Creating an AWS EC2 Instance using Ansible


sudo apt update
sudo apt-get install tree -y 
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
sudo apt install python3-pip - Python Package Manager
pip3 install awscli 
pip3 install boto boto3

Verify ansible aws module has been installed:

aws --version
> aws-cli/1.18.123 Python/3.8.3 Darwin/18.6.0 botocore/1.17.46

Storing keys with Ansible vault

  1. Use ansible vault to create a .yml file which will store aws access and secret keys
ansible-vault create aws_keys.yml
  1. Once open type in a password then add following:

Note: To save changes in vim type :x and press enter

  1. Once saved, all the content will be encrypted. To verify, type in the following:
cat aws_keys.yml
  1. Create/update the hosts file in variables/hosts to handle our new EC2 instance by adding to the .hosts file:

Building the EC2 Instance

  1. Create a new .yml file called aws_provisioning.yml
- hosts: local
  connection: local
  gather_facts: False
    instance_type: t2.micro
    security_group: Eng67.Anais.Ansible.SG
    image: ami-08617e0e0b2d50721
    keypair: Eng67.Anais.key
    region: eu-west-1b
    count: 1

    - aws_keys.yml

Here is the break down:

  • hosts: limiting the scope of the playbook to the local hosts group
  • connection: Ansible connects to Python boto on the local machine and is used to establish a connection with the AWS API and issue the commands.
  • instance_type: t2.micro free tier
  • security_group: created on AWS
  • image: Specifies the AMI (Amzon Machine Image). AMI's are like templates used to spawn machine instances.
  • keypair: name of the public/private key created on AWS
  • region: region of choice. It is advised to choose a region that is geographically closest to the user, in order to reduce network latency and enhane performance.
  • count: the number of instances you need to launch
  1. Generate ssh keys which will allow us to connect to the EC2 instance
ssh-keygen -t rsa -b 4096 -f ~/.ssh/anais_aws
  1. To run ansible playbook type:
ansible-playbook aws_provisioning.yml --ask-vault-pass --tags create_ec2

2nd iteration

# AWS playbook

- hosts: localhost
  connection: local
  gather_facts: False

    key_name: anais_aws
    region: eu-west-1
    image: ami-0be56cd3f96f13208
    id: "web-app"
    sec_group: "sg-04661fa78d69b3b1d"
    subnet_id: "subnet-0c1038124fe96709a"


    - name: Facts

      - name: Get instances facts
          aws_access_key: "{{ec2_access_key}}"
          aws_secret_key: "{{ec2_secret_key}}"
          region: "{{ region }}"
        register: result

      - name: Instances ID
          msg: "ID: {{ item.instance_id }} - State: {{ }} - Public DNS: {{ item.public_dns_name }}"
        loop: "{{ result.instances }}"

      tags: always

    - name: Provisioning EC2 instances

      - name: Upload public key to AWS
          name: "{{ key_name }}"
          key_material: "{{ lookup('file', '~/.ssh/{{ key_name }}.pub') }}"
          region: "{{ region }}"
          aws_access_key: "{{ec2_access_key}}"
          aws_secret_key: "{{ec2_secret_key}}"

      - name: Provision instance(s)
          aws_access_key: "{{ec2_access_key}}"
          aws_secret_key: "{{ec2_secret_key}}"
          assign_public_ip: true
          key_name: "{{ key_name }}"
          id: "{{ id }}"
          vpc_subnet_id: "{{ subnet_id }}"
          group_id: "{{ sec_group }}"
          image: "{{ image }}"
          instance_type: t2.micro
          region: "{{ region }}"
          wait: true
          count: 1
            Name: Eng67.Anais.Ansible.WebApp

      tags: ['never', 'create_ec2']