Over a million developers have joined DZone.

Provision an AWS APC using Ansible

DZone's Guide to

Provision an AWS APC using Ansible

Learn how to provision a VM instance of AWS manually using an Ansible playbook, and the challenges of doing so.

· Cloud Zone ·
Free Resource

Learn how to migrate and modernize stateless applications and run them in a Kubernetes cluster.

This tutorial explains how to manually provision an AWS Virtual Private Cloud (VPC) using Ansible. Before you start, you should be familiar with the following concepts:

The best way to get started is to install Ansible and run playbooks manually on your local machine to provision a VM. The first section of this tutorial explains how to do that. However, manual execution isn't the best and most efficient way to run Ansible playbooks, so we will take a look at the challenges and learn how to automate this workflow with a step-by-step tutorial.

Follow the steps below in order to provision your EC2 machine.

Step 1: Prep Your Machine

You can run your Ansible scripts manually on your local machine to provision a VPC. This is the best way to get started with this task.

  • Have your security credentials handy to authenticate to your AWS Account. Refer to the AWS Credentials documentation.
  • Execute the following commands to set up your AWS credentials as environment variables. The playbook will need these at runtime.
    $ export AWS_ACCESS_KEY_ID=<replace your key>
    $ export AWS_SECRET_ACCESS_KEY=<replace your secret>
  • Install Ansible based on the OS of the machine from which you plan to execute the scripts. Refer to the Ansible Installation guide.

Step 2: Prepare Ansible Playbook

Ansible uses a convention for folder structure that looks something like this:

  • ansible.cfg holds configuration info
  • inventory has the inventory of artifacts
  • variables.yml has the vars that you need for your scripts to make it more reusable
  • vpc_prov_playbook.yml is the playbook which has a list of tasks to execute
├── ansible.cfg
├── inventory
├── variables.yml
├── vpc_prov_playbook.yml

If you do not have your own ansible playbook, please feel free to clone our sample playbook here.

In our scenario, the important files are:

  • vpc_prov_playbook.yml, which is the playbook config containing tasks should be run as part of this playbook.
  • variables.yml, which contains wildcard settings for the playbook.

It is important to note the following:

  • vpc_prov_playbook.yml scripts have some wildcards, which ansible replaces by reading values from variables.yml.
  • Since we want to create a reusable playbook, we have not hardcoded values in variables.yml but left it up to the user to replace these when needed. This will be done in a later step, just before running the playbook.
  • Replace the wildcards in variables.yml with your desired values: ${vpc_region} ${vpc_name} ${vpc_cidr_block} ${vpc_access_from_ip_range} ${vpc_public_subnet_1_cidr}

Step 3: Run Your Playbook!

  • Execute the following command to run the Ansible playbook from the directory that contains the playbook.
$ ansible-playbook -v vpc_prov_playbook.yml

  • Verify on AWS that the VPC was created successfully.

Challenges with Running Ansible Playbooks Manually

While manual execution is great while getting started, you'll run into some challenges if you continue doing this manually.

Reduced Reusability

The vpc_prov_playbook.yml is a reusable playbook, i.e. it has wildcards for settings like region, name, and CIDR blocks. This means that as long as you inject the right values using variables.yml, the playbook can be used to provision multiple VPCs. However, this also means that you need to be very careful to use the right variables.yml each time, and the number of these files will multiply over time. This defeats the reusability of your playbook. The right way to do this is to have a programmatic way to inject the right values based on context.

Security Concerns

 The machine you will use to run your playbook needs to be authenticated to the AWS account. If you now want to provision using different credentials, you'll need to keep switching accounts, or use different machines. The machines also need to be secure since your AWS credentials will be accessible on the machine unless you clean up after every execution.

In a nutshell, if you want to achieve frictionless execution of Ansible playbooks with modular, reusable playbooks, you need to templatize your playbooks and automate the workflow used to execute them.

Automated Provisioning of AWS EC2 VMs using Ansible 

To show you how to automate the provisioning of your AWS infrastructure, we have designed a step by step tutorial in our documentation.

Join us in exploring application and infrastructure changes required for running scalable, observable, and portable apps on Kubernetes.

cloud ,ansible ,ansible playbook ,amazon ,aws ,provision aws ,automation

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}