How to do sudo with Ansible

Now I have the following content in my test.yaml playbook. I want Ansible to write a file under /etc directory.

- name: My playbook
  hosts: test
  tasks:
     - name: Leaving a mark
       command: "touch /etc/foo"

When I execute it like the following, I get an error.

ansible-playbook-3 test.yaml
fatal: [ansibletest.westcentralus.cloudapp.azure.com]: FAILED! => {"changed": true, "cmd": ["touch", "/etc/foo"], "delta": "0:00:00.003802", "end": "2022-01-01 02:53:01.519156", "msg": "non-zero return code", "rc": 1, "start": "2022-01-01 02:53:01.515354", "stderr": "touch: cannot touch '/etc/foo': Permission denied", "stderr_lines": ["touch: cannot touch '/etc/foo': Permission denied"], "stdout": "", "stdout_lines": []}

Obviously, azureuser does not have permission to write out the file, so how do we do sudo in Ansible?

You just have to pass --become parameter to do sudo in Ansible.

ansible-playbook-3 test.yaml --become
PLAY [My playbook] *******************************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************
ok: [ansibletest.westcentralus.cloudapp.azure.com]

TASK [Leaving a mark] ****************************************************************************************************************************
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command because file is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [ansibletest.westcentralus.cloudapp.azure.com]

PLAY RECAP ***************************************************************************************************************************************
ansibletest.westcentralus.cloudapp.azure.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

After executing it, I checked the file and it was created.