Hi everyone! I'm Dhona and this is my first series as well as first post on DEV. Here I'll create a series of how to use ansible to automate IAM service (because it's too long to explain it into a single post). If people are mostly busy with ansible to build infrastructure or deploy applications, now I want to start with something different.
As we all know, IAM is the free and most basic service in AWS but please never underestimate or skip it. IAM is the first service we need after we created an AWS (root) account. More about IAM, click here!
Before we start, we have to prepare two things just like we use ansible as usual. Those are inventory and playbook. Don't worry if you never use ansible! Ansible is easy to learn even for beginners or even don't have coding skills like me. Please ensure you have latest version of ansible along with the aws collection installed on your local device.
Click here for ansible installation!
To install AWS collections, you can simply run:
ansible-galaxy collection install amazon.aws
ansible-galaxy collection install community.aws
Note*: The services supported are based on modules availability of each collection.
Inventory is where we place list of our servers as the target hosts like this:
[production] 192.168.10.1 192.168.10.2
We can use format in INI or YAML as we use it for our playbook. Example above is in INI format. To run ansible for AWS, the target host is different. We use our local device (such as laptop) as the target because we will use ansible to run AWS command. So, the inventory goes like this:
all: hosts: localhost:
I give the file name as
host.yml. So, when we run the playbook. We will go with
--inventory host.yml or
-i host.yml for short.
Additional: In the inventory, we can also place variables.
all: hosts: localhost: temp_pass: passwordup2U! user1: name1 user2: name2 user3: name3 user4: name4 user5: name5 user6: name6 group1: developer group2: programmer group3: engineer
Never mind the value of the variables above. You can change them with your own values.
Playbook is where we place the tasks. We can divide multiple tasks inside a role or create it in a single task file. In this series, we will use and place it in a single task file because IAM is simple enough and we will use tag to run specific tasks. So we don't need too many playbook just for an IAM. I'll explain the task later.
- name: iam hosts: localhost connection: local gather_facts: no tasks:
For the playbook file, I give it a name
Then, we will use variable as well to specify the value or even multiple values. To specify multiple values, we can use loop instruction. Loop is also suitable for repeatable action.
For example, we can use the following formats:
loop: - variable1 - variable2
Both version are the same. Ansible will read the first format as same as the second format which is string. The first format is recommended (by me) because we can comment by adding hashtag in the front of the line to disable the value we don't need or uncomment when we need it again like this:
loop: # - variable1 - variable2
And last but not least, before we start. Don't forget to setup the credential (at least one IAM user) on your local device. That's something that goes with
aws configure, along with providing access key and secret access key. Please ensure you have AWS CLI installed on your local device first, click here for the instruction!
Note*: You can follow all the upcoming steps because we will delete all stuff at the end.
Alright! That's it for the Part 1. Please go to the Part 2 to start with the ansible.