cloudformation ansible server builder

View Repository

What it is

This project automates the deployment of AWS infrastructure using AWS CloudFormation and Ansible. The architecture includes a bastion host for secure access, an Ansible Control Node for configuration management, and the necessary AWS resources such as a VPC, subnets, security groups, and gateways.

How it's built

  1. AWS Infrastructure Creation:
  • Utilizes CloudFormation to provision a Virtual Private Cloud (VPC) with dedicated public and private subnets.
  • Configures essential components including security groups, an Internet Gateway (IG), a NAT Gateway, and EC2 instances for both the bastion host and the Ansible Control Node.

A diagram of the architecture

  1. Ansible Control Node:
  • The Ansible Control Node is bootstrapped during deployment to install Ansible, Python, Git, and boto3.
  • A Git repository containing all necessary Ansible playbooks is cloned to facilitate server management.

An image of the CFN bootstrapping

  1. Secure Access:
  • SSH access to the Ansible Control Node is established through the bastion host, ensuring secure management of the infrastructure.
  1. Playbook Execution:
  • Ansible playbooks are executed from the Control Node to create and configure test servers according to predefined specifications.
# launch EC2 instance
ansible-playbook playbooks/launch_ec2.yml -e "key_name=your-key-name instance_type=t2.micro ami_id=ami-06b21ccaeff8cd686 region=us-east-1"

# terminate EC2 instances
ansible-playbook playbooks/terminate_ec2.yml -e "region=us-east-1"

An image of the ansible playbook

Technologies

  • AWS CloudFormation: For provisioning and managing AWS infrastructure components like VPC, subnets, security groups, and EC2 instances.
  • Ansible: As the automation tool for configuration management and server provisioning.
  • Python: Required for running Ansible and its modules on the control node and managed nodes.
  • Git: For version control of Ansible playbooks and CloudFormation templates.
  • boto3: The AWS SDK for Python, used for interacting with AWS services programmatically.
  • SSH: For secure communication between the Ansible Control Node and managed instances.

Lessons learned

Security Best Practices:

  • Implementing a bastion host for SSH access enhanced security by limiting direct access to the Ansible Control Node. This highlighted the importance of following best practices for secure cloud architecture. I would likely use a VPN if I was implementing this again.

Dependency Management:

  • Managing dependencies required some planning in the bootstrap process. Utilizing cfn-init proved effective for bootstrapping.

Git Repository Management:

  • Cloning the Git repository with sparse checkout was helpful for managing only necessary files, but it required a clear understanding of repository structure. Future projects I would probably use a different solution.