Skip to content

Instantly share code, notes, and snippets.

@nivleshc
Created March 12, 2019 11:45
Show Gist options
  • Save nivleshc/344dca91e3d0349c8a359b03853886be to your computer and use it in GitHub Desktop.
Save nivleshc/344dca91e3d0349c8a359b03853886be to your computer and use it in GitHub Desktop.
This Ansible playbook deploys an AWS environment, which consists of a VPC, a public and private subnet, a jumphost in the public subnet and a server in the private subnet
---
- hosts: localhost
connection: local
gather_facts: yes
vars:
- vpc_region: us-east-1
- my_useast1_key: my_northvirginia_keypair
tasks:
- name: create VPC for Ansible
ec2_vpc_net:
name: ansibleVPC
state: present
cidr_block: 172.32.0.0/16
region: "{{ vpc_region }}"
register: ansibleVPC
- name: display ansibleVPC results
debug: var=ansibleVPC
- name: create internet gateway for ansibleVPC
ec2_vpc_igw:
state: present
region: "{{ vpc_region }}"
vpc_id: "{{ ansibleVPC.vpc.id }}"
tags:
Name: ansibleVPC_IGW
register: ansibleVPC_igw
- name: display ansibleVPC IGW details
debug: var=ansibleVPC_igw
- name: obtain all AZ present in region {{ vpc_region }}
aws_az_facts:
region: "{{ vpc_region }}"
register: az_in_region
- name: display all AZ present in region {{ vpc_region }}
debug: var=az_in_region
#create public subnet in first az and private subnet in second az
- name: display AZ that will be used for public and private Subnets
debug:
msg:
- "public subnet in AZ: {{ az_in_region.availability_zones[0].zone_name }}"
- "private subnet in AZ: {{ az_in_region.availability_zones[1].zone_name }}"
- name: create public subnet in AZ {{ az_in_region.availability_zones[0].zone_name }}
ec2_vpc_subnet:
state: present
cidr: 172.32.1.0/24
az: "{{ az_in_region.availability_zones[0].zone_name }}"
vpc_id: "{{ ansibleVPC.vpc.id }}"
region: "{{ vpc_region }}"
map_public: yes
tags:
Name: public subnet
register: public_subnet
- name: show public subnet details
debug: var=public_subnet
- name: create private subnet in AZ {{ az_in_region.availability_zones[1].zone_name }}
ec2_vpc_subnet:
state: present
cidr: 172.32.2.0/24
az: "{{ az_in_region.availability_zones[1].zone_name }}"
vpc_id: "{{ ansibleVPC.vpc.id }}"
region: "{{ vpc_region }}"
resource_tags:
Name: private subnet
register: private_subnet
- name: show private subnet details
debug: var=private_subnet
- name: create new route table for public subnet
ec2_vpc_route_table:
state: present
region: "{{ vpc_region }}"
vpc_id: "{{ ansibleVPC.vpc.id }}"
tags:
Name: rt_ansibleVPC_PublicSubnet
subnets:
- "{{ public_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ ansibleVPC_igw.gateway_id }}"
register: rt_ansibleVPC_PublicSubnet
- name: display public route table
debug: var=rt_ansibleVPC_PublicSubnet
- name: create a security group for jumphosts
ec2_group:
state: present
name: sg_ansibleVPC_publicsubnet_jumphost
description: security group for jumphosts within the public subnet of ansible VPC
vpc_id: "{{ ansibleVPC.vpc.id }}"
region: "{{ vpc_region }}"
rules:
- proto: tcp
ports:
- 3389
cidr_ip: 0.0.0.0/0
rule_desc: allow rdp to jumphost
register: sg_ansibleVPC_publicsubnet_jumphost
- name: display details for jumphost security group
debug: var=sg_ansibleVPC_publicsubnet_jumphost
- name: deploy a windows 2016 jumphost
ec2:
key_name: "{{ my_useast1_key }}"
instance_type: t2.micro
image: ami-0bf148826ef491d16
group_id: "{{ sg_ansibleVPC_publicsubnet_jumphost.group_id }}"
vpc_subnet_id: "{{ public_subnet.subnet.id }}"
assign_public_ip: yes
region: "{{ vpc_region }}"
instance_tags:
Name: win2016jh
count_tag:
Name: win2016jh
exact_count: 1
register: win2016jh
- name: display details for windows 2016 jumphost
debug: var=win2016jh
#create a security group for the private subnet which allows restricted access from public subnet
- name: create a security group for servers in private subnet with only tcp 3389 incoming
ec2_group:
state: present
name: sg_ansibleVPC_privatesubnet_servers
description: security group for private subnet that allows limited access from public subnet
vpc_id: "{{ ansibleVPC.vpc.id }}"
region: "{{ vpc_region }}"
rules:
- proto: tcp
ports: 3389
group_name: sg_ansibleVPC_publicsubnet_jumphost
rule_desc: allow only rdp access from public to private subnet servers
register: sg_ansibleVPC_privatesubnet_servers
- name: display details for private subnet security group
debug: var=sg_ansibleVPC_privatesubnet_servers
- name: deploy a windows 2016 server in private subnet
ec2:
key_name: "{{ my_useast1_key }}"
instance_type: t2.micro
image: ami-0bf148826ef491d16
group_id: "{{ sg_ansibleVPC_privatesubnet_servers.group_id }}"
vpc_subnet_id: "{{ private_subnet.subnet.id }}"
assign_public_ip: no
region: "{{ vpc_region }}"
instance_tags:
Name: win2016svr
count_tag:
Name: win2016svr
exact_count: 1
register: win2016svr
- name: display details for windows 2016 server in private subnet
debug: var=win2016svr
@infintropy
Copy link

Nice structure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment