Ansible and Amazon Web Services

[root@ansible ~]# yum install ansible -y

[root@ansible ~]# ansible –version
ansible 2.3.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

[root@ansible ~]# yum install python-pip -y

[root@ansible ~]# pip install awscli
[root@ansible ~]# pip install awscli
Collecting awscli
Downloading awscli-1.11.85-py2.py3-none-any.whl (1.2MB)
100% |████████████████████████████████| 1.2MB 25kB/s
Collecting rsa<=3.5.0,>=3.1.2 (from awscli)
Downloading rsa-3.4.2-py2.py3-none-any.whl (46kB)
100% |████████████████████████████████| 51kB 33kB/s
Collecting s3transfer<0.2.0,>=0.1.9 (from awscli)
Downloading s3transfer-0.1.10-py2.py3-none-any.whl (54kB)
100% |████████████████████████████████| 61kB 26kB/s
Collecting botocore==1.5.48 (from awscli)
Downloading botocore-1.5.48-py2.py3-none-any.whl (3.5MB)
100% |████████████████████████████████| 3.5MB 27kB/s
Collecting docutils>=0.10 (from awscli)
Downloading docutils-0.13.1-py2-none-any.whl (537kB)
100% |████████████████████████████████| 542kB 35kB/s
Collecting colorama<=0.3.7,>=0.2.5 (from awscli)
Downloading colorama-0.3.7-py2.py3-none-any.whl
Requirement already satisfied (use –upgrade to upgrade): PyYAML<=3.12,>=3.10 in /usr/lib64/python2.7/site-packages (from awscli)
Requirement already satisfied (use –upgrade to upgrade): pyasn1>=0.1.3 in /usr/lib/python2.7/site-packages (from rsa<=3.5.0,>=3.1.2->awscli)
Collecting futures<4.0.0,>=2.2.0; python_version == “2.6” or python_version == “2.7” (from s3transfer<0.2.0,>=0.1.9->awscli)
Downloading futures-3.1.1-py2-none-any.whl
Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.5.48->awscli)
Downloading python_dateutil-2.6.0-py2.py3-none-any.whl (194kB)
100% |████████████████████████████████| 194kB 29kB/s
Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.5.48->awscli)
Downloading jmespath-0.9.2-py2.py3-none-any.whl
Requirement already satisfied (use –upgrade to upgrade): six>=1.5 in /usr/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1->botocore==1.5.48->awscli)
Installing collected packages: rsa, python-dateutil, jmespath, docutils, botocore, futures, s3transfer, colorama, awscli
Successfully installed awscli-1.11.85 botocore-1.5.48 colorama-0.3.7 docutils-0.13.1 futures-3.1.1 jmespath-0.9.2 python-dateutil-2.6.0 rsa-3.4.2 s3transfer-0.1.10
You are using pip version 8.1.2, however version 9.0.1 is available.
You should consider upgrading via the ‘pip install –upgrade pip’ command.
[root@ansible ~]# pip install –upgrade pip
Collecting pip
Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
100% |████████████████████████████████| 1.3MB 243kB/s
Installing collected packages: pip
Found existing installation: pip 8.1.2
Uninstalling pip-8.1.2:
Successfully uninstalled pip-8.1.2
Successfully installed pip-9.0.1

[root@ansible ~]# pip install awscli
Requirement already satisfied: awscli in /usr/lib/python2.7/site-packages
Requirement already satisfied: rsa<=3.5.0,>=3.1.2 in /usr/lib/python2.7/site-packages (from awscli)
Requirement already satisfied: s3transfer<0.2.0,>=0.1.9 in /usr/lib/python2.7/site-packages (from awscli)
Requirement already satisfied: botocore==1.5.48 in /usr/lib/python2.7/site-packages (from awscli)
Requirement already satisfied: docutils>=0.10 in /usr/lib/python2.7/site-packages (from awscli)
Requirement already satisfied: colorama<=0.3.7,>=0.2.5 in /usr/lib/python2.7/site-packages (from awscli)
Requirement already satisfied: PyYAML<=3.12,>=3.10 in /usr/lib64/python2.7/site-packages (from awscli)
Requirement already satisfied: pyasn1>=0.1.3 in /usr/lib/python2.7/site-packages (from rsa<=3.5.0,>=3.1.2->awscli)
Requirement already satisfied: futures<4.0.0,>=2.2.0; python_version == “2.6” or python_version == “2.7” in /usr/lib/python2.7/site-packages (from s3transfer<0.2.0,>=0.1.9->awscli)
Requirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/lib/python2.7/site-packages (from botocore==1.5.48->awscli)
Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/lib/python2.7/site-packages (from botocore==1.5.48->awscli)
Requirement already satisfied: six>=1.5 in /usr/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1->botocore==1.5.48->awscli)

[root@ansible ~]# aws
aws aws_bash_completer aws.cmd aws_completer aws_zsh_completer.sh
[root@ansible ~]# aws
usage: aws [options] <command> <subcommand> [<subcommand> …] [parameters]
To see help text, you can run:

aws help
aws <command> help
aws <command> <subcommand> help
aws: error: too few arguments

aws1aws2

[root@ansible ~]# aws describe-regions
usage: aws [options] <command> <subcommand> [<subcommand> …] [parameters]
To see help text, you can run:

aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument command: Invalid choice, valid choices are:

acm | apigateway
application-autoscaling | appstream
autoscaling | batch
budgets | clouddirectory
cloudformation | cloudfront
cloudhsm | cloudsearch
cloudsearchdomain | cloudtrail
cloudwatch | codebuild
codecommit | codepipeline
codestar | cognito-identity
cognito-idp | cognito-sync
cur | datapipeline
devicefarm | directconnect
discovery | dms
ds | dynamodb
dynamodbstreams | ec2
ecr | ecs
efs | elasticache
elasticbeanstalk | elastictranscoder
elb | elbv2
emr | es
events | firehose
gamelift | glacier
health | iam
importexport | inspector
iot | iot-data
kinesis | kinesisanalytics
kms | lambda
lex-models | lex-runtime
lightsail | logs
machinelearning | marketplace-entitlement
marketplacecommerceanalytics | meteringmarketplace
mturk | opsworks
opsworkscm | organizations
pinpoint | polly
rds | redshift
rekognition | resourcegroupstaggingapi
route53 | route53domains
sdb | servicecatalog
ses | shield
sms | snowball
sns | sqs
ssm | stepfunctions
storagegateway | sts
support | swf
waf | waf-regional
workdocs | workspaces
xray | s3api
s3 | configure
deploy | configservice
opsworks-cm | help

[root@ansible ~]# aws ec2 describe-regions
You must specify a region. You can also configure your region by running “aws configure”.

[root@ansible ~]# aws configure
AWS Access Key ID [None]: ###########################
AWS Secret Access Key [None]:###########################
Default region name [None]: us-east-1
Default output format [None]:

[root@ansible ~]# aws ec2 describe-regions
{
“Regions”: [
{
“Endpoint”: “ec2.ap-south-1.amazonaws.com”,
“RegionName”: “ap-south-1”
},
{
“Endpoint”: “ec2.eu-west-2.amazonaws.com”,
“RegionName”: “eu-west-2”
},
{
“Endpoint”: “ec2.eu-west-1.amazonaws.com”,
“RegionName”: “eu-west-1”
},
{
“Endpoint”: “ec2.ap-northeast-2.amazonaws.com”,
“RegionName”: “ap-northeast-2”
},
{
“Endpoint”: “ec2.ap-northeast-1.amazonaws.com”,
“RegionName”: “ap-northeast-1”
},
{
“Endpoint”: “ec2.sa-east-1.amazonaws.com”,
“RegionName”: “sa-east-1”
},
{
“Endpoint”: “ec2.ca-central-1.amazonaws.com”,
“RegionName”: “ca-central-1”
},
{
“Endpoint”: “ec2.ap-southeast-1.amazonaws.com”,
“RegionName”: “ap-southeast-1”
},
{
“Endpoint”: “ec2.ap-southeast-2.amazonaws.com”,
“RegionName”: “ap-southeast-2”
},
{
“Endpoint”: “ec2.eu-central-1.amazonaws.com”,
“RegionName”: “eu-central-1”
},
{
“Endpoint”: “ec2.us-east-1.amazonaws.com”,
“RegionName”: “us-east-1”
},
{
“Endpoint”: “ec2.us-east-2.amazonaws.com”,
“RegionName”: “us-east-2”
},
{
“Endpoint”: “ec2.us-west-1.amazonaws.com”,
“RegionName”: “us-west-1”
},
{
“Endpoint”: “ec2.us-west-2.amazonaws.com”,
“RegionName”: “us-west-2”
}
]
}

[root@ansible ~]# ls -la .aws/
total 12
drwxr-xr-x 2 root root 37 May 13 12:05 .
dr-xr-x—. 7 root root 4096 May 13 12:05 ..
-rw——- 1 root root 29 May 13 12:05 config
-rw——- 1 root root 116 May 13 12:05 credentials
[root@ansible ~]# cat .aws/config
[default]
region = us-east-1
[root@ansible ~]# cat .aws/credentials
[default]
aws_access_key_id = ############################
aws_secret_access_key = ############################

Ansible and AWS Configuration – Environment Variables

root@ansible ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
63:1a:17:a5:5f:47:d1:68:82:6f:41:9d:c5:ea:59:c3 root@ansible.example.com
The key’s randomart image is:
+–[ RSA 2048]—-+
| .o..oB.|
| o. o.= o|
| o ..+o. |
| o .o..E.|
| . S .. . o.|
| = . o |
| . |
| |
| |
+—————–+
[root@ansible ~]# ssh-copy-id root@localhost
The authenticity of host ‘localhost (::1)’ can’t be established.
ECDSA key fingerprint is 4a:2b:90:32:a6:1c:a8:5e:b0:69:6d:07:e5:f9:22:41.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@localhost’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘root@localhost'”
and check to make sure that only the key(s) you wanted were added.

[root@ansible ~]# vim /etc/ansible/hosts
ansible.example.com

[root@ansible ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.183.128 ansible.example.com

[root@ansible ~]# ansible -m ping all
ansible.example.com | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

[root@ansible ~]# export AWS_ACCESS_KEY_ID=’#####################’
[root@ansible ~]# export AWS_SECRET_ACCESS_KEY=’#####################’
[root@ansible ~]# env |grep -i aws
AWS_SECRET_ACCESS_KEY=#####################
AWS_ACCESS_KEY_ID=#####################
[root@ansible ~]# vim .bashrc
export AWS_ACCESS_KEY_ID=’#####################’
export AWS_SECRET_ACCESS_KEY=’#####################’

######################################################################

[root@ansible ~]# ansible all –list-hosts
hosts (1):
ansible.example.com
Public DNS (IPv4)
ec2-34-202-9-183.compute-1.amazonaws.com

[root@ansible ~]# vim /etc/ansible/hosts
[local]
ansible.example.com
[aws]
ec2-34-202-9-183.compute-1.amazonaws.com
[root@ansible ~]# chmod 600 myawskey1.pem
[root@ansible ~]# ssh -i myawskey1.pem ec2-user@ec2-34-202-9-183.compute-1.amazonaws.com

The authenticity of host ‘ec2-34-202-9-183.compute-1.amazonaws.com (34.202.9.183)’ can’t be established.
ECDSA key fingerprint is cd:36:a0:28:49:b3:30:09:db:d0:dc:d9:78:db:8c:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘ec2-34-202-9-183.compute-1.amazonaws.com,34.202.9.183’ (ECDSA) to the list of known hosts.
Last login: Sun May 14 02:58:38 2017 from 183.82.220.31

__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2017.03-release-notes/
14 package(s) needed for security, out of 18 available
Run “sudo yum update” to apply all updates.
[ec2-user@ip-172-31-35-134 ~]$
[ec2-user@ip-172-31-35-134 ~]$ cat /etc/system-release
Amazon Linux AMI release 2017.03

[root@ansible ~]# ansible –list-hosts all
hosts (2):
ec2-34-202-9-183.compute-1.amazonaws.com
ansible.example.com
[root@ansible ~]# ansible -m ping all
ansible.example.com | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
ec2-34-202-9-183.compute-1.amazonaws.com | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey).\r\n”,
“unreachable”: true
}

Instance run
[root@ansible ~]# vim awsshell.yml

– hosts: aws
remote_user: ec2-user
become_method: sudo
gather_facts: yes
connection: ssh
tasks:
– name: exec shell command
shell: ls -la ~
register: result
– name: Display the result in json format
debug: var=result

[root@ansible ~]# ansible-playbook awsshell.yml –syntax-check

playbook: awsshell.yml
[root@ansible ~]# ansible-playbook awsshell.yml

PLAY [aws] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
fatal: [ec2-34-202-9-183.compute-1.amazonaws.com]: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: Permission denied (publickey).\r\n”, “unreachable”: true}
to retry, use: –limit @/root/awsshell.retry

PLAY RECAP *************************************************************************************************************************************
ec2-34-202-9-183.compute-1.amazonaws.com : ok=0 changed=0 unreachable=1 failed=0

[root@ansible ~]# ansible-playbook awsshell.yml –private-key=myawskey1.pem

PLAY [aws] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [exec shell command] **********************************************************************************************************************
changed: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [Display the result in json format] *******************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com] => {
“changed”: false,
“result”: {
“changed”: true,
“cmd”: “ls -la ~”,
“delta”: “0:00:00.002714”,
“end”: “2017-05-14 03:37:03.297569”,
“rc”: 0,
“start”: “2017-05-14 03:37:03.294855”,
“stderr”: “”,
“stderr_lines”: [],
“stdout”: “total 32\ndrwx—— 4 ec2-user ec2-user 4096 May 14 03:36 .\ndrwxr-xr-x 3 root root 4096 May 14 02:54 ..\ndrwx—— 3 ec2-user ec2-user 4096 May 14 03:36 .ansible\n-rw——- 1 ec2-user ec2-user 44 May 14 03:01 .bash_history\n-rw-r–r– 1 ec2-user ec2-user 18 Aug 15 2016 .bash_logout\n-rw-r–r– 1 ec2-user ec2-user 193 Aug 15 2016 .bash_profile\n-rw-r–r– 1 ec2-user ec2-user 124 Aug 15 2016 .bashrc\ndrwx—— 2 ec2-user ec2-user 4096 May 14 02:54 .ssh”,
“stdout_lines”: [
“total 32”,
“drwx—— 4 ec2-user ec2-user 4096 May 14 03:36 .”,
“drwxr-xr-x 3 root root 4096 May 14 02:54 ..”,
“drwx—— 3 ec2-user ec2-user 4096 May 14 03:36 .ansible”,
“-rw——- 1 ec2-user ec2-user 44 May 14 03:01 .bash_history”,
“-rw-r–r– 1 ec2-user ec2-user 18 Aug 15 2016 .bash_logout”,
“-rw-r–r– 1 ec2-user ec2-user 193 Aug 15 2016 .bash_profile”,
“-rw-r–r– 1 ec2-user ec2-user 124 Aug 15 2016 .bashrc”,
“drwx—— 2 ec2-user ec2-user 4096 May 14 02:54 .ssh”
]
}
}

PLAY RECAP *************************************************************************************************************************************
ec2-34-202-9-183.compute-1.amazonaws.com : ok=3 changed=1 unreachable=0 failed=0

[root@ansible ~]# ssh-add myawskey1.pem
Could not open a connection to your authentication agent.

[root@ansible ~]# ssh-agent bash

[root@ansible ~]# ssh-add myawskey1.pem
Identity added: myawskey1.pem (myawskey1.pem)

[root@ansible ~]# grep amazon .ssh/known_hosts
ec2-34-202-9-183.compute-1.amazonaws.com,34.202.9.183 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCNImqDG5pffCwysFqpkLe9LMA5G8sB2rpdW4eFAUVQkieFLwquH5aiiJ/6bcmfXrCN7xNlEmBDlWqrxuCANjHQ=

[root@ansible ~]# ansible-playbook awsshell.yml

PLAY [aws] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [exec shell command] **********************************************************************************************************************
changed: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [Display the result in json format] *******************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com] => {
“changed”: false,
“result”: {
“changed”: true,
“cmd”: “ls -la ~”,
“delta”: “0:00:00.002696”,
“end”: “2017-05-14 03:44:21.065691”,
“rc”: 0,
“start”: “2017-05-14 03:44:21.062995”,
“stderr”: “”,
“stderr_lines”: [],
“stdout”: “total 32\ndrwx—— 4 ec2-user ec2-user 4096 May 14 03:36 .\ndrwxr-xr-x 3 root root 4096 May 14 02:54 ..\ndrwx—— 3 ec2-user ec2-user 4096 May 14 03:36 .ansible\n-rw——- 1 ec2-user ec2-user 44 May 14 03:01 .bash_history\n-rw-r–r– 1 ec2-user ec2-user 18 Aug 15 2016 .bash_logout\n-rw-r–r– 1 ec2-user ec2-user 193 Aug 15 2016 .bash_profile\n-rw-r–r– 1 ec2-user ec2-user 124 Aug 15 2016 .bashrc\ndrwx—— 2 ec2-user ec2-user 4096 May 14 02:54 .ssh”,
“stdout_lines”: [
“total 32”,
“drwx—— 4 ec2-user ec2-user 4096 May 14 03:36 .”,
“drwxr-xr-x 3 root root 4096 May 14 02:54 ..”,
“drwx—— 3 ec2-user ec2-user 4096 May 14 03:36 .ansible”,
“-rw——- 1 ec2-user ec2-user 44 May 14 03:01 .bash_history”,
“-rw-r–r– 1 ec2-user ec2-user 18 Aug 15 2016 .bash_logout”,
“-rw-r–r– 1 ec2-user ec2-user 193 Aug 15 2016 .bash_profile”,
“-rw-r–r– 1 ec2-user ec2-user 124 Aug 15 2016 .bashrc”,
“drwx—— 2 ec2-user ec2-user 4096 May 14 02:54 .ssh”
]
}
}

PLAY RECAP *************************************************************************************************************************************
ec2-34-202-9-183.compute-1.amazonaws.com : ok=3 changed=1 unreachable=0 failed=0

EC2_facts

[root@ansible ~]# vim aws-ec2-facts.yaml

– hosts: aws
remote_user: ec2-user
become_method: sudo
gather_facts: yes
connection: ssh
tasks:
– name: gathering facts about running instance
action: ec2_facts
– name: display the instance type
debug: msg='{{ ansible_ec2_instance_type }}’

[root@ansible ~]# ansible-playbook aws-ec2-facts.yaml –syntax-check

playbook: aws-ec2-fscts.yaml
[root@ansible ~]#ansible-playbook aws-ec2-facts.yaml –private-key=myawskey1.pem  PLAY [aws] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [gathering facts about running instance] **************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com]

TASK [display the instance type] ***************************************************************************************************************
ok: [ec2-34-202-9-183.compute-1.amazonaws.com] => {
“changed”: false,
“msg”: “t2.micro”
}

PLAY RECAP *************************************************************************************************************************************
ec2-34-202-9-183.compute-1.amazonaws.com : ok=3 changed=0 unreachable=0 failed=0

########################################################################################

EC2_key

[root@ansible ~]# env | grep AWS >awscreds.yaml

[root@ansible ~]# vim awscreds.yaml
aws_key: ############################
aws_id: : ############################

[root@ansible ~]# vim aws-ec2-key.yaml


– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a new key pair
ec2_key:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
name: mykeypair2
region: us-east-1
state: present

[root@ansible ~]# ansible-playbook aws-ec2-key.yaml –syntax-check

playbook: aws-ec2-key.yaml

[root@ansible ~]# ansible-playbook aws-ec2-key.yaml -v
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: aws-ec2-key.yaml *********************************************************************************************************************
1 plays in aws-ec2-key.yaml

PLAY [localhost] *******************************************************************************************************************************
META: ran handlers

TASK [create a new key pair] *******************************************************************************************************************
task path: /root/aws-ec2-key.yaml:10
fatal: [localhost]: FAILED! => {“changed”: false, “failed”: true, “msg”: “boto required for this module”}
to retry, use: –limit @/root/aws-ec2-key.retry

PLAY RECAP *************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1

[root@ansible ~]# yum install python-boto -y    or

[root@ansible ~]# pip install boto
Collecting boto
Downloading boto-2.46.1-py2.py3-none-any.whl (1.4MB)
100% |████████████████████████████████| 1.4MB 267kB/s
Installing collected packages: boto
Successfully installed boto-2.46.1

[root@ansible ~]# python2
Python 2.7.5 (default, Nov 20 2015, 02:00:19)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import boto
[root@ansible ~]# ansible-playbook aws-ec2-key.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [create a new key pair] *******************************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

[root@ansible ~]# aws iam list-access-keys
{
“AccessKeyMetadata”: [
{
“Status”: “Active”,
“CreateDate”: “2017-05-14T12:31:56Z”,
“AccessKeyId”: “AKIAJOHRUEQT7EQGDT2Q”
}
]
}

aws.png

[root@ansible ~]# vim files/awscreds.yaml
aws_key: deTTz4gV40ftaz/aSqcM0sZEURWW30Hbxc51i04r
aws_id: AKIAJBWUU4JMH2IBFSBQ
aws_region: us-east-1

aws2.png

[root@ansible ~]# vim aws-ec2-state.yaml

– hosts: localhost
remote_user: mshaik
become_method: sudo
gather_facts: no
connection: local
vars_files:
– files/awscreds.yaml
tasks:
– name: Managing the state of an instance
ec2:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
aws_region: “{{ aws_region }}”
instance_ids: i-0a814c6cce874e0ef
state: stopped

[root@ansible ~]# ansible-playbook aws-ec2-state.yaml –syntax-check

playbook: aws-ec2-state.yaml
[root@ansible ~]# ansible-playbook aws-ec2-state.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [localhost]

TASK [Managing the state of an instance] *******************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0

aws3.png

EC2 – Provisioning New Instances

[root@ansible ~]# vim aws-ec2-provision.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Provosioing of one t2.micro EC2 instance
ec2:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
aws_region: “{{ aws_region }}”
image: ami-c58c1dd3
instance_type: t2.micro
count: 1
[root@ansible ~]# ansible-playbook aws-ec2-provision.yaml –syntax-check

playbook: aws-ec2-provision.yaml

aws.png
[root@ansible ~]# ansible-playbook aws-ec2-provision.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Provosioing of one t2.micro EC2 instance] ************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws1.png

EC2_AMI – Basic Creation

Its My id of my old running instance: i-0af59517d71559c35

[root@ansible ~]# vim aws-ec2-ami.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Basic Provosioing of an AMI instance
ec2_ami:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
aws_region: “{{ aws_region }}”
instance_id: i-0af59517d71559c35
wait: no
name: mynewami
tags:
NAME: MYWEBIMAGE
service: MYAPACHE
register: instance
[root@ansible ~]# ansible-playbook aws-ec2-ami.yaml –syntax-check

playbook: aws-ec2-ami.yaml

[root@ansible ~]# ansible-playbook aws-ec2-ami.yaml -C

PLAY [localhost] *******************************************************************************************************************************

TASK [Provosioing of one t2.micro EC2 instance] ************************************************************************************************
skipping: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=0

aws3
root@ansible ~]# ansible-playbook aws-ec2-ami.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Basic Provosioing of an AMI instance] ****************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws2.png

EC2_AMI – Customization

[root@ansible ~]# vim aws-ec2-ami-custom.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: more advanced Provosioing of an AMI instance
ec2_ami:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
aws_region: “{{ aws_region }}”
instance_id: i-0af59517d71559c35
wait: no
name: mynewami2
tags:
NAME: MYWEBIMAGE2
service: MYAPACHE2
device_mapping:
– device_name: /dev/sdb1
size: 100
delete_on_termination: true
volume_type: gp2
register: instance

[root@ansible ~]# ansible-playbook aws-ec2-ami-custom.yaml –syntax-check

playbook: aws-ec2-ami-custom.yaml

[root@ansible ~]# ansible-playbook aws-ec2-ami-custom.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [more advanced Provosioing of an AMI instance] *******************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws4.png

######### EC2 MODULES ####################

[root@ansible ~]# ansible-doc –list |grep -i ec2
ec2 create, terminate, start or stop an instance in ec2
ec2_ami create or destroy an image in ec2
ec2_ami_copy copies AMI between AWS regions, return new image id
ec2_ami_find Searches for AMIs to obtain the AMI ID and other information
ec2_ami_search Retrieve AWS AMI information for a given operating system.
ec2_asg Create or delete AWS Autoscaling Groups
ec2_asg_facts Gather facts about ec2 Auto Scaling Groups (ASGs) in AWS
ec2_customer_gateway Manage an AWS customer gateway
ec2_eip manages EC2 elastic IP (EIP) addresses.
ec2_elb De-registers or registers instances from EC2 ELBs
ec2_elb_facts Gather facts about EC2 Elastic Load Balancers in AWS
ec2_elb_lb Creates or destroys Amazon ELB.
ec2_eni Create and optionally attach an Elastic Network Interface (ENI) to an instance
ec2_eni_facts Gather facts about ec2 ENI interfaces in AWS
ec2_facts Gathers facts about remote hosts within ec2 (aws)
ec2_group maintain an ec2 VPC security group.
ec2_group_facts Gather facts about ec2 security groups in AWS.
ec2_key maintain an ec2 key pair.
ec2_lc Create or delete AWS Autoscaling Launch Configurations
ec2_lc_facts Gather facts about AWS Autoscaling Launch Configurations
ec2_lc_find Find AWS Autoscaling Launch Configurations
ec2_metric_alarm Create/update or delete AWS Cloudwatch ‘metric alarms’
ec2_remote_facts Gather facts about ec2 instances in AWS
ec2_scaling_policy Create or delete AWS scaling policies for Autoscaling groups
ec2_snapshot creates a snapshot from an existing volume
ec2_snapshot_facts Gather facts about ec2 volume snapshots in AWS
ec2_tag create and remove tag(s) to ec2 resources.
ec2_vol create and attach a volume, return volume id and device map
ec2_vol_facts Gather facts about ec2 volumes in AWS
ec2_vpc configure AWS virtual private clouds
ec2_vpc_dhcp_options Manages DHCP Options, and can ensure the DHCP options for the given VPC match what’s requested
ec2_vpc_dhcp_options_facts Gather facts about dhcp options sets in AWS
ec2_vpc_igw Manage an AWS VPC Internet gateway
ec2_vpc_igw_facts Gather facts about internet gateways in AWS
ec2_vpc_nacl create and delete Network ACLs.
ec2_vpc_nacl_facts Gather facts about Network ACLs in an AWS VPC
ec2_vpc_nat_gateway Manage AWS VPC NAT Gateways.
ec2_vpc_nat_gateway_facts Retrieves AWS VPC Managed Nat Gateway details using AWS methods.
ec2_vpc_net Configure AWS virtual private clouds
ec2_vpc_net_facts Gather facts about ec2 VPCs in AWS
ec2_vpc_peer create, delete, accept, and reject VPC peering connections between two VPCs.
ec2_vpc_route_table Manage route tables for AWS virtual private clouds
ec2_vpc_route_table_facts Gather facts about ec2 VPC route tables in AWS
ec2_vpc_subnet Manage subnets in AWS virtual private clouds
ec2_vpc_subnet_facts Gather facts about ec2 VPC subnets in AWS
ec2_vpc_vgw Create and delete AWS VPN Virtual Gateways.
ec2_vpc_vgw_facts Gather facts about virtual gateways in AWS
ec2_win_password gets the default administrator password for ec2 windows instances

EC2_AMI_Copy

[root@ansible ~]# vim aws-ec2-ami-copy.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: copy AMI from on region to another
ec2_ami_copy:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
source_region: “{{ aws_region }}”
dest_region: us-west-1
source_image_id: ami-5b9ce14d
wait: no
name: uswestAMI1
tags:
Name: MyNewWestAMI
service: uswestAMIService1
register: instance

[root@ansible ~]# ansible-playbook aws-ec2-ami-copy.yaml –syntax-check

playbook: aws-ec2-ami-copy.yaml

[root@ansible ~]# ansible-playbook aws-ec2-ami-copy.yaml

EC2_AMI_Find

[root@ansible ~]# vim awsec2-ami-find.yaml

– hosts: localhost
connection: local
remote_user: admin
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: find our AMI id
ec2_ami_find:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
owner: self
ami_tags:
Name: myfirstami
no_result_action: fail
register: ami_find
– debug: msg={{ ami_find.results[0].owner_id }}
– debug: msg={{ ami_find.results[0].name }}

[root@ansible ~]# ansible-playbook awsec2-ami-find.yaml –syntax-check

playbook: awsec2-ami-find.yaml
[root@ansible ~]# ansible-playbook awsec2-ami-find.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [find our AMI id] *************************************************************************************************************************
ok: [localhost]

TASK [debug] ***********************************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“msg”: “536751915275”
}

TASK [debug] ***********************************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“msg”: “mynewami”
}

PLAY RECAP *************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0

[root@ansible ~]# ansible-playbook awsec2-ami-find.yaml -vvv
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: awsec2-ami-find.yaml *****************************************************************************************************************
1 plays in awsec2-ami-find.yaml

PLAY [localhost] *******************************************************************************************************************************
META: ran handlers

TASK [find our AMI id] *************************************************************************************************************************
task path: /root/awsec2-ami-find.yaml:10
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/amazon/ec2_ami_find.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c ‘echo ~ && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘( umask 77 && mkdir -p “` echo /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106 `” && echo ansible-tmp-1494852332.34-268306985784106=”` echo /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106 `” ) && sleep 0’
<127.0.0.1> PUT /tmp/tmpfnfaZ9 TO /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106/ec2_ami_find.py
<127.0.0.1> EXEC /bin/sh -c ‘chmod u+x /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106/ /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106/ec2_ami_find.py && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106/ec2_ami_find.py; rm -rf “/root/.ansible/tmp/ansible-tmp-1494852332.34-268306985784106/” > /dev/null 2>&1 && sleep 0’
ok: [localhost] => {
“changed”: false,
“invocation”: {
“module_args”: {
“ami_id”: null,
“ami_tags”: {
“Name”: “myfirstami”
},
“architecture”: null,
“aws_access_key”: “AKIAJOHRUEQT7EQGDT2Q”,
“aws_secret_key”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“ec2_url”: null,
“hypervisor”: null,
“is_public”: null,
“name”: null,
“no_result_action”: “fail”,
“owner”: “self”,
“platform”: null,
“product_code”: null,
“profile”: null,
“region”: “us-east-1”,
“security_token”: null,
“sort”: null,
“sort_end”: null,
“sort_order”: “ascending”,
“sort_start”: null,
“sort_tag”: null,
“state”: “available”,
“validate_certs”: true,
“virtualization_type”: null
}
},
“results”: [
{
“ami_id”: “ami-a57f03b3”,
“architecture”: “x86_64”,
“block_device_mapping”: {
“/dev/xvda”: {
“delete_on_termination”: true,
“encrypted”: false,
“size”: 8,
“snapshot_id”: “snap-7ae65dca”,
“volume_type”: “gp2”
}
},
“creationDate”: “2017-05-15T12:34:00.000Z”,
“description”: null,
“hypervisor”: “xen”,
“is_public”: false,
“location”: “536751915275/mynewami”,
“name”: “mynewami”,
“owner_id”: “536751915275”,
“platform”: null,
“root_device_name”: “/dev/xvda”,
“root_device_type”: “ebs”,
“state”: “available”,
“tags”: {
“NAME”: “MYWEBIMAGE”,
“Name”: “myfirstami”,
“service”: “MYAPACHE”
},
“virtualization_type”: “hvm”
}
]
}

TASK [debug] ***********************************************************************************************************************************
task path: /root/awsec2-ami-find.yaml:20
ok: [localhost] => {
“changed”: false,
“msg”: “536751915275”
}

TASK [debug] ***********************************************************************************************************************************
task path: /root/awsec2-ami-find.yaml:21
ok: [localhost] => {
“changed”: false,
“msg”: “mynewami”
}
META: ran handlers
META: ran handlers

PLAY RECAP *************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0

EC2_Group

[root@ansible ~]# vim aws-ec2-groups.yaml

– hosts: localhost
connection: local
remote_user: admin
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Basic Security Group Creation
ec2_group:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
name: MytestGroup
description: This is EC2 group
vpc_id: vpc-868c84e0
rules:
– porto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
rules_egress:
– proto: tcp
to_port: 80
from_port: 80
cidr_ip: 0.0.0.0/0

aws5.png
[root@ansible ~]# ansible-playbook aws-ec2-groups.yaml –syntax-check

playbook: aws-ec2-groups.yaml
[root@ansible ~]# ansible-playbook aws-ec2-groups.yaml

aws6.png

EC2_Metric_Alarm

aws7.png

[root@ansible ~]# vim aws-ec2-alarm.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Basic Security Group Creation
ec2_metric_alarm:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
state: present
name: MyfirstAlarmTest
metric: “CPUUtilization”
namespace: “AWS/EC2”
statistic: Average
comparison: “>=”
threshold: 25.0
period: 300
evaluation_periods: 6
unit: “Percent”
description: “this alarm fores when cpu is grather than 25% for 30 minutes”
dimensions: {‘InstanceID’:’i-0af59517d71559c35′}
[root@ansible ~]# ansible-playbook aws-ec2-alarm.yaml –syntax-check

playbook: aws-ec2-alarm.yaml
[root@ansible ~]# ansible-playbook aws-ec2-alarm.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Basic Security Group Creation] ***********************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws8.png

EC2_Remote_Facts

[root@ansible ~]# vim aws-ec2-remote.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Gather facts of all runing EC2 instance
ec2_remote_facts:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
register: remote_facts
– debug: msg={{ remote_facts }}
[root@ansible ~]# ansible-playbook aws-ec2-remote.yaml –syntax-check

playbook: aws-ec2-remote.yaml

[root@ansible ~]# ansible-playbook aws-ec2-remote.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Gather facts of all runing EC2 instance] *************************************************************************************************
ok: [localhost]

TASK [debug] ***********************************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“msg”: {
“changed”: false,
“instances”: [
{
“ami_launch_index”: “0”,
“architecture”: “x86_64”,
“block_device_mapping”: [
{
“attach_time”: “2017-05-15T03:47:10.000Z”,
“delete_on_termination”: true,
“device_name”: “/dev/xvda”,
“status”: “attached”,
“volume_id”: “vol-081ea41752baa76a8”
}
],
“client_token”: “KrelV1494820029470”,
“ebs_optimized”: false,
“groups”: [
{
“id”: “sg-16bfd168”,
“name”: “launch-wizard-2”
}
],
“hypervisor”: “xen”,
“id”: “i-0af59517d71559c35”,
“image_id”: “ami-c58c1dd3”,
“instance_profile”: null,
“interfaces”: [
{
“id”: “eni-7220a2a9”,
“mac_address”: “0e:09:dc:19:b7:d8”
}
],
“kernel”: null,
“key_name”: “myawskey1”,
“launch_time”: “2017-05-15T03:47:10.000Z”,
“monitoring_state”: “disabled”,
“persistent”: false,
“placement”: {
“tenancy”: “default”,
“zone”: “us-east-1b”
},
“private_dns_name”: “ip-172-31-38-153.ec2.internal”,
“private_ip_address”: “172.31.38.153”,
“public_dns_name”: “ec2-54-91-71-247.compute-1.amazonaws.com”,
“public_ip_address”: “54.91.71.247”,
“ramdisk”: null,
“region”: “us-east-1”,
“requester_id”: null,
“root_device_type”: “ebs”,
“source_destination_check”: “true”,
“spot_instance_request_id”: null,
“state”: “running”,
“tags”: {
“Name”: “node1”
},
“virtualization_type”: “hvm”,
“vpc_id”: “vpc-868c84e0”
}
]
}
}

PLAY RECAP *************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0

EC2_Snapshot

aws9.png

i-0af59517d71559c35
[root@ansible ~]# vim aws-ec2-snapshot.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Basic Security Group Creation
ec2_snapshot:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
instance_id: i-0af59517d71559c35
device_name: /dev/xvda
description: Root volume snapshot
wait: no
register: snapshot
[root@ansible ~]# ansible-playbook aws-ec2-snapshot.yaml –syntax-check

playbook: aws-ec2-snapshot.yaml
[root@ansible ~]# ansible-playbook aws-ec2-snapshot.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Basic Security Group Creation] ***********************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws10.png

[root@ansible ~]# vim aws-ec2-snapshot-delete.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: Basic Security Group Creation
ec2_snapshot:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
snapshot_id: snap-059412e0f38209e75
state: absent
wait: no
register: snapshot
[root@ansible ~]# ansible-playbook aws-ec2-snapshot-delete.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [Basic Security Group Creation] ***********************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

EC2_Vol

[root@ansible ~]# vim EC2-Vol-add.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a new volume and attach to running instance
ec2_vol:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
instance: i-0af59517d71559c35
volume_size: 1
device_name: sde
register: volume_result

[root@ansible ~]# ansible-playbook ec2-vol-add.yaml –syntax-check

playbook: ec2-vol-add.yaml

[root@ansible ~]# ansible-playbook ec2-vol-add.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [create a new volume and attach to running instance] **************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws12.png

[root@ansible ~]# vim ec2-vol-list.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a new volume and attach to running instance
ec2_vol:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
instance: i-0af59517d71559c35
state: list
register: volume_result
– debug: msg={{ volume_result }}
[root@ansible ~]# ansible-playbook ec2-vol-list.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [create a new volume and attach to running instance] **************************************************************************************
ok: [localhost]

TASK [debug] ***********************************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“msg”: {
“changed”: false,
“volumes”: [
{
“attachment_set”: {
“attach_time”: “2017-05-15T03:47:10.000Z”,
“deleteOnTermination”: “true”,
“device”: “/dev/xvda”,
“instance_id”: “i-0af59517d71559c35”,
“status”: “attached”
},
“create_time”: “2017-05-15T03:47:10.932Z”,
“encrypted”: false,
“id”: “vol-081ea41752baa76a8”,
“iops”: 100,
“size”: 8,
“snapshot_id”: “snap-0120309fef406aa90”,
“status”: “in-use”,
“tags”: {},
“type”: “gp2”,
“zone”: “us-east-1b”
},
{
“attachment_set”: {
“attach_time”: “2017-05-16T00:48:32.000Z”,
“deleteOnTermination”: “false”,
“device”: “sde”,
“instance_id”: “i-0af59517d71559c35”,
“status”: “attached”
},
“create_time”: “2017-05-16T00:48:28.946Z”,
“encrypted”: false,
“id”: “vol-035bf0c08b9d7646d”,
“iops”: null,
“size”: 1,
“snapshot_id”: “”,
“status”: “in-use”,
“tags”: {},
“type”: “standard”,
“zone”: “us-east-1b”
}
]
}
}

PLAY RECAP *************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0

EC2_Tags

[root@ansible ~]# vim ec2-tags.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: label an existing volume for proper information
ec2_tag:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
resource: vol-081ea41752baa76a8
state: present
tags:
Name: data_volume
register: voltags

[root@ansible ~]# ansible-playbook ec2-tags.yaml –syntax-check

playbook: ec2-tags.yaml

[root@ansible ~]# ansible-playbook ec2-tags.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [label an existing volume for proper information] *****************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws11.png

EC2_VPC

aws13.png

[root@ansible ~]# vim ec2-vpc.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: label an existing volume for proper information
ec2_vpc:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
state: present
cidr_block: 10.2.1.0/24
resource_tags: { “Environment”:”Development” }
register: vpcblock
[root@ansible ~]# ansible-playbook ec2-vpc.yaml –syntax-check
[DEPRECATION WARNING]: ec2_vpc is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain
more about this rationale..
This feature will be removed in a future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

playbook: ec2-vpc.yaml
[root@ansible ~]# ansible-playbook ec2-vpc.yaml
[DEPRECATION WARNING]: ec2_vpc is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain
more about this rationale..
This feature will be removed in a future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

PLAY [localhost] *******************************************************************************************************************************

TASK [label an existing volume for proper information] *****************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

aws15.png

EC2 – VPC_NET

[root@ansible ~]# vim ec2-vpc-net.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a new vpc called mynewvpc
ec2_vpc_net:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
name: mynewvpc
state: present
cidr_block: 172.17.1.0/24

[root@ansible ~]# ansible-playbook ec2-vpc-net.yaml –syntax-check

playbook: ec2-vpc-net.yaml

[root@ansible ~]# ansible-playbook ec2-vpc-net.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [create a new vpc called mynewvpc] ********************************************************************************************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0

EC2 – VPC_NET_FACTS

[root@ansible ~]# vim ec2-vpc-net-facts.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: to get facts
ec2_vpc_net_facts:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
register: vpcnetfacts
– name: print the facts
dubug: var=vpcnetfacts
[root@ansible ~]# ansible-playbook ec2-vpc-net-facts.yaml –syntax-check

playbook: ec2-vpc-net-facts.yaml

[root@ansible ~]# ansible-playbook ec2-vpc-net-facts.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [to get facts] ****************************************************************************************************************************
ok: [localhost]

TASK [print the facts] *************************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“vpcnetfacts”: {
“changed”: false,
“vpcs”: [
{
“cidr_block”: “172.31.0.0/16”,
“classic_link_enabled”: null,
“dhcp_options_id”: “dopt-e2100f85”,
“id”: “vpc-868c84e0”,
“instance_tenancy”: “default”,
“is_default”: true,
“state”: “available”,
“tags”: {}
},
{
“cidr_block”: “10.2.1.0/24”,
“classic_link_enabled”: null,
“dhcp_options_id”: “dopt-e2100f85”,
“id”: “vpc-467a883f”,
“instance_tenancy”: “default”,
“is_default”: false,
“state”: “available”,
“tags”: {
“Environment”: “Development”
}
},
{
“cidr_block”: “172.17.1.0/24”,
“classic_link_enabled”: null,
“dhcp_options_id”: “dopt-e2100f85”,
“id”: “vpc-e57c8e9c”,
“instance_tenancy”: “default”,
“is_default”: false,
“state”: “available”,
“tags”: {
“Name”: “mynewvpc”
}
}
]
}
}

PLAY RECAP *************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0

[root@ansible ~]# vim ec2-vpc-net-facts.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: to get facts
ec2_vpc_net_facts:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
filters:
vpc-id: vpc-e57c8e9c
register: vpcnetfacts
– name: print the facts
debug: var=vpcnetfacts

IAM – Identity and Access Management

[root@ansible ~]# vim iam.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a couple of iam users
iam:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
iam_type: user
name: “{{item}}”
state: present
password: “Devops@Ind123”
access_key_state: create
with_items:
– tmp1
– tmp2
register: output
– name: show json formtated output
debug: var=output
[root@ansible ~]# ansible-playbook iam.yaml –syntax-check

playbook: iam.yaml

[root@ansible ~]# ansible-playbook iam.yaml

PLAY [localhost] *******************************************************************************************************************************

TASK [create a couple of iam users] ************************************************************************************************************
changed: [localhost] => (item=tmp1)
changed: [localhost] => (item=tmp2)

TASK [show json formtated output] **************************************************************************************************************
ok: [localhost] => {
“changed”: false,
“output”: {
“changed”: true,
“msg”: “All items completed”,
“results”: [
{
“_ansible_item_result”: true,
“_ansible_no_log”: false,
“_ansible_parsed”: true,
“changed”: true,
“groups”: null,
“invocation”: {
“module_args”: {
“access_key_ids”: null,
“access_key_state”: “create”,
“aws_access_key”: “AKIAJOHRUEQT7EQGDT2Q”,
“aws_secret_key”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“ec2_url”: null,
“groups”: null,
“iam_type”: “user”,
“key_count”: 1,
“name”: “tmp1”,
“new_name”: null,
“new_path”: null,
“password”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“path”: “/”,
“profile”: null,
“region”: “us-east-1”,
“security_token”: null,
“state”: “present”,
“trust_policy”: null,
“trust_policy_filepath”: null,
“update_password”: “always”,
“validate_certs”: true
}
},
“item”: “tmp1”,
“keys”: [
{
“access_key_id”: “AKIAIVWW22Y36744GRMA”,
“create_date”: “2017-05-16T02:32:02Z”,
“status”: “Active”,
“user_name”: “tmp1”
}
],
“user_meta”: {
“access_keys”: [
{
“access_key_id”: “AKIAIVWW22Y36744GRMA”,
“access_key_selector”: “HMAC”,
“create_date”: “2017-05-16T02:32:02.917Z”,
“secret_access_key”: “kCs+HNK+4SnJP1o6MulSf00frIlJvm7GyTLBTqpi”,
“status”: “Active”,
“user_name”: “tmp1”
}
],
“created_user”: {
“arn”: “arn:aws:iam::536751915275:user/tmp1”,
“create_date”: “2017-05-16T02:32:02.318Z”,
“path”: “/”,
“user_id”: “AIDAI4LKR2BY3U4FQHXE2”,
“user_name”: “tmp1”
},
“password”: {
“create_login_profile_response”: {
“create_login_profile_result”: {
“login_profile”: {
“create_date”: “2017-05-16T02:32:02.598Z”,
“password_reset_required”: “false”,
“user_name”: “tmp1”
}
},
“response_metadata”: {
“request_id”: “d833c0ca-39df-11e7-9326-adba2bf4dcdf”
}
}
}
}
},
{
“_ansible_item_result”: true,
“_ansible_no_log”: false,
“_ansible_parsed”: true,
“changed”: true,
“groups”: null,
“invocation”: {
“module_args”: {
“access_key_ids”: null,
“access_key_state”: “create”,
“aws_access_key”: “AKIAJOHRUEQT7EQGDT2Q”,
“aws_secret_key”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“ec2_url”: null,
“groups”: null,
“iam_type”: “user”,
“key_count”: 1,
“name”: “tmp2”,
“new_name”: null,
“new_path”: null,
“password”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“path”: “/”,
“profile”: null,
“region”: “us-east-1”,
“security_token”: null,
“state”: “present”,
“trust_policy”: null,
“trust_policy_filepath”: null,
“update_password”: “always”,
“validate_certs”: true
}
},
“item”: “tmp2”,
“keys”: [
{
“access_key_id”: “AKIAJ3OYXE5CZD2UZUVQ”,
“create_date”: “2017-05-16T02:32:06Z”,
“status”: “Active”,
“user_name”: “tmp2”
}
],
“user_meta”: {
“access_keys”: [
{
“access_key_id”: “AKIAJ3OYXE5CZD2UZUVQ”,
“access_key_selector”: “HMAC”,
“create_date”: “2017-05-16T02:32:06.363Z”,
“secret_access_key”: “IQ5/+uOC4Hx+KWSXchJDGp/mXEQWZ6WYBU9a9Oa8”,
“status”: “Active”,
“user_name”: “tmp2”
}
],
“created_user”: {
“arn”: “arn:aws:iam::536751915275:user/tmp2”,
“create_date”: “2017-05-16T02:32:05.755Z”,
“path”: “/”,
“user_id”: “AIDAJQ5BKZADXL5HGKCU6”,
“user_name”: “tmp2”
},
“password”: {
“create_login_profile_response”: {
“create_login_profile_result”: {
“login_profile”: {
“create_date”: “2017-05-16T02:32:06.053Z”,
“password_reset_required”: “false”,
“user_name”: “tmp2”
}
},
“response_metadata”: {
“request_id”: “da42f260-39df-11e7-9326-adba2bf4dcdf”
}
}
}
}
}
]
}
}

PLAY RECAP *************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0

aws16.png

S3 – Working with Storage Buckets

[root@ansible ~]# vim s3-bucket.yaml

– hosts: localhost
connection: local
remote_user: mshaik
become: yes
gather_facts: no
vars_files:
– files/awscreds.yaml
tasks:
– name: create a couple of iam users
s3:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
bucket: mshaikbucket1
mode: create
permission: public-read-write
register: create_bucket
– name: copy the files to bucket
s3:
aws_access_key: “{{ aws_id }}”
aws_secret_key: “{{ aws_key }}”
region: “{{ aws_region }}”
bucket: mshaikbucket1
object: /mystorage/testingbucket
src: /root/testingbucket
mode: put
register: copy_files
– name: output of creation
debug: var=create_bucket
– name: output of copy
debug: var=copy_files

[root@ansible ~]# ansible-playbook s3-bucket.yaml –syntax-check

playbook: s3-bucket.yaml
[root@ansible ~]# ansible-playbook s3-bucket.yaml

Deploying a Web Server – Create the Playbook

[root@ansible ~]# vim index.html
this apache webserver at amazon

[root@ansible ~]# vim apache.yaml

– hosts: aws
connection: ssh
remote_user: ec2-user
become: yes
gather_facts: yes
tasks:
– name: connect to remote server host ,execute yum update
yum: name=* state=latest
– name: Install httpd
yum: name=httpd state=latest
– name: deploy the static website
copy: content=”this apache webserver at amazon” dest=/var/www/html/index.html owner=root group=root backup=yes
– name: restart apache service
service: name=httpd state=restarted
– name: wait for host to start apache
wait_for: ec2-54-91-71-247.compute-1.amazonaws.com port=80 delay=5
– name: install wget to check webserver
yum: name=wget state=latest
– name: check url
shell: /usr/bin/wget http://localhost
register: site_result
– name: display the site output
debug: var=site_result
[root@ansible ~]# ansible-playbook apache.yaml –syntax-check

playbook: apache.yaml

[root@ansible ~]# ssh-agent bash
[root@ansible ~]# ssh-add myawskey1.pem
Identity added: myawskey1.pem (myawskey1.pem)

[root@ansible ~]# ansible-playbook apache.yaml –private-key=myawskey1.pem

PLAY [aws] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [connect to remote server host ,execute yum update] ***************************************************************************************
ok: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [Install httpd] ***************************************************************************************************************************
ok: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [deploy the static website] ***************************************************************************************************************
changed: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [restart apache service] ******************************************************************************************************************
changed: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [install wget to check webserver] *********************************************************************************************************
ok: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [check url] *******************************************************************************************************************************
[WARNING]: Consider using get_url or uri module rather than running wget

changed: [ec2-54-91-71-247.compute-1.amazonaws.com]

TASK [display the site output] *****************************************************************************************************************
ok: [ec2-54-91-71-247.compute-1.amazonaws.com] => {
“changed”: false,
“site_result”: {
“changed”: true,
“cmd”: “/usr/bin/wget http://localhost&#8221;,
“delta”: “0:00:00.012242”,
“end”: “2017-05-16 08:58:27.743493”,
“rc”: 0,
“start”: “2017-05-16 08:58:27.731251”,
“stderr”: “–2017-05-16 08:58:27– http://localhost/\nResolving localhost (localhost)… 127.0.0.1\nConnecting to localhost (localhost)|127.0.0.1|:80… connected.\nHTTP request sent, awaiting response… 200 OK\nLength: 33 [text/html]\nSaving to: ‘index.html’\n\n 0K 100% 11.0M=0s\n\n2017-05-16 08:58:27 (11.0 MB/s) – ‘index.html’ saved [33/33]”,
“stderr_lines”: [
“–2017-05-16 08:58:27– http://localhost/&#8221;,
“Resolving localhost (localhost)… 127.0.0.1”,
“Connecting to localhost (localhost)|127.0.0.1|:80… connected.”,
“HTTP request sent, awaiting response… 200 OK”,
“Length: 33 [text/html]”,
“Saving to: ‘index.html’”,
“”,
” 0K 100% 11.0M=0s”,
“”,
“2017-05-16 08:58:27 (11.0 MB/s) – ‘index.html’ saved [33/33]”
],
“stdout”: “”,
“stdout_lines”: [],
“warnings”: [
“Consider using get_url or uri module rather than running wget”
]
}
}

PLAY RECAP *************************************************************************************************************************************
ec2-54-91-71-247.compute-1.amazonaws.com : ok=8 changed=3 unreachable=0 failed=0

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s