Automating Your Cloud Infrastructure with Ansible Creating AWS EC2 Instances Made Easy

Efficiently Manage Your AWS EC2 Instances with Ansible Playbooks and Configurations

May 1, 2023

Amazon Elastic Compute Cloud (EC2)

Amazon Web Services (AWS) is a cloud computing platform that offers a wide range of services to customers, including computing, storage, and databases, among others. One of the most popular services provided by AWS is the Elastic Compute Cloud (EC2), which allows customers to rent virtual servers and run applications on them.

EC2 instances are virtual servers in the cloud that can be created, launched, and managed easily. In this article, we’ll discuss the basics of EC2 instances and how they work.

What is an EC2 Instance?

An EC2 instance is a virtual server in the AWS cloud that provides compute capacity. It is a scalable computing resource that can be easily launched, configured, and managed. Each instance is created from an Amazon Machine Image (AMI), which is a pre-configured virtual machine image that contains an operating system, applications, libraries, and other necessary components.

EC2 instances can be created in various sizes and configurations, depending on the customer’s requirements. They can run a variety of operating systems, including Linux, Windows, and macOS.

How EC2 Instances Work

EC2 instances are launched from an AMI and can be configured with various settings, including the instance type, storage, and security settings. Once launched, the instance runs on a virtual machine in the cloud, and customers can access it using various methods, including the AWS Management Console, the AWS Command Line Interface (CLI), or the AWS SDKs.

EC2 instances can be launched in various sizes, ranging from small, low-cost instances to large, high-performance instances with specialized capabilities. Customers can choose an instance type based on the specific needs of their application. For example, they can choose an instance type with high compute power for running CPU-intensive workloads, or an instance type with high memory for running memory-intensive applications.

EC2 instances can also be configured with various storage options, including Amazon Elastic Block Store (EBS), which provides persistent block-level storage, or Amazon Elastic File System (EFS), which provides scalable, network file storage.

Security is also an important consideration when launching EC2 instances. Customers can configure security settings, including virtual private cloud (VPC) settings, security groups, and access control policies, to ensure that their instances are secure.

Links

• amazon.aws.ec2_security_group module
• amazon.aws.ec2_instance

The Best Resources For Ansible

Certifications

• The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up

• Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription

Video Course

• Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

• Ansible For VMware by Examples
  Buy on Amazon Buy on Apress
• Ansible for Kubernetes by Example
  Buy on Amazon Buy on Apress
• Hands-on Ansible Automation
  Buy on Amazon Buy on BPB
• Red Hat Ansible Automation Platform
  Buy on Amazon Buy on BPB

eBooks

• Buy on Leanpub Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
• Buy on Leanpub Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
• Buy on Leanpub Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
• Buy on Leanpub Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
• Buy on Leanpub Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
• Buy on Leanpub Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
• Buy on Leanpub Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
• Buy on Leanpub Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
• Buy on Leanpub Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
• Buy on Leanpub Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios

Demo

This is a YAML code block that outlines an Ansible playbook for creating an EC2 instance on Amazon Web Services (AWS). The playbook consists of three tasks, each of which performs a specific action:

1. The first task creates a security group for the EC2 instance named “{{ name }}_server_sg”. The security group allows incoming traffic on port 80 (for LB HTTP healthcheck) and port 443 (for LB HTTPS traffic) from the load balancer security group specified by “{{ lb_security_group_id }}”. The security group is also tagged with the name “server_sg”.

2. The second task creates a separate security group for remote access to the EC2 instance named “{{ name }}_server_remote_sg”. This security group only allows incoming traffic on port 22 (SSH) from a specific CIDR block “{{ remote_ssh_cidr }}”. This security group is also tagged with the name “server_remote_sg”. However, this task is only executed when the “deployment_environment” variable is set to “dev”.

3. The third task creates the actual EC2 instance named “server” in the specified subnets. The instance is created with the specified instance type, image ID, and key name. It is also assigned the security groups created in the first two tasks. This task is only executed when the “deployment_environment” variable is set to “dev”. The “wait” parameter is set to “no” to ensure that the task does not wait for the instance to be fully created before moving on to the next task.

Overall, this Ansible playbook creates an EC2 instance on AWS with appropriate security groups and settings for a development environment.

---
- name: Create AWS EC2 server
  hosts: all
  vars:
    name: "server"
    deployment_environment: "dev"
    instance_type: "t2.nano"
    image_id: "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20220420"
    key_name: "luca"
    subnets: "development"
  tasks:
    - name: Create Server Security Group
      amazon.aws.ec2_group:
        state: present
        name: "{{ name }}_server_sg"
        description: Security group for {{ name }}
        region: "{{ region }}"
        vpc_id: "{{ vpc_id }}"
        purge_rules: yes
        purge_tags: yes
        rules:
          - rule_desc: Allow LB HTTP healthcheck
            proto: tcp
            from_port: 80
            to_port: 80
            group_id: "{{ lb_security_group_id }}"
          - rule_desc: Allow LB HTTPS traffic
            proto: tcp
            from_port: 443
            to_port: 443
            group_id: "{{ lb_security_group_id }}"
        rules_egress:
        tags:
          Name: server_sg
      register: server_sg

    - name: Create Server Remote Access Security Group
      amazon.aws.ec2_group:
        state: present
        name: "{{ name }}_server_remote_sg"
        description: Only for dev environments
        region: "{{ region }}"
        vpc_id: "{{ vpc_id }}"
        purge_rules: yes
        purge_tags: yes
        rules:
          - rule_desc: Allow Inbound SSH Traffic
            proto: tcp
            from_port: 22
            to_port: 22
            cidr_ip: "{{ remote_ssh_cidr }}"
        rules_egress:
        tags:
          Name: server_remote_sg
      register: server_remote_sg
      when: deployment_environment == "dev"

    - name: Create EC2 instances for 'dev' environment
      amazon.aws.ec2_instance:
        name: server
        instance_type: "{{ instance_type }}"
        image_id: "{{ image_id }}"
        vpc_subnet_id: "{{ item }}"
        key_name: "{{ keypair_name }}"
        security_groups:
          - "{{ server_sg.group_id }}"
          - "{{ server_remote_sg.group_id }}"
        network:
          assign_public_ip: true
        wait: no
      with_items:
        - "{{ subnets }}"
      register: server_instances
      when: deployment_environment == "dev"

Recap

Amazon EC2 instances are a powerful and flexible computing resource that allows customers to rent virtual servers and run applications on them. With various configurations and settings available, customers can choose an instance type and storage option that best suits their application’s requirements. Security settings also ensure that the instances are secure and protected from unauthorized access.

As a cloud-based service, EC2 instances are scalable and can be easily launched, managed, and configured from anywhere in the world. AWS provides a wide range of resources and support to help customers get started with EC2 instances, including documentation, tutorials, and support forums. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my 200+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza