In this post we’ll cover how to handle a simple AWS EC2 Instance creation using Ansible:
1. Prepare our Ansible control machine
2. Configure AWS credentials
3. Code our playbook and run it
4. Test access and cleanup

Our environment:
Control Machine: CentOS 7
EC2 instance: Amazon Linux 2 AMI

First, let’s explain how this will work. We’ll be using Ansible ec2 module
(more info -> https://docs.ansible.com/ansible/latest/modules/ec2_module.html)
Ansible will use AWS credentials (AWS Access Key, AWS Access Key ID) to connect to AWS and execute.

1. Preparing our Ansible control machine

– install AWS SDK for python on our Ansible control machine:

#yum install -y python python-dev python-pip
#pip install boto boto3

– install AWS CLI on our Ansible Control machine:

#curl “https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip” -o “awscliv2.zip”
#unzip awscliv2.zip
#sudo ./aws/install

– check AWS CLI installation

[root@ansible aws]# aws –version
aws-cli/2.0.0 Python/3.7.3 Linux/3.10.0-862.11.6.el7.x86_64 botocore/2.0.0dev4

2. Configure AWS credentials

– Modifying IAM roles and permissions

1. Login to AWS console and navigate to IAM
2. Add a new user (“ansibleuser”) with only programmatic access

3. Attacht EC2 Full Access policy

4. Add a few tags and finish the user creation process (make sure you save/download you keys)

 

– Adding the keys to our control machine

1. The simplest way of doing this is by using aws cli

[root@ansible aws]# aws configure
AWS Access Key ID [None]: AKIATG**********4MU3
AWS Secret Access Key [None]: 7****/4*****yVZF8u/*****0tT7iZ*****sK0qu
Default region name [None]: us-east-1
Default output format [None]:

2. Test our aws access with our credentials (below output tells us the credentails are OK, and there are no ec2 instances in our environment at this point)

[root@ansible aws]# aws ec2 describe-instances
{
“Reservations”: []
}

3. Code & Run our playbook

Make sure you take care of subnets to be able to access the instance via SSH.

– hosts: localhost
tasks:
– ec2_instance:
name: “ca-demo-instance”
key_name: “ca-demo-us-east-1”
instance_type: t2.micro
security_group: all-open-from-everywhere
network:
assign_public_ip: true
image_id: ami-0a887e401f7654935
tags:
Environment: Testing

Run the playbook

[root@ansible ca]# ansible-playbook aws_create_instance.yml

PLAY [localhost] ***********************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [localhost]

TASK [ec2_instance] ********************************************************************************************************************************************

changed: [localhost]

PLAY RECAP *****************************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Observe whats going on in AWS console:

4.Test access and cleanup

[root@ansible aws]# ssh -i ca-demo-us-east-1.pem ec2-user@ec2-100-26-203-33.compute-1.amazonaws.com
Last login: Sun Feb 16 07:47:40 2020 from ec2-18-206-107-26.compute-1.amazonaws.com

__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|

https://aws.amazon.com/amazon-linux-2/
No packages needed for security; 2 packages available
Run “sudo yum update” to apply all updates.
[ec2-user@ip-172-31-83-36 ~]$ curl http://ipinfo.io/ip
100.26.203.33
[ec2-user@ip-172-31-83-36 ~]$

We tested the access by connecting to the instance using ssh key specified in the playbook.

To avoid costs, make sure to terminate your instance after you finish with the testing.

For security reasons (and in case you will not be using them) also remove ssh key pair and the IAM user used for ansible connection.