DEV Community: OringeJooz The latest articles on DEV Community by OringeJooz (@oringejooz). https://dev.to/oringejooz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3090370%2Fa0a381a6-84ef-4b85-acee-ef9545aaddc2.jpeg DEV Community: OringeJooz https://dev.to/oringejooz en Mastering AWS with Ansible OringeJooz Fri, 25 Apr 2025 19:10:52 +0000 https://dev.to/oringejooz/mastering-aws-with-ansible-le3 https://dev.to/oringejooz/mastering-aws-with-ansible-le3 <h1> 10 Must-Know Commands for Cloud Automation </h1> <p>As someone who recently dove into Ansible for managing AWS infrastructure (shoutout to my lab with Amazon Linux instances!), I’ve seen firsthand how this tool transforms cloud management. Ansible, an open-source automation powerhouse, simplifies AWS tasks with its agentless design and YAML-based playbooks. In this post, I’ll share 10 essential Ansible commands that have leveled up my AWS game, perfect for DevOps folks, cloud admins, or developers eager to automate.</p> <p>This guide is for anyone looking to streamline AWS infrastructure management. Let’s explore why Ansible rocks for AWS and the commands that make it shine.</p> <h2> Why Ansible for AWS? </h2> <p>Ansible’s magic lies in its:</p> <ul> <li> <strong>No agents needed</strong>: Manage nodes without installing software, keeping things lightweight.</li> <li> <strong>AWS-native modules</strong>: Built-in support for EC2, S3, RDS, IAM, and beyond.</li> <li> <strong>Simple YAML playbooks</strong>: Write readable code to define infrastructure states.</li> <li> <strong>Idempotent execution</strong>: Run tasks repeatedly without breaking things.</li> <li> <strong>Vibrant community</strong>: Tons of AWS-focused modules and playbooks to tap into.</li> </ul> <p>From spinning up EC2 instances to securing S3 buckets, Ansible makes AWS management a breeze. Below are 10 commands I’ve found indispensable for AWS automation.</p> <h2> Prerequisites </h2> <p>Before diving in, ensure:</p> <ul> <li>Ansible is installed (<code>pip install ansible</code> or <code>sudo apt install ansible</code>).</li> <li>AWS CLI is set up with credentials (<code>aws configure</code>).</li> <li> <code>boto3</code> is installed for AWS modules (<code>pip install boto3</code>).</li> <li>An IAM role with permissions for your tasks (learned this the hard way in my lab!).</li> </ul> <h2> 10 Essential Ansible Commands for AWS </h2> <h3> 1. Spin Up an EC2 Instance </h3> <p>The <code>ec2_instance</code> module launches EC2 instances with custom specs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Launch EC2 instance</span> <span class="na">amazon.aws.ec2_instance</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-server"</span> <span class="na">key_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-key-pair"</span> <span class="na">instance_type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">t2.micro"</span> <span class="na">image_id</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ami-0c55b159cbfafe1f0"</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">vpc_subnet_id</span><span class="pi">:</span> <span class="s2">"</span><span class="s">subnet-12345678"</span> <span class="na">security_group_ids</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">sg-12345678"</span><span class="pi">]</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> <span class="na">register</span><span class="pi">:</span> <span class="s">ec2</span> </code></pre> </div> <p><strong>Use case</strong>: Quickly deploy servers for apps or testing.</p> <h3> 2. Terminate an EC2 Instance </h3> <p>Clean up resources by terminating instances.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terminate EC2 instance</span> <span class="na">amazon.aws.ec2_instance</span><span class="pi">:</span> <span class="na">instance_ids</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">i-1234567890abcdef0"</span><span class="pi">]</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">absent</span> </code></pre> </div> <p><strong>Use case</strong>: Shut down unused instances to save costs.</p> <h3> 3. Create an S3 Bucket </h3> <p>The <code>s3_bucket</code> module sets up S3 buckets for storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create S3 bucket</span> <span class="na">amazon.aws.s3_bucket</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-bucket-2025-orange"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-west-2"</span> <span class="na">versioning</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p><strong>Use case</strong>: Store backups, host static sites, or manage data lakes.</p> <h3> 4. Upload Files to S3 </h3> <p>Push files to S3 with the <code>aws_s3</code> module.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload file to S3</span> <span class="na">amazon.aws.aws_s3</span><span class="pi">:</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-bucket-2025-orange"</span> <span class="na">object</span><span class="pi">:</span> <span class="s2">"</span><span class="s">configs/app.yaml"</span> <span class="na">src</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/local/configs/app.yaml"</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">put</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-west-2"</span> </code></pre> </div> <p><strong>Use case</strong>: Automate uploads for configs or assets.</p> <h3> 5. Set Up a Security Group </h3> <p>Define network rules with <code>ec2_security_group</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create security group</span> <span class="na">amazon.aws.ec2_security_group</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-sg"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Security</span><span class="nv"> </span><span class="s">group</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">app</span><span class="nv"> </span><span class="s">servers"</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">proto</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">from_port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">to_port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">cidr_ip</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.0.0.0/0"</span> <span class="pi">-</span> <span class="na">proto</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">from_port</span><span class="pi">:</span> <span class="m">22</span> <span class="na">to_port</span><span class="pi">:</span> <span class="m">22</span> <span class="na">cidr_ip</span><span class="pi">:</span> <span class="s2">"</span><span class="s">203.0.113.0/24"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> </code></pre> </div> <p><strong>Use case</strong>: Lock down EC2 instances with precise access rules.</p> <h3> 6. Create IAM Roles </h3> <p>The <code>iam_role</code> module manages IAM roles for AWS resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create IAM role</span> <span class="na">amazon.aws.iam_role</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AppS3AccessRole"</span> <span class="na">assume_role_policy_document</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">lookup('file',</span><span class="nv"> </span><span class="s">'trust-policy.json')</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">managed_policy_arns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> </code></pre> </div> <p><strong>Use case</strong>: Enable EC2 or Lambda to access S3 securely.</p> <h3> 7. Deploy an RDS Database </h3> <p>The <code>rds_instance</code> module provisions managed databases.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create RDS instance</span> <span class="na">amazon.aws.rds_instance</span><span class="pi">:</span> <span class="na">db_instance_identifier</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-db"</span> <span class="na">engine</span><span class="pi">:</span> <span class="s2">"</span><span class="s">mysql"</span> <span class="na">instance_class</span><span class="pi">:</span> <span class="s2">"</span><span class="s">db.t3.micro"</span> <span class="na">allocated_storage</span><span class="pi">:</span> <span class="m">20</span> <span class="na">master_username</span><span class="pi">:</span> <span class="s2">"</span><span class="s">admin"</span> <span class="na">master_user_password</span><span class="pi">:</span> <span class="s2">"</span><span class="s">SecurePass123"</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> </code></pre> </div> <p><strong>Use case</strong>: Set up databases for apps with minimal effort.</p> <h3> 8. Start/Stop EC2 Instances </h3> <p>Manage instance states to optimize costs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Stop EC2 instance</span> <span class="na">amazon.aws.ec2_instance</span><span class="pi">:</span> <span class="na">instance_ids</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">i-1234567890abcdef0"</span><span class="pi">]</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">stopped</span> </code></pre> </div> <p><strong>Use case</strong>: Pause dev environments during downtime.</p> <h3> 9. Configure Auto Scaling </h3> <p>The <code>autoscaling_group</code> module ensures app scalability.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create Auto Scaling group</span> <span class="na">amazon.aws.autoscaling_group</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-asg"</span> <span class="na">launch_template</span><span class="pi">:</span> <span class="na">launch_template_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-template"</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$Latest"</span> <span class="na">min_size</span><span class="pi">:</span> <span class="m">2</span> <span class="na">max_size</span><span class="pi">:</span> <span class="m">4</span> <span class="na">desired_capacity</span><span class="pi">:</span> <span class="m">2</span> <span class="na">vpc_zone_identifier</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">subnet-12345678"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">subnet-87654321"</span><span class="pi">]</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> </code></pre> </div> <p><strong>Use case</strong>: Keep web apps available under varying loads.</p> <h3> 10. Execute Commands on EC2 </h3> <p>Run shell commands on instances via the <code>command</code> module.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update EC2 packages</span> <span class="na">ansible.builtin.command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sudo</span><span class="nv"> </span><span class="s">yum</span><span class="nv"> </span><span class="s">update</span><span class="nv"> </span><span class="s">-y"</span> <span class="na">delegate_to</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">ec2_instance_public_ip</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">become</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p><strong>Use case</strong>: Automate system updates or software installs.</p> <h2> Best Practices for Ansible on AWS </h2> <ul> <li> <strong>Modularize with roles</strong>: Structure playbooks for reuse.</li> <li> <strong>Secure secrets</strong>: Use Ansible Vault or IAM roles for credentials.</li> <li> <strong>Dry-run playbooks</strong>: Test with <code>--check</code> to avoid surprises.</li> <li> <strong>Tag everything</strong>: Track AWS resources with consistent tags.</li> <li> <strong>Audit actions</strong>: Pair with CloudTrail for change monitoring.</li> </ul> <h2> Conclusion </h2> <p>After setting up my first Ansible lab on AWS, I’m hooked on its power to automate cloud tasks. These 10 commands—from launching EC2 instances to scaling apps—have made managing AWS infrastructure faster and more reliable. Try them in your next project and share your results in the comments! For more DevOps adventures, follow me on <a href="https://dev.to/oringejooz">Dev.to</a>.</p> <p><em>Happy automating from oringejooz!</em></p> devops beginners ansible cloud