So far most of my Ansible blog posts have been deploying or configuring local devices (i.e. normally one of my Raspberry Pis), but the whole idea of Ansible is that it can build whole infrastructures as code (well, YAML files in my incase). The best place to see infrastructure as code is the cloud and in this blog post I am going to look at using Ansible with AWS.
Note: There are other cloud providers available, but I like AWS and currently have some free credit with them.
I have broken my blog post down into headings, so if you do not need to know what I am using, have been using AWS for a while, already have AWS CLI configured etc.. then please feel free to skip those sections.
What I Am Using
I’m going to be running Ansible on my trusty Raspberry Pi 4 running Raspberry Pi OS (32-bit). However, this project should be able to be completed on any device capable of running:
- Python 3
- AWS CLI
- Boto / Boto 3
For anyone following along I’m going to assume you already have an AWS account, if not then head over to aws.amazon.com and you can sign up for one. I am going to assume that you have some AWS knowledge, e.g. that you can already create EC2 instances from within the AWS Management Console web pages.
I would recommend creating a new user in your AWS account for this project i.e. please do not use your AWS root account. The new user does not need Management Console access, needs to use CLI/SDK access (it will generate an access key and secret access key – keep both safe) and the user should be limited to EC2 permissions (e.g. creating EC2 instances).
Make a note of the key-pair you want to use with your EC2 instances (EC2 pages>Key Pairs), if you do not already have one then please create one and keep the private key file somewhere very safe.
If you do not have a preferred security group set up, then please create one (EC2 pages>Security Groups). The Security Group defines what can access resources within it.
Also please make a note of the region you use AWS within.
- Do not use the AWS root account
- You need the access key and secret access key of the user you are going to use
- You need the private key file and key name so that you can later SSH into the instance
- Note your region and security group name
Installations (Local Device)
With the AWS bits out of the way, it’s time to look at what is needed on the local device (e.g. the device you are going to run the commands from). I’m running these on the Pi (Linux) if you are using a different operating system make sure to use an equivalent command.
Can be installed using sudo apt install python3
Check its installed using python3 --version
Can be installed using pip3 install ansible, if you don’t have pip3 try sudo apt install pip3 first
Check its installed using ansible --version
- Boto / Boto3
Can be installed using pip3 install boto boto3
- AWS CLI
The AWS pages give some options for this but it failed on my Pi (using the ARM options). So I used sudo apt-get install awscli
Check its installed using aws --version
Configuration (Local Device)
The AWS CLI requires some configuration. Type:
and then prepare to enter:
AWS Access Key ID
AWS Secret Access Key
Default region name
Default output format
The default regions can be found at: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html and my preferred output type is json.
The Ansible modules will automatically read this configuration so that it does not need to be saved in variables or as text in the playbooks. Just make sure the AWS config has been configured for the user running the Ansible commands/playbooks.
Creating An EC2 Instance (Ansible Playbook)
With all the above in place the Ansible ec2 module can be used to create an EC2 instance.
The playbook for this can be found on my GitHub at: https://github.com/geektechdude/AWS_Ansible_Playbooks , it’s called “create_ec2_instance_basic.yml”
--- - hosts: localhost tasks: - name: Create AWS EC2 Instance ec2: key_name: keyname_here instance_type: t2.micro image: ami-032598fcc7e9d1c7a wait: yes group: default count: 1 region: eu-west-2
key_name is the key_pair name of the SSH key to use with the instance.
instance_type is the type of EC2 instance that is to be created. AWS maintains a list of the instance types at https://aws.amazon.com/ec2/instance-types/
image is the Amazon Machine Image reference that is to be created. In my example I’ve used an AWS Linux2 AMI.
wait tells Ansible to wait for brief period of time before proceeding, to give AWS time to create the EC2 instance.
group is the name of the security group that the EC2 instance will attach to. In my example I’ve used my security group called default.
count is how many instances of this type to create.
region is the region to create the instances in.