{"id":20901629,"url":"https://github.com/willfarrell/ansible-playbook-aws","last_synced_at":"2025-05-13T03:30:51.349Z","repository":{"id":142528652,"uuid":"85889142","full_name":"willfarrell/ansible-playbook-aws","owner":"willfarrell","description":"ansible playbook to setup minimal VPC, EC2, ELB, RDS","archived":false,"fork":false,"pushed_at":"2017-06-12T20:45:01.000Z","size":270,"stargazers_count":24,"open_issues_count":0,"forks_count":32,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-01T15:48:04.972Z","etag":null,"topics":["ansible","aws"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willfarrell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-23T00:21:06.000Z","updated_at":"2023-06-23T21:25:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"2aa3afb0-f52e-4ac6-88ed-dafa8d1bfd94","html_url":"https://github.com/willfarrell/ansible-playbook-aws","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willfarrell","download_url":"https://codeload.github.com/willfarrell/ansible-playbook-aws/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253867358,"owners_count":21976212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","aws"],"created_at":"2024-11-18T11:36:16.408Z","updated_at":"2025-05-13T03:30:51.337Z","avatar_url":"https://github.com/willfarrell.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-playbook-aws\n\n## Requirements\n- ansible \u003e= 2.3\n- AWS Account w/ IAM access\n\n## Setup\n```bash\n# 2017-04\nbrew install python\nsudo -H pip install --upgrade ansible\nsudo -H pip install --ignore-installed six\t# fix bug with boto\nsudo -H pip install --ignore-installed python-dateutil\t# fix bug with botocore\nsudo -H pip install --upgrade botocore boto boto3 passlib\nsudo -H pip install --upgrade --user awscli\n\n# bashrc\nexport PYTHONPATH=$(python -c \"from distutils.sysconfig import get_python_lib; print(get_python_lib())\")\nexport PATH=~/Library/Python/2.7/bin:$PATH\n\n# Other deps\n# mysql_*\nsudo -H pip install --upgrade MySQL-python\n```\n\n### Set org_id\nKeep it lowercase.\n- `./run`\n- `./playbook.yml`\n\n### IAM Policies\nThese step will allow you to create the necessary policies for all required ansible commands.\nRepeat each for all files in `docs/aws_policies`.\n\n1. Click [Policies](https://console.aws.amazon.com/iam/home#/policies) \n1. Click `Create Policy` \n1. Find `Create Your Own Policy`\n1. Click `Select`.\n1. Field `Policy Name`: Enter something like `ansible_{{file_name}}`.\n1. Field `Policy Document`: Paste contents of `{{file_name}}` into field.\n1. Click `Create Policy`.\n\n### IAM Group\n\n1. Click [Groups](https://console.aws.amazon.com/iam/home#/groups) \n1. Click `Create New Group`.\n1. Enter `ansible`.\n1. Click `Next Step`.\n1. Select all `ansible_*` policies (created above).\n1. Click `Next Step`.\n1. Click `Create Group`.\n\nAlso attach `AdministratorAccess`.\n\n### IAM User\n\n1. Click [Users](https://console.aws.amazon.com/iam/home#/users)\n1. Click `Add user`.\n1. Field `User name`: Enter `ansible`.\n1. Check `Programmatic access`.\n1. Click `Next: Permissions`.\n1. Select group `ansible` (created above).\n1. Click `Next: Review`.\n1. Click `Create user`.\n1. Save `Access key ID` and `Secret access key` to localhost.\n1. Click `Close`.\n\n### Setup secrets\n1. Create `~/.vault_password_{{ org_id }}` with the contents being a long random password.\n\n2. Create `group_vars/all/secrets.yml`.\n\n```yml\n---\n\n## AWS ##\n# IAM Access key\naws_access_key: ''\naws_secret_key: ''\n\n# RDS\ndb_password: ''\n```\n\n3. Encrypt secrets. `ansible-vault encrypt group_vars/all/secrets.yml --vault-password-file ~/.vault_password`\n\n## Run\n`./run`\n\n## 1. AWS VPC\n- [x] Setup localhost AWS profile\n- [x] Scaffold VPC networking\n- [x] Setup AWS private ssh key\n\n### TODO\n- [ ] Enable IPv6\n- [ ] BUG NAT deploys failed\n- [ ] Double check route table has working nat and matches\n- [ ] BUG DNS 8.8.8.8 not reachable from private subnet\n- [ ] Add `delete on termination` to ec2 volumes\n- [ ] Encrypted RDS not supported in ansible + boto - https://github.com/boto/boto/pull/3027\n\n## Security\n### AWS\n- [ ] update access policy (ansible user) https://awspolicygen.s3.amazonaws.com/policygen.html\n\n## TODO\n- [ ] docker swarm\n- [ ] elastic-cloud ansible\n- [ ] jenkins ansible","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fansible-playbook-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillfarrell%2Fansible-playbook-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fansible-playbook-aws/lists"}