Hi everyone! I'm Dhona and this is my first series as well as my first post on DEV. Here I'll create a series of how to use Ansible to automate IAM service (because it's too long to explain it in a single post). If people are mostly busy with Ansible to build infrastructure or deploy applications, now I want to start with something different.
As we all know, IAM is the free and most basic service in AWS but please never underestimate or skip it. IAM is the first service we need after we create an AWS (root) account. More about IAM, click here!
Before we start, we have to prepare two things just like we use ansible as usual. Those are the inventory and playbook. Don't worry if you never use Ansible! Ansible is easy to learn even for beginners or even don't have coding skills like me. Please ensure you have the latest version of Ansible along with the AWS collection installed on your local device.
Click here for ansible installation!
To install AWS collections, you can simply run:
ansible-galaxy collection install amazon.awsansible-galaxy collection install community.aws
Note*: The services supported are based on the module availability of each collection.
Inventory
Inventory is where we place a list of our servers as the target hosts like this:
[production]
192.168.10.1
192.168.10.2
We can use the format in INI or YAML as we use it for our playbook. The example above is in INI format. To run ansible for AWS, the target host is different. We use our local device (such as a laptop) as the target because we will use Ansible to run the AWS command. So, the inventory goes like this:
all:
hosts:
localhost:
I give the file name host.yml. So, when we run the playbook. We will go with --inventory host.yml or -i host.yml for short.
Additional: In the inventory, we can also place variables. For example:
all:
hosts:
localhost:
temp_pass: passwordup2U!
user1: name1
user2: name2
user3: name3
user4: name4
user5: name5
user6: name6
group1: developer
group2: programmer
group3: engineer
Never mind the value of the variables above. You can change them with your own values.
Playbook
A playbook is where we place the tasks. We can divide multiple tasks inside a role or create it in a single task file. In this series, we will use and place it in a single task file because IAM is simple enough and we will use tag to run specific tasks. So we don't need too many playbooks just for an IAM. I'll explain the task later.
- name: iam
hosts: localhost
connection: local
gather_facts: no
tasks:
For the playbook file, I give it a name iam.yml.
Then, we will use variables as well to specify the value or even multiple values. To specify multiple values, we can use loop instruction. A loop is also suitable for repeatable action.
For example, we can use the following formats:
loop:
- variable1
- variable2
or
loop: [variable1,variable2]
Both versions are the same. Ansible will read the first format as same as the second format which is string. The first format is recommended (by me) because we can comment by adding a hashtag in the front of the line to disable the value we don't need or uncomment when we need it again like this:
loop:
# - variable1
- variable2
And last but not least, before we start. Don't forget to set up the credentials (at least one IAM user) on your local device. That's something that goes with aws configure, along with providing an access key and secret access key. Please ensure you have AWS CLI installed on your local device first, click here for the instruction!
Note*: You can follow all the upcoming steps because we will delete all the stuff at the end.
Alright! That's it for the Part 1. Please go to the Part 2 to start with the ansible.
Top comments (0)