Skip to main content

Managing AWS with Ansible

Course

Intro Video

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

I have been working with technology in some way or another ever since my high school days. After attaining my bachelor’s degree in computer science, I spent over a decade in IT working on anything from fixing printers to engineering enterprise IT systems. I now have the privilege of sharing my expertise as a Linux Training Architect for Linux Academy. When I am not sitting behind a terminal, I like going on holiday and spending time with my family.

Length

04:41:42

Difficulty

Intermediate

Videos

37

Hands-on Labs

6

Course Details

Ansible is a powerful tool for automating deployments. With a simple SSH connection, it is possible to automate many systems administration and deployment tasks. But, when we leverage the Ansible AWS modules, we can take our automation to the next level.

Managing AWS with Ansible is a course that shows how we can use the AWS Ansible modules to dynamically provision cloud infrastructure, all from our Ansible control node. We'll discuss many key modules, and also look at how we can bring the modules together to deploy full environments in the AWS cloud!

Interactive Diagram: https://interactive.linuxacademy.com/diagrams/ManagingAWSwithAnsible.html

Syllabus

Course Introduction

Getting Started

Course Introduction

00:01:46

Lesson Description:

Welcome to the Managing AWS with Ansible deep dive course. This video will give a general idea of what we will be covering.

About the Training Architect

00:00:35

Lesson Description:

Get to know the Training Architect for this course!

A Word on Prerequisites

00:04:01

Lesson Description:

In order to make the most of your time on Linux Academy, we want to be sure you have what you need when starting a new course. This lesson talks about what knowledge level is expected for those who wish to take this course.

Course Features and Tools

00:03:27

Lesson Description:

In this video, we discuss some of the resources that are avialable with this course, to help you make the most of it!

AWS Free Tier: Usage Tracking and Billing Widget

00:03:56

Lesson Description:

This is just a quick note on keeping track of AWS spending.

Essential Configuration

Ansible Configuration

Using AWS Free Tier for Practice

00:03:04

Lesson Description:

Before we get too deep into configuration, it is important to be aware of the fact that using AWS can incur significant costs. Presuming you have a new AWS account, you can manage to interact with most of the elements we will cover without accruing any charges. See https://aws.amazon.com/free/ for the latest on what is included in AWS Free Tier. Remember too that Linux Academy offers a cloud playground, which gives you access to a sandbox AWS environment, and is included as part of your Linux Academy subscription! See Real Environment Hands-on Labs for more details!

Ansible Configurations

00:05:47

Lesson Description:

Using AWS modules successfully requires some minor setup. In this lesson, we'll look at the configurations that turn a standard Ansible control node into an AWS-friendly control node. We will cover the installation of the Boto dependencies, and some essentials for AWS module success.

Inventory Considerations

00:04:58

Lesson Description:

Most of our plays will target localhost for AWS console configuration. But it is important to consider an inventory approach that will be best suited to your anticipated use of Ansible with AWS. After a quick refresher on inventories, we'll discuss where to get started if you are interested in using a dynamic inventory for AWS hosts management.

Accessing the AWS Console with Ansible

Configuring EC2 SSH Access for Ansible

00:04:57

Lesson Description:

The focus of this course is about managing your AWS environment with Ansible, which will include a number of EC2 instances. As discussed earlier, a number of Ansible plays will target the control host in order to interact with the AWS console. However, it is also useful to manage your EC2 instances directly by using Ansible. This lesson demonstrates configuring your inventory and connecting to an established EC2 instance.

Working with `ssh-agent`

00:04:36

Lesson Description:

It is conceivable that there may be more than one key pair associated with instances in a given AWS environment. If you need to use an authentication key pair that does not belong to your ansible user, you may use ssh-agent to start a new Bash shell, and then add the key pair for the new shell's session. This lesson demonstrates how we do it!

Understanding AWS Console Access

00:04:08

Lesson Description:

In this lesson, we look at AWS Console access. Most of what we will examine in the web console will be used for configuring our Ansible IAM user, and to verify the actions of our playbooks, whether they are creating new EC2 instances or manipulating certain properties of existing ones.

Configuring IAM Users for Ansble

00:04:27

Lesson Description:

Before we can really get to work with Ansible, we need to take a quick look at how to create a new IAM user with the AWS Web Console. We demonstrate how this is done in this lesson.

Configuring IAM Access Keys

00:10:27

Lesson Description:

The AWS modules handle the intricacies of communicating with AWS. But starting that communication requires that you provide a means of logging into AWS with Ansible. This is done by providing an Access Key as well as a Secret Key. In this lesson, we explore how to do this in an Ansible playbook.

Understanding IAM Permissions with Regard to Ansible

00:07:24

Lesson Description:

Any IAM user starts with no permissions to affect any service. Part of user creation allows for permission assignment. You may assign permissions to an IAM account when it's created, or later, so long as you are using another account with appropriate IAM permissions. We take a look at IAM policies that you may use as you work on the content throughout this course.

Securing Keys with Ansible Vault

00:04:39

Lesson Description:

Even when we restrict the permissions applied to our ansible user, having the login credentials fall into the wrong hands can lead to many undesirable effects. A bad actor who can log into your AWS environment might spin up numerous instances for a bot net or some kind of compute intensive operation, which can end up running up an astronomical AWS bill on your account. In this lesson, we look at how we can better secure our access keys with ansible-vault.

Key Modules

EC2 Modules

Provisioning EC2 Instances

00:11:42

Lesson Description:

Using Ansible with the EC2 module can take your automation a step further! Instead of just orchestrating software deployment and performing configuration management, all new stacks may be provisioned using Ansible. Ansible is able to create all new compute nodes using the ec2 module, and then it can customize each node with the more traditional Ansible modules such as template, lineinfile, and package!

Working with the EC2 Module

00:02:10

Lesson Description:

Besides provisioning new instances, the EC2 module is also capable of starting, stopping, and deleting them. In this lesson, we look at some more examples of how we can use the EC2 module with Ansible.

Gathering Facts on EC2 Instances

00:06:19

Lesson Description:

One of Ansible's core strengths is the ability to maintain system runtime information through facts. When working with AWS, Ansible can generate facts for various aspects of AWS using specific modules. In this lesson, we will look at how we can collect EC2 instance facts from the AWS console.

EC2 Facts from Metadata

00:07:06

Lesson Description:

It is possible to access the AWS metadata from a particular EC2 instance with Ansible. The ec2_metadata_facts module can do this, however you must execute the module on the EC2 instance as opposed to Ansible control node. This is unlike many of the AWS modules. We take a look at it in this lesson.

Working with AMIs

00:06:35

Lesson Description:

We can create new AMIs within our playbooks by using the ec2_ami module. In this lesson, we explore the module and some possible use cases. See https://linuxacademy.com/cp/courses/lesson/course/4489/lesson/5/module/366 for the noted lesson on how to authenticate to AWS via Ansible.

Working with AMI Facts

00:05:25

Lesson Description:

The AMI facts module works much like the EC2 facts module whereby it gathers information on the noted object.

Working with EC2 Key Pairs

00:04:56

Lesson Description:

Ansible and EC2 instances have at least one thing in common: they both work best with key authentication. We go over a way to create AWS key pairs using Ansible in this lesson.

Managing CloudWatch Metric Alarms

00:07:02

Lesson Description:

With AMIs, Key pairs, and EC2 instance creation all covered, it is time to think about monitoring with CloudWatch. While we will not be going deep into all that is possible with AWS CloudWatch, we will briefly cover the ec2_metric_alarm module in Ansible.

Working with EC2 Volumes

00:08:11

Lesson Description:

If you need to add additional EBS volumes to your EC2 instance, or manipulate existing EBS volumes, you can do it with the ec2_vol module in Ansible. You will see you how in this lesson.

Working with Volume Snapshots in EC2

00:07:15

Lesson Description:

EBS volumes have a handy feature that allows us the ability to snapshot a volume and make a point-in-time copy of it. We can achieve this in Ansible using the ec2_snapshot module which is covered in this lesson.

Creating and Removing EC2 Tags

00:04:38

Lesson Description:

Several of the modules we have looked at have had the ability to assign tags on creation. However, there is a module that allows us to better control tags for a given EC2 object. Learn more in this lesson.

Working with VPCs

Working with EC2 VPC Security Groups

00:04:07

Lesson Description:

Part of managing EC2 instances is dealing with VPC security groups. Security group rule sets can be created and managed using ec2_group. We look at how to craft new groups and rule sets using Ansible in this lesson.

Configuring a VPC

00:02:51

Lesson Description:

The primary module for creating a new VPC is ec2_vpc_net. There are also modules for VPC subnets, VPC internet gateways, VPC NAT gateways, and VPC route tables. In short, we can interact with the VPC service with Ansible similarly to the EC2 service. Granted, the use case for spinning up an entire VPC is a bit more narrow than EC2 instances — the modules are certainly worth their salt. In this lesson, we also offer a brief demonstration of creating a simple VPC.

Facts for VPCs

00:07:26

Lesson Description:

For each VPC module, there is a corresponding facts module. We will cover the core ec2_vpc_net_facts here, as well as look at how we can use Ansible facts to key into other AWS resource facts.

S3 Modules

Working with S3 Objects

00:06:47

Lesson Description:

While working with AWS means mainly working with EC2, there are other components of the cloud — including storage in the form of AWS S3. We can work with S3 using the aws_s3 module. Here, we provide a demonstration of how we can use Ansible to create and interact with AWS S3.

IAM Modules

Managing IAM Users and Groups

00:04:24

Lesson Description:

IAM accounts are a necessary construct of AWS, and Ansible allows us to manage a lot of IAM aspects via a single module called iam. However, we also have the iam_group and iam_role modules that provide specific functionality for groups and roles, respectively. Here, we take a look at working with IAM users and groups using Ansible.

Working with IAM Roles

00:03:11

Lesson Description:

While we can do some basic role creation using iam_role, there is another module geared specifically for role creation: iam_role. In this lesson, we look at creating a new role from a policy file using Ansible.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Bringing It All Togther

Use Case: A Web Server Image Creation Process

Planning High-Level Steps

00:04:31

Lesson Description:

Ansible is reasonably well known for its ability to orchestrate complex deployments. Now that we have covered using Ansible with key AWS functionality, we can not only use Ansible for software deployment and configuration management, but we can actually deploy infrastructure in the cloud! In this lesson, we look at breaking down a goal into smaller tasks as we prepare to build a playbook to do it.

Understanding Key Tasks

00:10:41

Lesson Description:

After developing a list of steps in the previous lesson, we will now see how those steps become Ansible tasks. In the process, we review several key Ansible AWS modules.

Role Design

00:05:47

Lesson Description:

Having all of our tasks defined is most of the work. When it comes to putting the proverbial pen to paper, we need to simply lay the tasks out in an appropriately organized set of task files. This can be accomplished using roles to varying degrees. We cover a couple example approaches in this lesson.

Course Conclusion

Final Steps

Course Conclusion

00:00:39

Lesson Description:

A wrap-up of the course. Thanks for joining us!

What's Next?

00:01:26

Lesson Description:

Here are some courses you may consider now that you have completed this one.

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial