Ansible ans Amazon AWS services can cooperate nicely, here are the slides I used for talk: https://www.youtube.com/watch?list=PLub6xBWO8gV_Mr-UuxrHcfUbuGv5n_N5g&v=vPes2x5ToUk

1. Ansible + Amazon AWS

2. Amazon AWS
● Started as flexible virtual machine provider with
pay per hour billing.
● Evolved to provide PaaS for all usual work
loads.
● Performance/price ratio bigger, than for
dedicated servers, but great flexibility and you
can save your time (Time is money, friend!).
● Immutable architecture ready!

3. AWS architecture
● Regions
– On several places thru world
● Availability zones
– Region has several availability zones, isolated from
each other
● NAT
– Internal IP`s only
– 1:1 nat if public IP enabled

4. Security first
● IAM
– 2FA
– Ec2 roles
● Individual user for ansible
– Only the permissions that are needed (you do not
want to be bitcoin miner)
– Cost alert

5. AWS architecture (networking)
● Virtual private cloud (VPC)
– Isolated internal network inside AWS
– You can define own VPC for mysql instances, for app server
instances, …
– Can be connected thru VPN to your company internal
network (paid service).
● Security groups
– Firewall, by default nothing in, all out.
– One server instance can have more atached security groups

6. AWS (LB, server instances)
● Elastic Load Balancer (ELB)
– Scalable load balancer, capable of http, https
(HTTP/2 not yet available :()
– CNAME only, do not use IP address
● EC2 (Server instances)
– Work with cattles, not pets
– Predefined images (AMIs) – can be easily created
by ansible

7. AWS RDS
● Database as a server
● Supports MySQL, MSSQL, Postgres, …
● Can create HA instance of database thru 2
availability zones in one region with automatic
failover.
● Snapshots, auto upgrades (maintenance time
schedulable).

8. Autoscaling group + Cloudformation
● Autoscaling ensures that you have servers
running. If some instance stop working, it is
automagically trashed and new one is spawned
● Cloudformation
– Infrastructure as a code tool
– You can describe your platform and magic will
happen

9. Ansible
● Easy to start
● Agentless
● Secure
● Data driven
● Idempotent

10. Key concepts
● Inventory
– List of managed computers, can be grouped.
– Default in /etc/ansible/hosts.
– May be dynamically generated.
● Module
– Basic work units.
– Plenty of them (hundreds) available.
– Template, copy, user, ...
– http://docs.ansible.com/ansible/list_of_all_modules.html

11. Key concepts (2)
● Variables
– Defined on multiple levels (host, group, inventory).
– Used for conditionals and in templates.
● Facts
– Special variables taken from server (hostname,
date and time, networking setup, …).
– ansible -m setup localhost

12. Key concepts (3)
● Task
– One task do one thing (usually it is module invocation).
● Play
– Set of tasks that run on group of computers.
● Playbook
– Bunch of plays in one file.
● Role
– Encapsulate set of tasks, variables, templates, files together.

13. Gluing it together
● Ansible has plenty of AWS modules
– http://docs.ansible.com/ansible/list_of_cloud_modules.h
● Internally it is using python boto library, can do
anything, boto can.
● Dynamic inventory.
● Tags, tags everywhere!

14. Thanks!
David Karban
david@karban.eu
www.karban.eu
https://twitter.com/davidkarban
https://github.com/davidkarban/
Advertisement: We are training ansible:
www.ansible.cz