- Lab
- A Cloud Guru
Accessing the AWS Console with Ansible
If our goal is configuring AWS using Ansible, the first thing that we need to do is configure our Ansible control node for the job, and provide appropriate credentials. In this hands-on lab, we will configure a new IAM user in the AWS console to allow Ansible to connect to the console programmatically. The credentials need to be protected, so they will be supplied by means of an encrypted Ansible vault.
Path Info
Table of Contents
-
Challenge
Create a new IAM user called `ansible` with programmatic access keys and the *AmazonEC2ReadOnlyAccess* role.
- Log into the AWS console using the provided AWS URL and
cloud_useraccount. - Search for IAM in the Find Services search box, and select the IAM that shows up in the pop up box.
- Select Users in the left menu.
- Click Add User at the top of the page.
- Provide the username ansible and check the box next to Programmatic access for access type.
- Click Next: Permissions.
- Select Attach existing policies directly and search for AmazonEC2ReadOnlyAccess using the filter policies search box.
- Check the box next to AmazonEC2ReadOnlyAccess.
- Click Next: Tags, then Next: Review, and lastly, after ensuring your configurations are correct, click Create user.
- Click Show under Secret access key to reveal the secret access key for the
ansibleuser. - Important! Copy the Access key ID and Secret access key to a place where you may access them later, like a text file.
- Log into the AWS console using the provided AWS URL and
-
Challenge
Edit the file `/home/ansible/keys.yml` and replace the place holders with the ansible IAM user's access key, secret key, and appropriate AWS region. Then encrypt the file using `ansible-vault`. The vault should use the password "I love ansible".
Log into the Ansible control node as the
ansibleuser.- Open
/home/ansible/keys.ymlusing a text editor such as Vim, and replace each place holder with the appropriate value. - Run
ansible-vault encrypt /home/ansible/keys.ymlusing the password "I love ansible".
- Open
-
Challenge
Install the necessary boto and boto3 packages on the Ansible control node.
- Log into the Ansible control node as the
ansibleuser. - Run the following command to install the boto packages on the Ansible control node:
sudo yum install -y python-boto python-boto3
- Log into the Ansible control node as the
-
Challenge
Run the provided playbook to validate that your `ansible` user and vault are correctly configured.
- Log into the Ansible control node as the
ansibleuser. - Run the following command:
ansible-playbook --ask-vault-pass /home/ansible/test-aws-connection.yml
- Log into the Ansible control node as the
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
