Accessing the AWS Console with Ansible

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

If our goal is configuring AWS using Ansible, the first thing that we need to do is configure our Ansible control node for the job, and provide appropriate credentials. In this hands-on lab, we will configure a new IAM user in the AWS console to allow Ansible to connect to the console programmatically. The credentials need to be protected, so they will be supplied by means of an encrypted Ansible vault.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a new IAM user called `ansible` with programmatic access keys and the *AmazonEC2ReadOnlyAccess* role.
  • Log into the AWS console using the provided AWS URL and cloud_user account.
  • Search for IAM in the Find Services search box, and select the IAM that shows up in the pop up box.
  • Select Users in the left menu.
  • Click Add User at the top of the page.
  • Provide the username ansible and check the box next to Programmatic access for access type.
  • Click Next: Permissions.
  • Select Attach existing policies directly and search for AmazonEC2ReadOnlyAccess using the filter policies search box.
  • Check the box next to AmazonEC2ReadOnlyAccess.
  • Click Next: Tags, then Next: Review, and lastly, after ensuring your configurations are correct, click Create user.
  • Click Show under Secret access key to reveal the secret access key for the ansible user.
  • Important! Copy the Access key ID and Secret access key to a place where you may access them later, like a text file.
Edit the file `/home/ansible/keys.yml` and replace the place holders with the ansible IAM user’s access key, secret key, and appropriate AWS region. Then encrypt the file using `ansible-vault`. The vault should use the password “I love ansible”.

Log into the Ansible control node as the ansible user.

  • Open /home/ansible/keys.yml using a text editor such as Vim, and replace each place holder with the appropriate value.
  • Run ansible-vault encrypt /home/ansible/keys.yml using the password "I love ansible".
Install the necessary boto and boto3 packages on the Ansible control node.
  • Log into the Ansible control node as the ansible user.
  • Run the following command to install the boto packages on the Ansible control node:
    • sudo yum install -y python-boto python-boto3
Run the provided playbook to validate that your `ansible` user and vault are correctly configured.
  • Log into the Ansible control node as the ansible user.
  • Run the following command:
    • ansible-playbook --ask-vault-pass /home/ansible/test-aws-connection.yml

Additional Resources

We have been tasked with verifying Ansible connectivity to our company's fledgling AWS account. We need to create a dedicated IAM user for interacting with Ansible. We must also configure our Ansible control server to work with the AWS console, by installing necessary software packages and credential files. Once the configurations are completed, we can test connectivity with a provided playbook.

Using the AWS console:

  • Create a new IAM user called ansible with a pair of keys for programmatic access.
  • Assign the Ansible user the role AmazonEC2ReadOnlyAccess to allow EC2 fact access.

Working on the Ansible Control node:

  • Install necessary boto and boto3 packages on the Ansible control node.
  • Configure an Ansible Vault with the access ID key, secret key, and AWS region.
  • Run the provided playbook to validate that the ansible user and vault are correctly configured.

The Ansible control node has been configured for us, and Ansible is already installed there. The control node also has a system user named ansible configured with SSH access keys and all of the necessary system privileges. The default inventory has been configured to include the Ansible control host as localhost.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?