AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible Automation Platform MCP Server: Now Generally Available in AAP 2.7

By Luca Berton · Published 2026-06-29 · Category: troubleshooting

MCP server for AAP is now GA in 2.7. Learn what's new: standalone container deployment, EE support, and AWS/Azure integration patterns.

The MCP (Model Context Protocol) server for Red Hat Ansible Automation Platform has moved from Technology Preview to General Availability in AAP 2.7, released June 3, 2026. This is one of the most significant AI integration milestones in AAP's history — AI agents can now manage Ansible Automation Platform resources in a production-supported manner.

What Is the MCP Server?

The MCP server exposes Ansible Automation Platform's capabilities through the Model Context Protocol, an open standard that lets AI assistants (Claude, Copilot, and others) interact with external tools. When an AI model connects to the AAP MCP server, it can:

  • Query job templates, inventories, and credentials
  • Launch automation jobs on demand
  • Retrieve job status and output
  • Troubleshoot failed runs using job logs
  • Navigate the content catalog for collections and roles
This enables natural language operations: instead of navigating the AAP web UI or writing API calls, you describe what you want and the AI executes it through the MCP server.

See also: Ansible MCP Server: AI-Driven Automation with Model Context Protocol (Complete Guide)

What Changed: Tech Preview to GA

The GA release in AAP 2.7 brings several concrete improvements over the Tech Preview version:

Extended Red Hat Maintained Content

Red Hat's own content use cases are now accessible via the MCP plugin, covering Red Hat certified collections and the Ansible Automation Platform documentation.

MCP Servers Inside Execution Environments

You can now include MCP servers inside Execution Environments (EEs), enabling air-gapped and disconnected deployments where the MCP server travels with the automation content:

# execution-environment.yml
version: 3
dependencies:
  galaxy:
    collections:
      - name: ansible.platform
      - name: amazon.aws
  python:
    - aap-mcp-server>=1.0

additional_build_steps:
  append_final:
    - RUN aap-mcp-register --collection ansible.platform
    - RUN aap-mcp-register --collection amazon.aws

Standalone Container Deployment

A knowledgebase now covers running the AAP MCP server as a standalone container — useful for teams that want to expose AAP automation capabilities without deploying a full AAP instance:

# Pull the MCP server container
podman pull registry.redhat.io/ansible-automation-platform/aap-mcp-server-rhel9:latest

# Run with AAP connection
podman run -d \
  --name aap-mcp-server \
  -p 8080:8080 \
  -e AAP_HOST=https://aap.example.com \
  -e AAP_TOKEN="${AAP_TOKEN}" \
  registry.redhat.io/ansible-automation-platform/aap-mcp-server-rhel9:latest

Reference Integration Patterns (Dev Preview)

Red Hat ships example integrations as Developer Preview (unsupported samples) demonstrating common integration patterns:

  • AWS integration — launch EC2 provisioning playbooks, query AWS inventory, manage cloud automation jobs
  • Azure integration — automate Azure resource groups via natural language, trigger AzureCLI-backed automation
  • GitHub integration — trigger AAP jobs on pull request events, report automation results back to GitHub PRs
These are intentionally unsupported starting points that teams adapt for production use.

Connecting the MCP Server to Your AI Assistant

VS Code with GitHub Copilot or Claude

Add the AAP MCP server to your .vscode/mcp.json:

{
  "servers": {
    "ansible-aap": {
      "type": "http",
      "url": "http://localhost:8080/mcp",
      "headers": {
        "Authorization": "Bearer ${env:AAP_MCP_TOKEN}"
      }
    }
  }
}

Once configured, your AI assistant can answer questions like:

  • "Show me all job templates tagged with 'production'"
  • "What's the status of the last patching workflow run?"
  • "Launch the database backup job for the us-east region"
  • "Why did the web deployment job fail yesterday?"

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "ansible-aap": {
      "command": "aap-mcp-server",
      "args": ["--host", "https://aap.example.com", "--token-env", "AAP_TOKEN"]
    }
  }
}

See also: What Is MCP in Red Hat Ansible Automation Platform? Model Context Protocol Explained

AWS Integration Example (Dev Preview)

The AWS reference integration connects the MCP server to amazon.aws collection workflows:

# aws-provision-workflow.yml — triggered via MCP
- name: Provision web tier on AWS
  hosts: localhost
  connection: local
  tasks:
    - name: Launch web server instances
      amazon.aws.ec2_instance:
        name: "{{ instance_name }}"
        instance_type: t3.medium
        image_id: ami-0c55b159cbfafe1f0
        security_groups:
          - web-sg
        wait: true
      register: ec2

    - name: Add to dynamic inventory
      ansible.builtin.add_host:
        name: "{{ ec2.instances[0].public_ip_address }}"
        groups: new_web_servers

With the MCP server, an AI agent can trigger this workflow with: "Provision a new web server in us-east-1 named web-prod-07" — no manual form-filling required.

Azure Integration Example (Dev Preview)

# azure-resource-group.yml — triggered via MCP
- name: Create Azure resource group
  hosts: localhost
  connection: local
  tasks:
    - name: Create resource group
      azure.azcollection.azure_rm_resourcegroup:
        name: "{{ rg_name }}"
        location: eastus
        tags:
          environment: "{{ environment }}"
          managed_by: ansible-aap-mcp

An AI agent receives the natural language request "Create a production resource group in East US", extracts the parameters, and triggers this job template via the MCP server.

See also: Red Hat Ansible Automation Platform 2.7: What's New — Features, AI, and Security Enhancements

Security Considerations

The MCP server respects all AAP RBAC settings. The token used to authenticate the MCP server determines what resources the AI agent can see and operate:

  • Use a service account with minimal permissions for your MCP server token
  • Scope the service account to only the job templates and inventories the AI should access
  • Audit logs in AAP record all operations launched via the MCP server, attributing them to the service account
# ansible.platform: create a restricted MCP service account
- name: Create MCP service account role
  ansible.platform.role_definition:
    name: "MCP Agent - Read and Execute"
    permissions:
      - view_jobtemplate
      - execute_jobtemplate
      - view_inventory
      - view_job
    content_type: jobtemplate
    state: present

- name: Create MCP user
  ansible.platform.user:
    username: mcp-service-account
    password: "{{ vault_mcp_password }}"
    is_system_auditor: false
    state: present

- name: Bind role to MCP user
  ansible.platform.role_user_assignment:
    role_definition: "MCP Agent - Read and Execute"
    user: mcp-service-account
    object_ids:
      - "production-patching"
      - "db-backup-workflow"
    state: present

FAQ

Does the MCP server require Ansible Lightspeed?

No. The MCP server and Ansible Lightspeed are separate features. The MCP server connects any MCP-compatible AI client to AAP; Lightspeed is an AI assistant specifically for writing Ansible content. They complement each other but are independent.

Is the MCP server available on all AAP deployment types?

The GA MCP server supports containerized and operator-based AAP deployments. The standalone container variant works with any AAP 2.7 instance accessible over HTTPS.

Can the AI agent make destructive changes?

Only if the MCP server's service account has the permissions to do so. By scoping the service account role to execute_jobtemplate and view_* permissions, you prevent the AI from deleting resources, modifying credentials, or running ad-hoc commands.

Are the AWS/Azure/GitHub examples production-ready?

No. Red Hat ships them as Developer Preview — unsupported samples for teams to study the integration patterns. Build your own production implementation based on these examples and your organization's security requirements.

Upgrade from Tech Preview

If you were already using the MCP server in Tech Preview:

  1. Update the MCP server container image to the GA tag: aap-mcp-server-rhel9:2.7
  2. Review the aap-mcp-register command — the plugin registration API stabilized in GA
  3. Test existing AI workflows; the MCP tool schema is backwards-compatible with the TP version
  4. Update your service account permissions to align with the new role_definition module

Conclusion

The MCP server GA in AAP 2.7 marks a production-ready bridge between AI assistants and Ansible Automation Platform. Whether you're running it alongside a full AAP deployment or as a standalone container for lighter integrations, it opens the door to natural language automation management in enterprise environments.

Category: troubleshooting

Browse all Ansible tutorials · AnsiblePilot Home