> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AWX

> Connect Ansible AWX to CloudThinker to launch job templates, monitor jobs, manage inventories, and orchestrate automation workflows

Connect your Ansible AWX server to enable CloudThinker agents to launch job templates, monitor jobs, manage inventories and hosts, sync projects, and orchestrate automation workflows.

<Info>
  Requires a self-hosted AWX or Ansible Automation Platform (Controller / Tower) instance reachable from CloudThinker. Authentication uses an AWX access token.
</Info>

***

## Supported Platforms

| Platform                        | Support                      |
| ------------------------------- | ---------------------------- |
| **AWX**                         | Open-source, recent releases |
| **Ansible Automation Platform** | Controller / Tower           |

***

## Setup

<Steps>
  <Step title="Sign in to AWX">
    Sign in to your AWX web interface. Use a dedicated user scoped to only the organizations and inventories CloudThinker needs.
  </Step>

  <Step title="Create a Token">
    Go to **Access → Users**, open your user, select the **Tokens** tab, and click **Add**:

    * **Application**: leave empty
    * **Scope**: **Write** for full operations, or **Read** for monitoring only

    Copy the token — AWX shows it only once.
  </Step>

  <Step title="Add Connection in CloudThinker">
    Navigate to **Connections → AWX** and enter:

    * **TOWER\_HOST**: your AWX address, e.g. `https://awx.your-domain.com`
    * **TOWER\_OAUTH\_TOKEN**: the token from the previous step
  </Step>
</Steps>

***

## Agent Capabilities

What an agent can do depends on the token's scope. A **Read** token covers the monitoring and inspection actions below; a **Write** token adds the operational actions on top.

**Read — monitoring & inspection:**

* **Monitor jobs** — list jobs and workflow runs, check status, and read output
* **Inspect inventories** — view inventories, hosts, and groups; spot unreachable or disabled hosts
* **Check project status** — review sync status and source-control state
* **Review schedules** — list schedules and upcoming runs
* **Inspect configuration** — view job templates, workflow templates, inventory sources, and credential types

**Write — adds operations:**

* **Launch jobs** — run job templates with extra variables and monitor them to completion
* **Run ad-hoc commands** — execute one-off `command`/`shell` modules against hosts without a template
* **Control running jobs** — cancel in-flight jobs and relaunch failed ones
* **Sync projects & inventory** — pull project updates from source control and refresh dynamic inventory
* **Manage hosts, groups & schedules** — add, update, or remove them and toggle host enablement
* **Orchestrate workflows** — launch and monitor workflow job templates, and approve or deny approval nodes

Administrative resources (organizations, teams, users, and RBAC) are out of scope for agent operations.

### Example Prompts

```bash theme={null}
@kai list all failed jobs in the last 24 hours and show their output
@kai launch the deploy-production job template with version=2.1.0 and monitor it
@kai relaunch the last failed run of the patch-servers template
@alex run an ad-hoc uptime command across the web-servers inventory
@alex list all inventories and flag any unreachable hosts
@alex check all projects for sync failures and update the stale ones
@alex show me the upcoming schedules for the nightly-backup workflow
```

***

## Troubleshooting

<Accordion title="Connection or authentication failed">
  * Verify the AWX URL is reachable from CloudThinker over HTTPS
  * Confirm the token has not expired or been revoked
</Accordion>

<Accordion title="Permission denied">
  * Use a **Write**-scoped token for launch, sync, or management actions
  * Confirm the user has access to the target organization or inventory
</Accordion>

<Accordion title="Empty results">
  * The token's user may lack visibility — grant access to the relevant organizations and inventories
</Accordion>

***

## Security Best Practices

* **Dedicated user** - Create a dedicated AWX user for CloudThinker
* **Least privilege** - Use a Read-scoped token when write access isn't needed
* **Token rotation** - Set an expiration and rotate tokens periodically
* **HTTPS only** - Always use an HTTPS AWX URL

***

## Related

<CardGroup cols={2}>
  <Card title="ArgoCD Connection" icon="https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/argocd.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=34c7a30ed3772de41da3c56cb43396b3" href="/guide/connections/argocd" width="24" height="24" data-path="images/icons/argocd.svg">
    GitOps operations and application management
  </Card>

  <Card title="Jenkins Connection" icon="https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/jenkins.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=871f9df2f5553b663f1b5c33f11bf5da" href="/guide/connections/jenkins" width="24" height="24" data-path="images/icons/jenkins.svg">
    CI/CD pipeline monitoring and job operations
  </Card>
</CardGroup>