In this series of posts, we’ll create the Infrastructure over AWS using Ansible. For the first part of this series, we’ll create the VPC, the basic building block, because everything like Security Group, EC2 instance, RDS Instance, ELB etc will create inside the VPC.
Requirement to use these roles:
- Ansible v2.0
- AWS admin access
Specifically, these are the versions of mentioned software that I am using for this series:
Ansible uses python-boto library to call AWS API, and boto needs AWS credentials in order to perform all the functions. There are many ways to configure your AWS credentials. The easiest way is to crate a .boto file under your user home directory:
Then add the following:
aws_access_key_id = <your_access_key_here>
aws_secret_access_key = <your_secret_key_here>
If you don’t know how to get the AWS Security Credentials, then please read this.
After doing/verifying all the above things, download this Repository from the GitHub:
git clone https://github.com/arbabnazar/ansible-aws-roles.git
In this tutorial we are going to create VPC,Subnets, Routing Table and then write the desired information to the file inside the desired location. In short, vpc role will perform the following tasks:
- Create the VPC with internet gateway
- Create the Subnets(public and private) inside the VPC
2 Public Subnets
2 Private Subnets
- Routing Table for the Public Subnets that point all the outgoing traffic to igw.
- Write the VPC and Subnet Information to the desired file for future use.
To use the role, just include it in playbook, I have added a aws.yml playbook in the github repo:
Review/modify the variable file, see roles/vpc/defaults/main.yml:
These are the variables that you want to change:
- AWS region, where you want to create
- VPC name
- CIDR range
- Availability zones for Public & Private Subnets
There are two way to modify the variables:
1 – Edit the provided defaults/main.yml file
2 – Provide variables as extra, please read this for more information
There are different ways to externalise variables within Ansible, but variables files are the cleanest solution. To externalise our existing variables, create directory(in my case it is secret_vars) inside the playbook directory and create file (I named it secret.yml) inside that directory and add the following:
This file must keep in secret place and encrypt with ansible vault.
Note: If you see the defaults/main.yml file, I have used the uppercase for all the variables that can/need to be supply/overwrite externally.
Here is the updated list of all the AWS regions for reference:
Once you are all set with the variables, then run this command:
ansible-playbook -i inventory/hosts aws.yml -e@secret_vars/secret.yml
After successful completion of playbook, we have another yaml file inside the secret_vars directory with the vpc name(in my case, it’s rbgeek-dev.yml) that has the following contents:
We’ll use this file later for creating resources(Security Groups,ELB, EC2, RDS etc) inside this VPC.
Login to the AWS Web Console and verify the resources:
Extra Info: I have written a simple filter plugin to find the Public and Private subnet ids.
- Public subnet ids are used in this role to create the routing table
- Private subnet ids will be used in RDS role to create DB Subnet Group
Hope this will help you!
Please Remember me in your prayers!
In next post, we’ll create the EC2 Key Pair and Security Groups.