Learning Ansible 2.7 by Fabio Alessandro Locati

Author:Fabio Alessandro Locati
Language: eng
Format: epub
Publisher: Packt Publishing
Published: 2019-04-30T16:46:48+00:00

If you declared an entry for your public zone but not in the private one, the machines in the VPC will not be able to resolve that entry.

After you have created the public zone, AWS will give you a few name server IP addresses and you need to put those in your register/root zone DNS so that you can actually resolve those DNS.

Simple AWS deployment

As we said previously, the first thing that we will need is the networking up. For this example, we will need just one single network in one AZ and all our machines will stay there.

In this section, we will be working in the playbooks/aws_simple_provision.yaml file.

The first two lines are just used to declare the host that will perform the commands (localhost) and the beginning of the tasks section:

- hosts: localhost tasks:

First, we are going to ensure that the public/private key pair is present:

- name: Ensure key pair is present

ec2_key:

name: fale

key_material: "{{ lookup('file', '~/.ssh/fale.pub') }}"

In AWS, we need to have a VPC network and subnetwork. By default, they are already there, but if you need it, you can do the following to create the VPC network:

- name: Ensure VPC network is present ec2_vpc_net: name: NET_NAME state: present cidr_block: 10.0.0.0/16 region: AWS_REGION register: aws_net - name: Ensure the VPC subnetwork is present ec2_vpc_subnet: state: present az: AWS_AZ vpc_id: '{{ aws_simple_net.vpc_id }}' cidr: 10.0.1.0/24 register: aws_subnet

Since we are using the default VPC, we need to query AWS to know the VPC network and subnetwork values:

- name: Ensure key pair is present

ec2_key:

name: fale

key_material: "{{ lookup('file', '~/.ssh/fale.pub') }}"

- name: Gather information of the EC2 VPC net in eu-west-1

ec2_vpc_net_facts:

region: eu-west-1

register: aws_simple_net

- name: Gather information of the EC2 VPC subnet in eu-west-1

ec2_vpc_subnet_facts:

region: eu-west-1

filters:

vpc-id: '{{ aws_simple_net.vpcs.0.id }}'

register: aws_simple_subnet

Now we have all the information we need on the network and subnetwork, we can move to security groups. We can do this with the ec2_group module. In the AWS world, security groups are used for firewalling. Security groups are very similar to groups of firewall rules that share the same destination (for ingress rules) or the same destination (for egress rules). Three differences with standard firewalls rules are actually worth mentioning:

Multiple security groups can be applied to the same EC2 instance.

As a source (for ingress rules) or destination (for egress rules), you can specify one of the following: An instance ID

Another security group

An IP range

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.