Apparently installing sudo is less of a risk but we also put support into consideration, since sudo for AIX considered open source software and will not be officially supported by IBM, which required by my organization.
Went through
one of the article sourced from AIX working group, the become plugin was recommended, which is a tool leverage on privilege escalation command (sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | machinectl).
So now it leave us with 2 options:
1. as our vendor proposed, to enable root login through SSH with no password, and authenticate with keys;
2. To rely on Ansible become plugin with become method su (since sudo is not an option).
With that I would like to seek advice on which will be the better in terms of security. Not sure whether this becomes an opinion based question and a bit out of topic though, but I appreciate any input.
Thanks!