Managing AWS with Ansible
Course Development Director in Content
Ansible is a powerful tool for automating deployments. With a simple SSH connection, it is possible to automate many systems administration and deployment tasks. But, when we leverage the Ansible AWS modules, we can take our automation to the next level.
Managing AWS with Ansible is a course that shows how we can use the AWS Ansible modules to dynamically provision cloud infrastructure, all from our Ansible control node. We'll discuss many key modules, and also look at how we can bring the modules together to deploy full environments in the AWS cloud!
Interactive Diagram: https://interactive.linuxacademy.com/diagrams/ManagingAWSwithAnsible.html
Welcome to the Managing AWS with Ansible deep dive course. This video will give a general idea of what we will be covering.
About the Training Architect
Get to know the Training Architect for this course!
A Word on Prerequisites
In order to make the most of your time on Linux Academy, we want to be sure you have what you need when starting a new course. This lesson talks about what knowledge level is expected for those who wish to take this course.
Course Features and Tools
In this video, we discuss some of the resources that are avialable with this course, to help you make the most of it!
AWS Free Tier: Usage Tracking and Billing Widget
This is just a quick note on keeping track of AWS spending.
Using AWS Free Tier for Practice
Before we get too deep into configuration, it is important to be aware of the fact that using AWS can incur significant costs. Presuming you have a new AWS account, you can manage to interact with most of the elements we will cover without accruing any charges. See https://aws.amazon.com/free/ for the latest on what is included in AWS Free Tier. Remember too that Linux Academy offers a cloud playground, which gives you access to a sandbox AWS environment, and is included as part of your Linux Academy subscription! See Real Environment Hands-on Labs for more details!
Using AWS modules successfully requires some minor setup. In this lesson, we'll look at the configurations that turn a standard Ansible control node into an AWS-friendly control node. We will cover the installation of the Boto dependencies, and some essentials for AWS module success.
Most of our plays will target localhost for AWS console configuration. But it is important to consider an inventory approach that will be best suited to your anticipated use of Ansible with AWS. After a quick refresher on inventories, we'll discuss where to get started if you are interested in using a dynamic inventory for AWS hosts management.
Accessing the AWS Console with Ansible
Configuring EC2 SSH Access for Ansible
The focus of this course is about managing your AWS environment with Ansible, which will include a number of EC2 instances. As discussed earlier, a number of Ansible plays will target the control host in order to interact with the AWS console. However, it is also useful to manage your EC2 instances directly by using Ansible. This lesson demonstrates configuring your inventory and connecting to an established EC2 instance.
Working with `ssh-agent`
It is conceivable that there may be more than one key pair associated with instances in a given AWS environment. If you need to use an authentication key pair that does not belong to your ansible user, you may use ssh-agent to start a new Bash shell, and then add the key pair for the new shell's session. This lesson demonstrates how we do it!
Understanding AWS Console Access
In this lesson, we look at AWS Console access. Most of what we will examine in the web console will be used for configuring our Ansible IAM user, and to verify the actions of our playbooks, whether they are creating new EC2 instances or manipulating certain properties of existing ones.
Configuring IAM Users for Ansble
Before we can really get to work with Ansible, we need to take a quick look at how to create a new IAM user with the AWS Web Console. We demonstrate how this is done in this lesson.
Configuring IAM Access Keys
The AWS modules handle the intricacies of communicating with AWS. But starting that communication requires that you provide a means of logging into AWS with Ansible. This is done by providing an Access Key as well as a Secret Key. In this lesson, we explore how to do this in an Ansible playbook.
Understanding IAM Permissions with Regard to Ansible
Any IAM user starts with no permissions to affect any service. Part of user creation allows for permission assignment. You may assign permissions to an IAM account when it's created, or later, so long as you are using another account with appropriate IAM permissions. We take a look at IAM policies that you may use as you work on the content throughout this course.
Securing Keys with Ansible Vault
Even when we restrict the permissions applied to our ansible user, having the login credentials fall into the wrong hands can lead to many undesirable effects. A bad actor who can log into your AWS environment might spin up numerous instances for a bot net or some kind of compute intensive operation, which can end up running up an astronomical AWS bill on your account. In this lesson, we look at how we can better secure our access keys with ansible-vault.
Provisioning EC2 Instances
Using Ansible with the EC2 module can take your automation a step further! Instead of just orchestrating software deployment and performing configuration management, all new stacks may be provisioned using Ansible. Ansible is able to create all new compute nodes using the ec2 module, and then it can customize each node with the more traditional Ansible modules such as template, lineinfile, and package!
Working with the EC2 Module
Besides provisioning new instances, the EC2 module is also capable of starting, stopping, and deleting them. In this lesson, we look at some more examples of how we can use the EC2 module with Ansible.
Gathering Facts on EC2 Instances
One of Ansible's core strengths is the ability to maintain system runtime information through facts. When working with AWS, Ansible can generate facts for various aspects of AWS using specific modules. In this lesson, we will look at how we can collect EC2 instance facts from the AWS console.
EC2 Facts from Metadata
It is possible to access the AWS metadata from a particular EC2 instance with Ansible. The ec2_metadata_facts module can do this, however you must execute the module on the EC2 instance as opposed to Ansible control node. This is unlike many of the AWS modules. We take a look at it in this lesson.
Working with AMIs
We can create new AMIs within our playbooks by using the ec2_ami module. In this lesson, we explore the module and some possible use cases. See https://linuxacademy.com/cp/courses/lesson/course/4489/lesson/5/module/366 for the noted lesson on how to authenticate to AWS via Ansible.
Working with AMI Facts
The AMI facts module works much like the EC2 facts module whereby it gathers information on the noted object.
Working with EC2 Key Pairs
Ansible and EC2 instances have at least one thing in common: they both work best with key authentication. We go over a way to create AWS key pairs using Ansible in this lesson.
Managing CloudWatch Metric Alarms
With AMIs, Key pairs, and EC2 instance creation all covered, it is time to think about monitoring with CloudWatch. While we will not be going deep into all that is possible with AWS CloudWatch, we will briefly cover the ec2_metric_alarm module in Ansible.
Working with EC2 Volumes
If you need to add additional EBS volumes to your EC2 instance, or manipulate existing EBS volumes, you can do it with the ec2_vol module in Ansible. You will see you how in this lesson.
Working with Volume Snapshots in EC2
EBS volumes have a handy feature that allows us the ability to snapshot a volume and make a point-in-time copy of it. We can achieve this in Ansible using the ec2_snapshot module which is covered in this lesson.
Creating and Removing EC2 Tags
Several of the modules we have looked at have had the ability to assign tags on creation. However, there is a module that allows us to better control tags for a given EC2 object. Learn more in this lesson.
Working with VPCs
Working with EC2 VPC Security Groups
Part of managing EC2 instances is dealing with VPC security groups. Security group rule sets can be created and managed using ec2_group. We look at how to craft new groups and rule sets using Ansible in this lesson.
Configuring a VPC
The primary module for creating a new VPC is ec2_vpc_net. There are also modules for VPC subnets, VPC internet gateways, VPC NAT gateways, and VPC route tables. In short, we can interact with the VPC service with Ansible similarly to the EC2 service. Granted, the use case for spinning up an entire VPC is a bit more narrow than EC2 instances — the modules are certainly worth their salt. In this lesson, we also offer a brief demonstration of creating a simple VPC.
Facts for VPCs
For each VPC module, there is a corresponding facts module. We will cover the core ec2_vpc_net_facts here, as well as look at how we can use Ansible facts to key into other AWS resource facts.
Working with S3 Objects
While working with AWS means mainly working with EC2, there are other components of the cloud — including storage in the form of AWS S3. We can work with S3 using the aws_s3 module. Here, we provide a demonstration of how we can use Ansible to create and interact with AWS S3.
Managing IAM Users and Groups
IAM accounts are a necessary construct of AWS, and Ansible allows us to manage a lot of IAM aspects via a single module called iam. However, we also have the iam_group and iam_role modules that provide specific functionality for groups and roles, respectively. Here, we take a look at working with IAM users and groups using Ansible.
Working with IAM Roles
While we can do some basic role creation using iam_role, there is another module geared specifically for role creation: iam_role. In this lesson, we look at creating a new role from a policy file using Ansible.
Bringing It All Togther
Use Case: A Web Server Image Creation Process
Planning High-Level Steps
Ansible is reasonably well known for its ability to orchestrate complex deployments. Now that we have covered using Ansible with key AWS functionality, we can not only use Ansible for software deployment and configuration management, but we can actually deploy infrastructure in the cloud! In this lesson, we look at breaking down a goal into smaller tasks as we prepare to build a playbook to do it.
Understanding Key Tasks
After developing a list of steps in the previous lesson, we will now see how those steps become Ansible tasks. In the process, we review several key Ansible AWS modules.
Having all of our tasks defined is most of the work. When it comes to putting the proverbial pen to paper, we need to simply lay the tasks out in an appropriately organized set of task files. This can be accomplished using roles to varying degrees. We cover a couple example approaches in this lesson.
A wrap-up of the course. Thanks for joining us!
Here are some courses you may consider now that you have completed this one.