Using Ansible, one can launch AWS EC2, security group, and RDS.

Here at Bobcares, we have seen several such AWS related queries as part of our AWS Support Services for AWS users, and online service providers.

Today we’ll take a look at how to use Ansible to launch AWS EC2 instances, security group, and RDS.

Why do we need Ansible?

Traditionally, system administrators managed servers by hand. They would install software, change configurations, and administer services on individual servers.

As data centers grew, and hosted applications became more complex, administrators couldn’t handle manual systems management as fast as the applications they were enabling. That’s why server provisioning and configuration management tools came into the picture.

As we see above the tedious routine of administering a server where we need to keep updating, pushing changes, copying files on them, and so on. Moreover, these tasks make things very complicated and time-consuming.

But there is a solution for the above problem and that is Ansible.

Ansible is an open-source automation tool used for tasks such as configuration management, application deployment, and provisioning.

Know more about AWS instances, SG and RDS database

AWS instances are virtual environments that are isolated from the underlying base OS.

A security group acts as a virtual firewall for the EC2 instances to control incoming and outgoing traffic.

Amazon Relational Database Service (Amazon RDS) helps to easily set up, operate, and scale a relational database in the cloud.

Cloud formation restricts to only AWS services. However, Ansible provides more than 20 libraries which can do much than AWS resources.

Now let’s see how our Support Engineers launch AWS EC2 instances, security group, and RDS. Before that, we first need to create an IAM user. Also, we would need the AWS Access Key ID and Secret Access Key.

How to create a Security Group in Ansible

The ec2_group module helps in managing security groups in AWS. In order to create a security group we first need to determine the region where we are going to host our services. The region code needs to be passed to the region parameter. We can find a list of region codes on the region page.

In the below example we are creating a security group in “us-east-2” allowing the port 80 with cidr_ip 0.0.0.0/0.

- hosts: localhost
connection: local
gather_facts: false
tasks:
- name: create a security group in us-east-2
ec2_group:
name: dmz
description: an example ec2 group
region: us-east-2
aws_access_key: "AKIAIWJUADQPQB16LCFI"
aws_secret_key: "NCMx885+nNU51sKuprQeZeVsU9arRZc7hAX7Itez"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
register: security_group

We store the output in the variable “security_group“.

Also, we can access the following data using the output variable:

• group_id: Security Group ID (Will use the group_id to assign the instance to it)
• vpc_id: The unique ID of the VPC to which the security group belongs to.
• ip_permissions: the inbound rules assigned to this security group.
• description: of the security group.
• tags: associated tags.
• group_name: name of the security group.
• ip_permissions_egress: outbound rules.
• owner_id: AWS account ID

How to create an AWS EC2 Instance using Ansible

To create EC2 instances, we will make use of the ec2 module. The EC2 module allows us to start, stop, terminate, and stop the instances.

In the example below, we will create a free tier Linux EC2 instance in the us-east-2 region and assign it to the security group that we created earlier.

- name: create ec2 instance
ec2:
aws_access_key: "AKIAIWJUADQPQB16LCFI"
aws_secret_key: "NCMx885+nNU51sKuprQeZeVsU9arRZc7hAX7Itez"
image: ami-caaf84af
wait: yes
instance_type: t2.micro
group_id: security_group.group_id
region: us-east-2
count_tag:
Name: apacheserver
exact_count: 1
register: ec2

How to launch an AWS EC2 Instance with SSD Volume

To select the volume type, we need to use the “volume” option.

– name: create an EC2 instance with SSD volume type
ec2:
key_name: mykey
group: webserver
instance_type: c3.medium
image: ami-123456
wait: yes
wait_timeout: 500
volumes:
– device_name: /dev/xvda
volume_type: gp2 #insert the volume code here
volume_size: 8 #size is in GB
group_id: security_group.group_id
count_tag:
Name: apacheserver
exact_count: 1

How to create a Free tier RDS Database instance in Ansible

In this example, we will launch an RDS instance in us-east-2 with a storage capacity of 20 GB.

– name: create RDS instance
rds:
command: create
region: us-east-2
instance_name: infinityppdatabase
db_engine: MySQL
size: 20 # determines the storage size in GB
instance_type: db.t2.micro
username: mysql_admin
password: 1nsecure
tags:
Environment: testing
Application: cms

[Still, not able to launch AWS EC2 instances, security group, and RDS – We are here to help you.]

Conclusion

Today, we saw how our Support Engineers use Ansible to launch AWS EC2 instances, security group, and RDS