What's New in Event-Driven Ansible: AAP 2.6 and 2.7 Features

Event-Driven Ansible (EDA) in AAP 2.6 and 2.7 brings major improvements to event processing, security, and partner integrations. Here's the complete breakdown.

Event Bus Support Improvements

• New Azure event bus — just released for Azure Event Grid/Service Bus integration • New AWS event bus — available for Amazon EventBridge • In-flight rulebook event persistence — provides increased rulebook resiliency; events survive controller restarts

See also: Enhanced Kafka Integration for Event-Driven Ansible in AAP 2.6

EDA Automation Creation

Project Synchronization

• Allow resync option on restarts — projects can re-sync from source control automatically

Rulebook Enhancements

• Additional Jinja filters to replace regular expressions, offering more flexibility in event matching • Better condition matching without complex regex patterns

Operational Updates

• Streamlined ansible.eda content collection • Updated decision environments with latest dependencies

Secrets Management Support

EDA now integrates with external secrets managers: • HashiCorp Vault • CyberArk • AWS Secrets Manager • Azure Key Vault • And others

Credentials used in rulebook activations can be fetched dynamically from these providers.

See also: Event-Driven Ansible Enhancements in AAP 2.6 — What's New

Enhanced Design and Control for EDA Projects

| Feature | Description | |---|---| | Editable project Source Control URLs | Change SCM URLs without recreating projects | | EDA job labeling | More efficient tracing and auditability | | Kafka: Multiple topics | Subscribe to multiple Kafka topics per rulebook | | Kafka: Extended regex and wildcards | Pattern-match topic names | | New event-splitter | Handle nested events in a single webhook payload | | Rulebook concurrency key | Group events by resource to prevent race conditions | | mTLS support | Mutual TLS for secure event source connections | | Pull policy parity | Decision environments follow the same pull policies as execution environments |

Kafka Enhancements

# Multiple topics with wildcard matching
- name: Monitor infrastructure events
  hosts: all
  sources:
    - ansible.eda.kafka:
        host: kafka.example.com
        port: 9093
        topic: "infra-.*"
        group_id: eda-consumer
        security_protocol: SSL
        ssl_cafile: /certs/ca.pem
        ssl_certfile: /certs/client.pem
        ssl_keyfile: /certs/client-key.pem
  rules:
    - name: Handle server alerts
      condition: event.payload.severity == "critical"
      action:
        run_job_template:
          name: "Auto-Remediate"
          organization: "IT Ops"

See also: Ansible Solution Guides: AIOps Partner Walkthroughs for Splunk, ServiceNow, Instana, and EDB

mTLS Configuration

# Secure webhook source with mTLS
- name: Secure event ingestion
  hosts: all
  sources:
    - ansible.eda.webhook:
        host: 0.0.0.0
        port: 5000
        certfile: /certs/server.pem
        keyfile: /certs/server-key.pem
        cafile: /certs/ca.pem
        verify_client: true

New EDA-Related Ansible Content Collections

Splunk: Full Support

• Splunk Enterprise Security — incident workflows • Splunk IT Service Intelligence (ITSI) — predictive anomaly detection with EDA • Splunk Enterprise — Universal Forwarder lifecycle management • Cisco Open Telemetry Collector — open telemetry for Splunk

Microsoft and Cloud

• Microsoft System Center Operations Manager (SCOM) — Azure and Windows monitoring with EDA alert routing • Amazon.ai — DevOps Guru support for EDA event sources

Example: Splunk ITSI → EDA → Auto-Remediation

- name: Splunk ITSI closed-loop remediation
  hosts: all
  sources:
    - ansible.eda.webhook:
        host: 0.0.0.0
        port: 5000
  rules:
    - name: ITSI notable event - high CPU
      condition: >
        event.payload.source == "splunk_itsi" and
        event.payload.severity >= 4
      action:
        run_job_template:
          name: "Remediate High CPU"
          organization: "IT Operations"
          job_args:
            extra_vars:
              target_host: "{{ event.payload.host }}"
              alert_id: "{{ event.payload.notable_event_id }}"

FAQ

What is the event bus in EDA?

The event bus is a message broker layer between event sources and the EDA controller. Azure Event Grid and AWS EventBridge are now supported alongside Kafka.

Does mTLS work with all event sources?

mTLS is supported for webhook-based event sources. Kafka sources use their own SSL/TLS configuration via security_protocol.

Can I use multiple secrets managers simultaneously?

Yes. Different rulebook activations can reference different credential types backed by different secrets providers.

What changed in decision environments?

Decision environments now follow the same container pull policies as execution environments, and include the streamlined ansible.eda collection.

Related Articles

• Red Hat Ansible Automation Platform 2.7: What's New • Ansible AI-Driven Automation Architecture • New Ansible Content Collections 2026 • Red Hat Summit 2026 Highlights