Ansible for AWS A simple way to provision and manage your Amazon Cloud infrastructure Yan Kurniawan Thisbookisforsaleathttp://leanpub.com/ansible-for-aws Thisversionwaspublishedon2016-08-25 ThisisaLeanpubbook.LeanpubempowersauthorsandpublisherswiththeLeanPublishing process.LeanPublishingistheactofpublishinganin-progressebookusinglightweighttoolsand manyiterationstogetreaderfeedback,pivotuntilyouhavetherightbookandbuildtractiononce youdo. ©2014-2016YanKurniawan Tweet This Book! PleasehelpYanKurniawanbyspreadingthewordaboutthisbookonTwitter! Thesuggestedhashtagforthisbookis#ansible4aws. Findoutwhatotherpeoplearesayingaboutthebookbyclickingonthislinktosearchforthis hashtagonTwitter: https://twitter.com/search?q=#ansible4aws tomywife-whoneverthoughtIwouldwriteabook tomychildren-whoarestilllearningtowrite Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i Whatthisbookcovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Whothisbookisfor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Whatyouneedforthisbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii ExampleCodeFiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv Chapter1:GettingStartedwithAWS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 WhatisAmazonWebServices(AWS)? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SettingUpYourAWSAccount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 AWSManagementConsole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 CreateYourFirstEC2Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 ConnecttoYourInstance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 TerminateYourInstance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Chapter2:GettingStartedwithAnsible . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 WhatYou’llNeed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 InstallingAnsible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 SSHKeys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 YourFirstCommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Playbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 YourFirstPlaybook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 RolesandIncludeStatements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Chapter6:VPCProvisioningwithAnsible . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 TheDefaultVPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 GettingStartedwithVPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 VPCProvisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 VPCSecurityGroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 EC2-VPCProvisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 NATInstance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Multi-AZDeployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 AnsibleinVPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 CONTENTS OpenVPNServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 GettingVPCandSubnetID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Preface Since the CFEngine¹ project by Mark Burgess began in 1993, configuration management tools have been revolutionizing IT operations. Followed by the emergence of Puppet² and Chef³, which later gain more popularity, there are now many choices available to do IT automation. The new generationofconfigurationmanagementtoolscanbuildserversinsecondsandautomateyourentire infrastructure. Ansible⁴,firstreleasedin2012,isoneofthenewertoolsintheITautomationspace.Whileothertools likePuppetandCheffocusedoncompletenessandconfigurability,Ansiblefocusedonsimplicityand lowlearningcurve,withoutsacrificingsecurityandreliability. Amazon Web Services (AWS) began offering IT infrastructure services to businesses in 2006, in the formofwebservices–nowcommonlyknownascloudcomputing.Oneofthekeybenefitsofcloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable coststhatscalewithyourbusiness.WiththeCloud,businessesnolongerneedtoplanforandprocure serversandotherITinfrastructureweeksormonthsinadvance.Instead,theycaninstantlyspinup hundredsorthousandsofserversinminutesanddeliverresultsfaster.⁵ This book will show you how to use Ansible’s cloud modules to easily provision and manage AWS resourcesincludingEC2,VPC,RDS,S3,ELB,AutoScaling,IAMandRoute53.Thisbooktakesyou beyond the basics of Ansible, showing you real-world examples of AWS infrastructure automation andmanagementusingAnsible,withdetailedsteps,completecodes,andscreencapturesfromAWS console. The example projects will help you grasp the concepts quickly. From a single WordPress site, to a highlyavailableandscalableWordPresssite,Ansiblewillhelpyouautomatealltasks. ¹https://cfengine.com ²https://puppetlabs.com ³http://www.getchef.com ⁴http://www.ansible.com ⁵http://aws.amazon.com/about-aws Preface ii What this book covers You’ll find the following chapters in this book: Chapter 1, Getting Started with AWS, shows you how to sign up for AWS (Amazon Web Services), setupyouraccount,getfamiliarwithAWSconsole,createyourfirstAmazonEC2(ElasticCompute Cloud)instance,andconnecttoyourEC2instanceusingSSH. Chapter2,GettingStartedwithAnsible,teachesyouthebasicsofAnsible,howtobuildaninventory, howtousemodules,andcreateAnsibleplaybookstomanageyourhosts. Chapter 3, EC2 Provisioning and Configuration Management with Ansible, teaches you how to use Ansible playbook to configure and launch EC2 instances, and use dynamic inventory to manage EC2instances. Chapter4,Project1-AWordPressSitegivesyouanexampleprojecttoprovisionasimpleWordPress siteinAWScloud. Chapter5,Route53ManagementwithAnsible teachesyouhowtocreateanddeleteDomainName System(DNS)recordsinAmazonRoute53DNSwebserviceusingAnsible. Chapter6,VPCProvisioningwithAnsible,delvesdeeperintoAWScloudinfrastructureandteaches youhowtouseAnsibletocreateandmanageVirtualPrivateCloud(VPC),VPCsubnets,VPCrouting tables, and VPC Security Groups, also how to use Ansible to launch EC2 instances in VPC subnet andattachVPCsecuritygroupstotheinstances. Chapter 7, RDS Provisioning with Ansible, teaches you how to use Ansible to provision Amazon RelationalDatabaseService(RDS),replicateRDSdatabase,takesnapshot,andrestorebackup. Chapter 8, S3 Management with Ansible, teaches you how to manage files in an Amazon Simple StorageService(S3)bucketusingAnsible. Chapter 9, Using AWS CLI with Ansible shows you how to use AWS CLI to extend Ansible functionalityinAWSenvironment. Chapter 10, Project 2 - A Multi-Tier WordPress Site, an example project to build a highly available andscalableWordPresssite. Chapter11,AmazonMachineImages(AMI),teachesyouhowtocreateAMIfromanEC2instance. Chapter12,AutoScalingandElasticLoadBalancing(ELB),introducesyoutoElasticLoadBalancing andAutoScaling. Chapter 13, ELB and Auto Scaling with Ansible, teaches you how to use Ansible to provision ELB andAutoScalingGroups. Chapter14,IdentityandAccessManagement(IAM),showsyouhowtouseAnsibletomanageIAM users,groups,rolesandkeys. Preface iii Who this book is for ThebookassumesthatthereaderhasalittleexperienceofLinuxsystemsadministration,including familiarity with the command line, file system, and text editing. It is expected that the reader has basicknowledgeofAmazonWebServicesandalittleexperienceofAnsibleusage. What you need for this book To run the examples in this book, you will need a computer with Linux operating system and an Internetconnection.TousetheservicesinAmazonWebServices,youwillneedtosetupanaccount andregisteryourcreditcardwithAmazon. Conventions In this book, you will find a number of styles of text that distinguish between different kinds of information.Herearesomeexamplesofthesestyles,andanexplanationoftheirmeaning. Code words in text are shown as follow: “We can include other contexts through the use of the includedirective.” Ablockofcodeissetasfollows: 1 [group] 2 host1 3 host2 4 host3 Anycommand-lineinputiswrittenasfollows: $ ansible-playbook -i hosts site.yml This is an information box Specialinformationappearinaboxlikethis This is a warning box Warningsappearinaboxlikethis Tips and tricks Tipsandtricksappearlikethis Preface iv Example Code Files YoucanfindtheexamplecodefilesforthisbookintheAnsibleforAWSGitHubrepository⁶. ⁶https://github.com/yankurniawan/ansible-for-aws