Provision an AWS VPC using Ansible

- By Manisha Sahasrabudhe on May 18, 2018

This tutorial explains how to manually provision a AWS Virtual Private Cloud(VPC) using Ansible. Before you start, you should be familiar with the following concepts:

The best way to get started is to install ansible and run playbooks manually on your local machine to provision a VM. The first section of this tutorial explains how to do that. However, manual execution isn't the best and most efficient way to run ansible playbooks, so we will take a look at the challenges and learn how to automate this workflow with a step-by-step tutorial.


Step-by-step instructions

Follow the steps below in order to provision your EC2 machine.


Step 1: Prep your machine

You can run your ansible scripts manually on your local machine to provision a VPC. This is the best way to get started with this task.

  • Execute the following commands to set up your AWS credentials as environment variables. The playbook will need these at runtime.
    $ export AWS_ACCESS_KEY_ID=<replace your key>
    $ export AWS_SECRET_ACCESS_KEY=<replace your secret>


Step 2: Prepare Ansible playbook

  • Ansible uses a convention for folder structure that looks something like this:

    • ansible.cfg holds configuration info
    • inventory has the inventory of artifacts
    • variables.yml has the vars that you need for your scripts to make it more reusable
    • vpc_prov_playbook.yml is the playbook which has a list of tasks to execute
├── ansible.cfg
├── inventory
├── variables.yml
├── vpc_prov_playbook.yml
  • It is important to note the following:
    • vpc_prov_playbook.yml scripts have some wildcards, which ansible replaces by reading values from variables.yml.
    • Since we want to create a reusable playbook, we have not hardcoded values in variables.ymlbut left it up to the user to replace these when needed. This will be done in a later step, just before running the playbook.
  • Replace the wildcards in variables.yml with your desired values: ${vpc_region} ${vpc_name} ${vpc_cidr_block} ${vpc_access_from_ip_range} ${vpc_public_subnet_1_cidr}


Step 3: Run your playbook!

  • Execute the following command to run the ansible playbook from the directory that contains the playbook.

$ ansible-playbook -v vpc_prov_playbook.yml

  • Verify on AWS that the VPC was created successfully.


Challenges with running Ansible playbooks manually

While manual execution is great while getting started, you'll run into some challenges if you continue doing this manually.

  • Reduced Reusability: The vpc_prov_playbook.yml is a reusable playbook, i.e. it has wildcards for settings like region, name, and CIDR blocks. This means that as long as you inject the right values using variables.yml, the playbook can be used to provision multiple VPCs. However, this also means that you need to be very careful to use the right variables.yml each time, and the number of these files will multiply over time. This defeats the reusability of your playbook. The right way to do this is to have a programmatic way to inject the right values based on context.
  • Security concerns: The machine you will use to run your playbook needs to be authenticated to the AWS account. If you now want to provision using different credentials, you'll need to keep switching accounts, or use different machines. The machines also need to be secure since your AWS credentials will be accessible on the machine unless you clean up after every execution.

In a nutshell, if you want to achieve frictionless execution of Ansible playbooks with modular, reusable playbooks, you need to templatize your playbooks and automate the workflow used to execute them.

Automated provisioning of AWS EC2 VMs using Ansible 

To show you how to automate the provisioning of your AWS infrastructure, we have designed a step by step tutorial in our documentation:

Automate provisioning of AWS VPC using Ansible

If you want a live demo of the Shippable platform and watch this scenario in action, schedule a demo with us:

Schedule a demo

Topics: devops, AWS, infrastructure, ansible