Amazon Elastic Compute Cloud (EC2)

Amazon Web Services (AWS) is a cloud computing platform that offers a wide range of services to customers, including computing, storage, and databases, among others. One of the most popular services provided by AWS is the Elastic Compute Cloud (EC2), which allows customers to rent virtual servers and run applications on them.

EC2 instances are virtual servers in the cloud that can be created, launched, and managed easily. In this article, we’ll discuss the basics of EC2 instances and how they work.

What is an EC2 Instance?

An EC2 instance is a virtual server in the AWS cloud that provides compute capacity. It is a scalable computing resource that can be easily launched, configured, and managed. Each instance is created from an Amazon Machine Image (AMI), which is a pre-configured virtual machine image that contains an operating system, applications, libraries, and other necessary components.

EC2 instances can be created in various sizes and configurations, depending on the customer’s requirements. They can run a variety of operating systems, including Linux, Windows, and macOS.

How EC2 Instances Work

EC2 instances are launched from an AMI and can be configured with various settings, including the instance type, storage, and security settings. Once launched, the instance runs on a virtual machine in the cloud, and customers can access it using various methods, including the AWS Management Console, the AWS Command Line Interface (CLI), or the AWS SDKs.

EC2 instances can be launched in various sizes, ranging from small, low-cost instances to large, high-performance instances with specialized capabilities. Customers can choose an instance type based on the specific needs of their application. For example, they can choose an instance type with high compute power for running CPU-intensive workloads, or an instance type with high memory for running memory-intensive applications.

EC2 instances can also be configured with various storage options, including Amazon Elastic Block Store (EBS), which provides persistent block-level storage, or Amazon Elastic File System (EFS), which provides scalable, network file storage.

Security is also an important consideration when launching EC2 instances. Customers can configure security settings, including virtual private cloud (VPC) settings, security groups, and access control policies, to ensure that their instances are secure.

Demo

This is a YAML code block that outlines an Ansible playbook for creating an EC2 instance on Amazon Web Services (AWS). The playbook consists of three tasks, each of which performs a specific action:

  1. The first task creates a security group for the EC2 instance named “{{ name }}_server_sg”. The security group allows incoming traffic on port 80 (for LB HTTP healthcheck) and port 443 (for LB HTTPS traffic) from the load balancer security group specified by “{{ lb_security_group_id }}”. The security group is also tagged with the name “server_sg”.

  2. The second task creates a separate security group for remote access to the EC2 instance named “{{ name }}_server_remote_sg”. This security group only allows incoming traffic on port 22 (SSH) from a specific CIDR block “{{ remote_ssh_cidr }}”. This security group is also tagged with the name “server_remote_sg”. However, this task is only executed when the “deployment_environment” variable is set to “dev”.

  3. The third task creates the actual EC2 instance named “server” in the specified subnets. The instance is created with the specified instance type, image ID, and key name. It is also assigned the security groups created in the first two tasks. This task is only executed when the “deployment_environment” variable is set to “dev”. The “wait” parameter is set to “no” to ensure that the task does not wait for the instance to be fully created before moving on to the next task.

Overall, this Ansible playbook creates an EC2 instance on AWS with appropriate security groups and settings for a development environment.

---
- name: Create AWS EC2 server
  hosts: all
  vars:
    name: "server"
    deployment_environment: "dev"
    instance_type: "t2.nano"
    image_id: "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20220420"
    key_name: "luca"
    subnets: "development"
  tasks:
    - name: Create Server Security Group
      amazon.aws.ec2_group:
        state: present
        name: "{{ name }}_server_sg"
        description: Security group for {{ name }}
        region: "{{ region }}"
        vpc_id: "{{ vpc_id }}"
        purge_rules: yes
        purge_tags: yes
        rules:
          - rule_desc: Allow LB HTTP healthcheck
            proto: tcp
            from_port: 80
            to_port: 80
            group_id: "{{ lb_security_group_id }}"
          - rule_desc: Allow LB HTTPS traffic
            proto: tcp
            from_port: 443
            to_port: 443
            group_id: "{{ lb_security_group_id }}"
        rules_egress:
        tags:
          Name: server_sg
      register: server_sg

    - name: Create Server Remote Access Security Group
      amazon.aws.ec2_group:
        state: present
        name: "{{ name }}_server_remote_sg"
        description: Only for dev environments
        region: "{{ region }}"
        vpc_id: "{{ vpc_id }}"
        purge_rules: yes
        purge_tags: yes
        rules:
          - rule_desc: Allow Inbound SSH Traffic
            proto: tcp
            from_port: 22
            to_port: 22
            cidr_ip: "{{ remote_ssh_cidr }}"
        rules_egress:
        tags:
          Name: server_remote_sg
      register: server_remote_sg
      when: deployment_environment == "dev"

    - name: Create EC2 instances for 'dev' environment
      amazon.aws.ec2_instance:
        name: server
        instance_type: "{{ instance_type }}"
        image_id: "{{ image_id }}"
        vpc_subnet_id: "{{ item }}"
        key_name: "{{ keypair_name }}"
        security_groups:
          - "{{ server_sg.group_id }}"
          - "{{ server_remote_sg.group_id }}"
        network:
          assign_public_ip: true
        wait: no
      with_items:
        - "{{ subnets }}"
      register: server_instances
      when: deployment_environment == "dev"

Conclusion

Amazon EC2 instances are a powerful and flexible computing resource that allows customers to rent virtual servers and run applications on them. With various configurations and settings available, customers can choose an instance type and storage option that best suits their application’s requirements. Security settings also ensure that the instances are secure and protected from unauthorized access.

As a cloud-based service, EC2 instances are scalable and can be easily launched, managed, and configured from anywhere in the world. AWS provides a wide range of resources and support to help customers get started with EC2 instances, including documentation, tutorials, and support forums. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza