In this section, we will learn how to provision AWS resources locally. We will use the Ansible AWS Collection to provision the AWS resources. We will create the following AWS resources:

Prerequisites

In order to provision AWS resources, we need to have an AWS account. If you don’t have an AWS account, please visit the official AWS website and create an account.

If you are also using Ubuntu WSL just like I am, there are some packages we need to install. So, before we can install the AWS CLI, we need to be able to extract or unzip the downloaded file. So, let’s install the unzip package. To install the unzip package, run the following command:

Copy to Clipboard

After that, we can download and install the AWS CLI. To download the AWS CLI, run the following command:

Copy to Clipboard

And then, we can verify the installation by running the following command:

Copy to Clipboard

Now that we have the AWS CLI installed, we need to configure it with our AWS account. To configure the AWS CLI, run the following command:

Copy to Clipboard

There you will be prompted to enter the AWS Access Key ID, AWS Secret Access Key, default region name, and default output format. You can get the AWS Access Key ID and AWS Secret Access Key from the AWS account. You can set the default region name to the region where you want to provision the AWS resources. You can set the default output format to json.

After configuring the AWS CLI, we need to install the Ansible on our machine. We can install Ansible on Ubuntu by running the following command:

Copy to Clipboard

Ansible is using Python3 to run its tasks. So, keep in mind that Python3 will be installed as well.

We can verify the installation by running the following command:

Copy to Clipboard

The amazon.aws collection is already included if you installed it using apt. So, we don’t need to install it separately. We can verify that by running the following command:

Copy to Clipboard

However, if it is not yet installed, we can install it by running the following command:

Copy to Clipboard

Provisioning AWS Resources

Now that we have our prerequisites in place, we can dive into the process of provisioning AWS resources using Ansible and the AWS Collection.

Writing Ansible Playbooks

Ansible playbooks are at the heart of automation with Ansible. They allow you to define the desired state of your infrastructure and use Ansible’s declarative language to describe what should be done. In our case, we’ll create a playbook to provision the AWS resources we mentioned earlier.

Create a new file, let’s call it provision.yml, and let’s start by specifying the basic structure of an Ansible playbook:

Copy to Clipboard

In this playbook, we’ve named it “Provision AWS Resources,” specified that we’re targeting the localhost as the host, and turned off fact gathering since we won’t need it for this example. We are using the localhost as the host because Ansible will use the AWS CLI we have installed and configured earlier.

Creating the VPC

Let’s begin by creating the Virtual Private Cloud (VPC):

Copy to Clipboard

In this task, we are using the ec2_vpc_net module to create a VPC. We are specifying the name of the VPC, the CIDR block, the region, and the tags. We are also registering the output of the task in the vpc_net variable. So we can take the VPC ID from the vpc_net variable and use it in the next task.

Creating the Subnet

Now, let’s add the task to create a subnet:

Copy to Clipboard

In this task, we are using the ec2_vpc_subnet module to create a subnet. We are specifying the VPC ID, the CIDR block, and the tags. We are also registering the output of the task in the etcd_subnet variable. So we can take the Subnet ID from the etcd_subnet variable and use it in the next task.

Creating the Internet Gateway

Next, let’s add the task to create an internet gateway, so that the EC2 instance can access and be accessed from the internet:

Copy to Clipboard

In this task, we are using the ec2_vpc_igw module to create an internet gateway. We are specifying the VPC ID and the tags. We are also registering the output of the task in the etcd_igw variable. So we can take the Internet Gateway ID from the etcd_igw variable and use it in the next task.

Creating the Route Table

Now, let’s add the task to create a route table:

Copy to Clipboard

In this task, we are using the ec2_vpc_route_table module to create a route table. We are specifying the VPC ID, the tags, the subnet ID, and the internet gateway ID so that the route table is associated with the internet gateway.

Creating the Security Group

Next, let’s add the task to create a security group:

Copy to Clipboard

In this task, we are using the ec2_group module to create a security group. We are specifying the name of the security group, the description, the VPC ID, the region, the rules, and the tags. We are allowing the etcd client port (2379) and the etcd peer port (2380) from the CIDR block of the VPC so that the etcd cluster can communicate with each other. We are also allowing the ssh port (22) from any IP address so that we can ssh into the EC2 instance. The output of the task is registered in the etcd_sg variable. So we can take the Security Group ID from the etcd_sg variable and use it in the next task.

Creating the EC2 Key Pair

Now, let’s add the task to create an EC2 key pair:

Copy to Clipboard

We are using the ec2_key module to create an EC2 key pair. We are specifying the name of the key pair, the public key, and the tags. Keep in mind that we have to create a key pair locally (e.g. with ssh-keygen) and then use the public key in the key_material parameter. The output of the task is registered in the key_pair variable. So we can take the Key Pair ID from the key_pair variable and use it in the next task.

Launching the EC2 Instance

Finally, let’s add the task to create an EC2 instance:

Copy to Clipboard

In this task, we are using the ec2_instance module to create an EC2 instance. We are specifying the instance type, the image ID, the count, the region, the network, the security group, the subnet ID, the key pair name, and the tags.

Running the Playbook

Now that we’ve written our playbook, we can run it using the following command:

Copy to Clipboard

If everything goes well, you should see the following output:

Copy to Clipboard

You can also verify that the AWS resources are created by logging into the AWS console.

Wrapping Up

Congratulations! You’ve now learned how to provision various AWS resources using Ansible and the AWS Collection. With this playbook as a starting point, you can extend and customize it to fit your specific use case. Automation through Ansible enables you to easily replicate your infrastructure while maintaining consistency and reliability.

In this blog post, we’ve covered the basics of provisioning AWS resources using Ansible and the AWS Collection. We discussed the prerequisites, wrote Ansible tasks to create VPCs, subnets, internet gateways, route tables, security groups, EC2 key pairs, and launched EC2 instances. By combining the power of Ansible’s automation with AWS’s robust infrastructure, you’re now well-equipped to manage and deploy resources efficiently in the cloud.

Stay tuned for the next blog post in this series as we dive deeper into Ansible and the AWS Collection. If you paid close attention to one of the tasks, you might have noticed what we’re going to cover next! (It’s the Security Group task :P)

Farouq Abdurrahman

Farouq Abdurrahman ist Praktikant bei der Proventa AG und studiert Informatik. Sein Schwerpunkt liegt auf Cloud Computing. Er hat großes Interesse an der Digitalen Transformation und Cloud Computing. Aktuell beschäftigt er sich mit PostgreSQL Datenbanken in der Cloud.