group: "Select device group"
    - backup_location: "Storage location"

- name: VLAN Configuration
  description: "Create or modify VLANs"
  parameters:
    - vlan_id: "VLAN number"
    - vlan_name: "VLAN description"
    - interfaces: "Trunk interfaces"

Cloud Operations

# Published templates for CloudOps:
- name: Create EC2 Instance
  description: "Launch an AWS EC2 instance"
  parameters:
    - instance_type: "t3.micro | t3.medium | t3.large"
    - region: "AWS region"
    - environment: "dev | staging | prod"

See also: Ansible Automation Portal Content Discovery: Unified Catalog for Collections, Repos, and Playbooks

Benefits

| Without Portal | With Portal | |---|---| | Users need AAP UI access | Simple, role-specific interface | | Training on AAP required | Guided forms, no training needed | | Risk of accidental changes | Only published templates visible | | Manual ticket-based requests | Self-service, instant execution | | Admin bottleneck | Teams run their own automation | | Full credential exposure | Zero credential visibility |

Integration with Other AAP Components

Visual Execution Environment Builder

Templates in the portal run inside execution environments. The visual EE builder (also new in AAP 2.7) lets admins create consistent environments without writing Containerfiles.

Centralized Content Catalog

The content catalog feeds the portal with trusted, validated automation content. Admins curate which collections and roles are available.

RBAC Integration

Organization: ACME Corp
├── Team: RHEL Operations
│   ├── Role: Execute (RHEL templates only)
│   └── Users: ops-user-01, ops-user-02
├── Team: Network Operations
│   ├── Role: Execute (Network templates only)
│   └── Users: net-admin-01
└── Team: Cloud Operations
    ├── Role: Execute (AWS templates only)
    └── Users: cloud-eng-01, cloud-eng-02

See also: Using the AAP 2.6 Self-Service Portal for Network Automation

FAQ

Do domain experts need AAP training?

No. The self-service portal provides a simplified interface with guided forms. Users only see the templates relevant to their role and fill in parameters — no knowledge of playbooks, inventories, or credentials required.

Can I customize the portal appearance?

The portal uses the AAP branding. Customization options depend on the AAP version and deployment type. Check the AAP documentation for current theming capabilities.

Is the portal available in AAP 2.6?

The self-service portal was introduced in earlier versions but is now available for RHEL 9 and RHEL 10 installs as of AAP 2.7 (GA June 3, 2026).

Can users schedule jobs through the portal?

Yes. Depending on the template configuration, users can launch immediately or schedule automation for a specific time.

How does this differ from ServiceNow integration?

The portal is native to AAP — no external ITSM tool needed. For organizations already using ServiceNow, AAP also integrates with ServiceNow's service catalog for ticket-based automation workflows.

Related Articles

Red Hat Ansible Automation Platform 2.7: What's NewRed Hat Summit 2026 HighlightsAnsible Automation Platform Architecture GuideAnsible Automation Platform Single Node

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home