Skip to content

willfarrell/ansible-playbook-aws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

docs/aws_policies

docs/aws_policies

 
 

group_vars/all

group_vars/all

 
 

host_vars/localhost

host_vars/localhost

 
 

library

library

 
 

roles

roles

 
 

.gitignore

.gitignore

 
 

AWS.graffle

AWS.graffle

 
 

README.md

README.md

 
 

ansible.cfg

ansible.cfg

 
 

hosts

hosts

 
 

playbook.yml

playbook.yml

 
 

requirements.yml

requirements.yml

 
 

run

run

 
 

Repository files navigation

ansible-playbook-aws

Requirements

  • ansible >= 2.3
  • AWS Account w/ IAM access

Setup

# 2017-04
brew install python
sudo -H pip install --upgrade ansible
sudo -H pip install --ignore-installed six	# fix bug with boto
sudo -H pip install --ignore-installed python-dateutil	# fix bug with botocore
sudo -H pip install --upgrade botocore boto boto3 passlib
sudo -H pip install --upgrade --user awscli

# bashrc
export PYTHONPATH=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
export PATH=~/Library/Python/2.7/bin:$PATH

# Other deps
# mysql_*
sudo -H pip install --upgrade MySQL-python

Set org_id

Keep it lowercase.

  • ./run
  • ./playbook.yml

IAM Policies

These step will allow you to create the necessary policies for all required ansible commands. Repeat each for all files in docs/aws_policies.

  1. Click Policies
  2. Click Create Policy
  3. Find Create Your Own Policy
  4. Click Select.
  5. Field Policy Name: Enter something like ansible_{{file_name}}.
  6. Field Policy Document: Paste contents of {{file_name}} into field.
  7. Click Create Policy.

IAM Group

  1. Click Groups
  2. Click Create New Group.
  3. Enter ansible.
  4. Click Next Step.
  5. Select all ansible_* policies (created above).
  6. Click Next Step.
  7. Click Create Group.

Also attach AdministratorAccess.

IAM User

  1. Click Users
  2. Click Add user.
  3. Field User name: Enter ansible.
  4. Check Programmatic access.
  5. Click Next: Permissions.
  6. Select group ansible (created above).
  7. Click Next: Review.
  8. Click Create user.
  9. Save Access key ID and Secret access key to localhost.
  10. Click Close.

Setup secrets

  1. Create ~/.vault_password_{{ org_id }} with the contents being a long random password.

  2. Create group_vars/all/secrets.yml.

---

## AWS ##
# IAM Access key
aws_access_key: ''
aws_secret_key: ''

# RDS
db_password: ''
  1. Encrypt secrets. ansible-vault encrypt group_vars/all/secrets.yml --vault-password-file ~/.vault_password

Run

./run

1. AWS VPC

  • Setup localhost AWS profile
  • Scaffold VPC networking
  • Setup AWS private ssh key

TODO

  • Enable IPv6
  • BUG NAT deploys failed
  • Double check route table has working nat and matches
  • BUG DNS 8.8.8.8 not reachable from private subnet
  • Add delete on termination to ec2 volumes
  • Encrypted RDS not supported in ansible + boto - boto/boto#3027

Security

AWS

TODO

  • docker swarm
  • elastic-cloud ansible
  • jenkins ansible

About

ansible playbook to setup minimal VPC, EC2, ELB, RDS

Topics

aws ansible

Resources

Readme
Activity

Stars

24 stars

Watchers

5 watching

Forks

32 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages