This repository hosts the aws.infrastructure_config_demos Ansible Collection.

The collection includes a variety of Ansible roles and playbook to help automate the management of resources on AWS.

This content was developed as part of the Ansible Content Lab for Cloud Content, a program from the Ansible team to help incubate Ansible cloud use cases from ideation to collections and roles.

Click on the role name to be directed to the README specifically for that role.

The aws.infrastructure_config_demos.create_vm and aws.infrastructure_config_demos.delete_vm playbooks demonstrate how you can construct automation to deploy AWS resources that have dependencies on others. The more complex networking roles and playbooks automate building all of the resources, but these playbooks assume that you have existing infrastructure (VPCs, security groups, SSH keys, etc.) that you want to leverage to deploy the EC2 instance. The command below shows how you can use Ansible Navigator to deploy the instance with variables being set both in var files and directly in the CLI.

ansible-navigator run playbooks/create_vm.yml \
--pae false \
--mode stdout \
--ee true \
--eei quay.io/scottharwell/cloud-ee \
--extra-vars "@playbooks/vars/create_vm.yml" \
--extra-vars "aws_region=eu-central-1" \
--extra-vars "vm_ami=ami-0e7e134863fac4946" \
--extra-vars "vpc_subnet_id=subnet-0e5c2afbb..." \
--extra-vars "security_group_id=sg-08814ac6..." \
--extra-vars "ssh_key_name=my_key" \
--eev $HOME/.ssh:/home/runner/.ssh \
--penv AWS_ACCESS_KEY \
--penv AWS_SECRET_ACCESS_KEY

The aws.infrastructure_config_demos.create_peer_network and aws.infrastructure_config_demos.create_transit_network playbooks have another tasks block that will attempt to configure the EC2 resources deployed by the roles a bit farther. When the role completes, EC2 instances in the DMZ will still need to be configured with SSH configuration in order to communicate with EC2 instances in the private network(s).

To connect to the DMZ EC2 instance, the ansible_ssh_private_key_file variable needs to be set so that the machine running the playbook can connect to the newly created EC2 instance. You may set this variable in any way that Ansible allows, i.e. extra var, host var, etc. It must be set or the configuration step will be skipped. The ansible_ssh_user variable is set automatically to the user ec2-user that is standard on AWS AMIs.

When the following variables are set, then the playbook will also configure the DMZ EC2 instance with the SSH config and a private key to communicate with each other. This leaves the deployment in an immediately accessible state.

# These variables determine if there is an attempt to configure the DMZ VM to connect to other VMs.
priv_network_ssh_key_name: aws-test-key # The name of the AWS SSH key used to configure EC2 instances on the private network
ansible_ssh_private_key_file_local_path: ~/.ssh/aws-test-key.pem # Must exist locally or be mapped in an EE
ansible_ssh_private_key_file_dest_path: ~/.ssh/aws-test-key.pem # This will be the destination for the private key
priv_network_hosts_pattern: 10.* # Will use the same username and ssh key for any host on the 10.* network
priv_network_ssh_user: ec2-user # Will likely always be `ec2-user`, but set here as an option

Before using the this collection, you need to install it with the Ansible Galaxy CLI:

ansible-galaxy collection install git+https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git
    type: git
    version: main

This repo includes a configuration file for ansible-lint to be run as a git pre-commit hook. To install the hook, run pre-commit install from the root directory of this repo once you have the pre-commit utility installed on your machine.

GNU General Public License v3.0 or later

See LICENCE to see the full text.