AWS Infrastructure Creation with Ansible Part-1

In this series of posts, we’ll create the Infrastructure over AWS using Ansible. For the first part of this series, we’ll create the VPC, the basic building block, because everything like Security Group, EC2 instance, RDS Instance, ELB etc will create inside the VPC.

Requirement to use these roles:

- Ansible v2.0
- boto
- AWS admin access

Specifically, these are the versions of mentioned software that I am using for this series:


Ansible uses python-boto library to call AWS API, and boto needs AWS credentials in order to perform all the functions. There are many ways to configure your AWS credentials. The easiest way is to crate a .boto file under your user home directory:

Then add the following:

aws_access_key_id = <your_access_key_here>
aws_secret_access_key = <your_secret_key_here>

If you don’t know how to get the AWS Security Credentials, then please read this.

After doing/verifying all the above things, download this Repository from the GitHub:

git clone
cd ansible-aws-roles

In this tutorial we are going to create VPC,Subnets, Routing Table and then write the desired information to the file inside the desired location. In short, vpc role will perform the following tasks:

  • Create the VPC with internet gateway
  • Create the Subnets(public and private) inside the VPC
    2 Public Subnets
    2 Private Subnets
  • Routing Table for the Public Subnets that point all the outgoing traffic to igw.
  • Write the VPC and Subnet Information to the desired file for future use.

To use the role, just include it in playbook, I have added a aws.yml playbook in the github repo:

Review/modify the variable file, see roles/vpc/defaults/main.yml:

These are the variables that you want to change:

 - AWS region, where you want to create 
 - VPC name
 - CIDR range 
 - Availability zones for Public & Private Subnets

There are two way to modify the variables:
1 – Edit the provided defaults/main.yml file
2 – Provide variables as extra, please read this for more information

There are different ways to externalise variables within Ansible, but variables files are the cleanest solution. To externalise our existing variables, create directory(in my case it is secret_vars) inside the playbook directory and create file (I named it secret.yml) inside that directory and add the following:

This file must keep in secret place and encrypt with ansible vault.

Note: If you see the defaults/main.yml file, I have used the uppercase for all the variables that can/need to be supply/overwrite externally.

Here is the updated list of all the AWS regions for reference:


Once you are all set with the variables, then run this command:

ansible-playbook -i inventory/hosts aws.yml -e@secret_vars/secret.yml


 After successful completion of playbook, we have another yaml file inside the secret_vars directory with the vpc name(in my case, it’s rbgeek-dev.yml) that has the following contents:

We’ll use this file later for creating resources(Security Groups,ELB, EC2, RDS etc) inside this VPC.

Login to the AWS Web Console and verify the resources:



routing table


Extra Info: I have written a simple filter plugin to find the Public and Private subnet ids.

  • Public subnet ids are used in this role to create the routing table
  • Private subnet ids will be used in RDS role to create DB Subnet Group

Enjoy :-)

Hope this will help you!

Please Remember me in your prayers!

In next post, we’ll create the EC2 Key Pair and Security Groups.

7 responses to “AWS Infrastructure Creation with Ansible Part-1

  1. Pingback: AWS Infrastructure Creation with Ansible Part-2 | Lazy Geek -:)

  2. Pingback: AWS Infrastructure Creation with Ansible Part-3 | Lazy Geek -:)

  3. Pingback: AWS Infrastructure Creation with Ansible Part-4 | Lazy Geek -:)

  4. Adjoa June 9, 2016 at 12:39 am

    Hi, I tried using your playbook to create a vpc, but I kept getting a ‘You are not authorized to perform this operation.’ error. What could I be missing?

  5. December 9, 2016 at 4:19 am

    Thanks for publishing this awesome article. I’m a long time reader but I’ve never been compelled to
    leave a comment. I saved your blog in my rss feed and shared it on my Twitter.
    Thanks again for this great article!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: