├── .gitignore ├── 1-simple-vpc ├── inventory ├── playbook.yml ├── roles │ └── vpc │ │ └── tasks │ │ └── main.yml └── vars.yml.dist ├── 2-private-vpc ├── inventory ├── playbook.yml ├── roles │ └── vpc │ │ └── tasks │ │ └── main.yml └── vars.yml.dist ├── 3-ha-private-vpc ├── inventory ├── playbook.yml ├── roles │ └── vpc │ │ └── tasks │ │ └── main.yml └── vars.yml.dist └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | vars.yml 2 | -------------------------------------------------------------------------------- /1-simple-vpc/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost ansible_connection=local 3 | -------------------------------------------------------------------------------- /1-simple-vpc/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: local 4 | roles: 5 | - vpc 6 | -------------------------------------------------------------------------------- /1-simple-vpc/roles/vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # roles/vpc/tasks/main.yml 4 | 5 | 6 | # First task : creating the VPC. 7 | # We are using the variables set in the vars.yml file. 8 | # The module gives us back its result, 9 | # which contains information about our new VPC. 10 | # We register it in the variable my_vpc. 11 | 12 | - name: Create VPC 13 | ec2_vpc_net: 14 | name: "{{ vpc_name }}" 15 | cidr_block: "{{ vpc_cidr_block }}" 16 | region: "{{ aws_region }}" 17 | aws_access_key: "{{ aws_access_key }}" 18 | aws_secret_key: "{{ aws_secret_key }}" 19 | state: "present" 20 | register: my_vpc 21 | 22 | 23 | # We now use the set_fact module 24 | # to save the id of the VPC in a new variable. 25 | 26 | - name: Set VPC ID in variable 27 | set_fact: 28 | vpc_id: "{{ my_vpc.vpc.id }}" 29 | 30 | 31 | # Creating our only Subnet in the VPC. 32 | # A subnet needs to be located in an Availability Zone (or AZ). 33 | # Again, we register the results in a variable for later. 34 | 35 | - name: Create Public Subnet 36 | ec2_vpc_subnet: 37 | state: "present" 38 | vpc_id: "{{ vpc_id }}" 39 | cidr: "{{ public_subnet_1_cidr }}" 40 | az: "{{ aws_region }}a" 41 | region: "{{ aws_region }}" 42 | aws_access_key: "{{ aws_access_key }}" 43 | aws_secret_key: "{{ aws_secret_key }}" 44 | resource_tags: 45 | Name: "Public Subnet" 46 | register: my_public_subnet 47 | 48 | 49 | # We save the id of the Public Subnet in a new variable. 50 | 51 | - name: Set Public Subnet ID in variable 52 | set_fact: 53 | public_subnet_id: "{{ my_public_subnet.subnet.id }}" 54 | 55 | 56 | # Every VPC needs at least one Internet Gateway. 57 | # This component allows traffic between the VPC and the outside world. 58 | 59 | - name: Create Internet Gateway for VPC 60 | ec2_vpc_igw: 61 | vpc_id: "{{ vpc_id }}" 62 | region: "{{ aws_region }}" 63 | aws_access_key: "{{ aws_access_key }}" 64 | aws_secret_key: "{{ aws_secret_key }}" 65 | state: "present" 66 | register: my_vpc_igw 67 | 68 | 69 | # We save the id of the Internet Gateway in a new variable. 70 | 71 | - name: Set Internet Gateway ID in variable 72 | set_fact: 73 | igw_id: "{{ my_vpc_igw.gateway_id }}" 74 | 75 | 76 | # Now we set up a Route Table. 77 | # We attach that Route Table to the Public Subnet. 78 | # The route we create here defines the default routing 79 | # of the table, directing requests to the Internet Gateway. 80 | # We don't see it here, but the route table will also contain 81 | # a route for resources inside the VPC, so that if we need 82 | # to reach an internal resource, we don't go to the Internet 83 | # Gateway. 84 | 85 | - name: Set up public subnet route table 86 | ec2_vpc_route_table: 87 | vpc_id: "{{ vpc_id }}" 88 | region: "{{ aws_region }}" 89 | aws_access_key: "{{ aws_access_key }}" 90 | aws_secret_key: "{{ aws_secret_key }}" 91 | tags: 92 | Name: "Public" 93 | subnets: 94 | - "{{ public_subnet_id }}" 95 | routes: 96 | - dest: "0.0.0.0/0" 97 | gateway_id: "{{ igw_id }}" 98 | 99 | 100 | # Finally, we create our Main Security Group. 101 | # Basically the idea here is to allow SSH access 102 | # from your IP to the EC2 resources you will 103 | # start in your VPC. 104 | 105 | - name: Create Main Security Group 106 | ec2_group: 107 | name: "My Security Group" 108 | description: "My Security Group" 109 | vpc_id: "{{ vpc_id }}" 110 | region: "{{ aws_region }}" 111 | aws_access_key: "{{ aws_access_key }}" 112 | aws_secret_key: "{{ aws_secret_key }}" 113 | rules: 114 | - proto: "tcp" 115 | from_port: "22" 116 | to_port: "22" 117 | cidr_ip: "{{ my_ip }}/32" 118 | -------------------------------------------------------------------------------- /1-simple-vpc/vars.yml.dist: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ############################ 4 | # Used in parts 1, 2 and 3 # 5 | ############################ 6 | 7 | # AWS Credentials 8 | aws_access_key: "THISISMYAWSACCESSKEY" 9 | aws_secret_key: "ThisIsMyAwSSecretKey" 10 | aws_region: "eu-west-1" 11 | 12 | # VPC Information 13 | vpc_name: "My VPC" 14 | vpc_cidr_block: "10.0.0.0/16" 15 | 16 | # For Security Group Rule 17 | my_ip: "X.X.X.X" 18 | 19 | # Subnets 20 | public_subnet_1_cidr: "10.0.1.0/24" 21 | 22 | ############################ 23 | # Used in parts 2 and 3 # 24 | ############################ 25 | 26 | # Subnets 27 | private_subnet_1_cidr: "10.0.2.0/24" 28 | 29 | ############################ 30 | # Used in part 3 only # 31 | ############################ 32 | 33 | # Subnets 34 | public_subnet_2_cidr: "10.0.11.0/24" 35 | private_subnet_2_cidr: "10.0.12.0/24" 36 | -------------------------------------------------------------------------------- /2-private-vpc/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost ansible_connection=local 3 | -------------------------------------------------------------------------------- /2-private-vpc/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: local 4 | roles: 5 | - vpc 6 | -------------------------------------------------------------------------------- /2-private-vpc/roles/vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # roles/vpc/tasks/main.yml 4 | 5 | 6 | # First task : creating the VPC. 7 | # We are using the variables set in the vars.yml file. 8 | # The module gives us back its result, 9 | # which contains information about our new VPC. 10 | # We register it in the variable my_vpc. 11 | 12 | - name: Create VPC 13 | ec2_vpc_net: 14 | name: "{{ vpc_name }}" 15 | cidr_block: "{{ vpc_cidr_block }}" 16 | region: "{{ aws_region }}" 17 | aws_access_key: "{{ aws_access_key }}" 18 | aws_secret_key: "{{ aws_secret_key }}" 19 | state: "present" 20 | register: my_vpc 21 | 22 | - name: Set VPC ID in variable 23 | set_fact: 24 | vpc_id: "{{ my_vpc.vpc.id }}" 25 | 26 | 27 | # Now let's create the subnets. 28 | # One public, one private. 29 | # Both subnets are located in the same AZ. 30 | # Again, we save their ids in variables. 31 | 32 | - name: Create Public Subnet 33 | ec2_vpc_subnet: 34 | state: "present" 35 | vpc_id: "{{ vpc_id }}" 36 | cidr: "{{ public_subnet_1_cidr }}" 37 | az: "{{ aws_region }}a" 38 | region: "{{ aws_region }}" 39 | aws_access_key: "{{ aws_access_key }}" 40 | aws_secret_key: "{{ aws_secret_key }}" 41 | resource_tags: 42 | Name: "Public Subnet" 43 | register: my_public_subnet 44 | 45 | - name: Set Public Subnet ID in variable 46 | set_fact: 47 | public_subnet_id: "{{ my_public_subnet.subnet.id }}" 48 | 49 | - name: Create Private Subnet 50 | ec2_vpc_subnet: 51 | state: "present" 52 | vpc_id: "{{ vpc_id }}" 53 | cidr: "{{ private_subnet_1_cidr }}" 54 | az: "{{ aws_region }}a" 55 | region: "{{ aws_region }}" 56 | aws_access_key: "{{ aws_access_key }}" 57 | aws_secret_key: "{{ aws_secret_key }}" 58 | resource_tags: 59 | Name: "Private Subnet" 60 | register: my_private_subnet 61 | 62 | - name: Set Private Subnet ID in variable 63 | set_fact: 64 | private_subnet_id: "{{ my_private_subnet.subnet.id }}" 65 | 66 | 67 | # Every VPC needs at least one Internet Gateway. 68 | # This component allows traffic between the VPC and the outside world. 69 | 70 | - name: Create Internet Gateway for VPC 71 | ec2_vpc_igw: 72 | vpc_id: "{{ vpc_id }}" 73 | region: "{{ aws_region }}" 74 | aws_access_key: "{{ aws_access_key }}" 75 | aws_secret_key: "{{ aws_secret_key }}" 76 | state: "present" 77 | register: my_vpc_igw 78 | 79 | - name: Set Internet Gateway ID in variable 80 | set_fact: 81 | igw_id: "{{ my_vpc_igw.gateway_id }}" 82 | 83 | 84 | # Now we create an AWS Elastic IP. 85 | # This is the IP address we will attach to the NAT Gatway. 86 | # From that moment, we will own that IP address. 87 | # That means if later we want to use a different service for NAT, 88 | # we will be able to use that IP. Pretty useful. 89 | 90 | - name: Setup AWS CLI (1/3) 91 | shell: > 92 | aws configure set aws_access_key_id "{{ aws_access_key }}" 93 | 94 | - name: Setup AWS CLI (2/3) 95 | shell: > 96 | aws configure set aws_secret_access_key "{{ aws_secret_key }}" 97 | 98 | - name: Setup AWS CLI (3/3) 99 | shell: > 100 | aws configure set region {{ aws_region }} 101 | 102 | - name: Create Elastic IP 103 | shell: > 104 | aws ec2 allocate-address --domain vpc --query AllocationId | tr -d '"' 105 | register: eip 106 | 107 | - debug: var=eip 108 | 109 | - name: Set EIP in variable 110 | set_fact: 111 | my_elastic_ip: "{{ eip.stdout }}" 112 | 113 | 114 | # Time to create the NAT Gateway. 115 | # As you can see, we attach a NAT Gateway to a public subnet. 116 | # This is where the service will be located. 117 | 118 | - name: Create NAT Gateway 119 | shell: > 120 | aws ec2 create-nat-gateway \ 121 | --subnet-id {{ public_subnet_id }} \ 122 | --allocation-id {{ my_elastic_ip }} \ 123 | --query NatGateway.NatGatewayId | tr -d '"' 124 | register: my_nat_gateway 125 | 126 | - name: Set Nat Gateway ID in variable 127 | set_fact: 128 | nat_gateway_id: "{{ my_nat_gateway.stdout }}" 129 | 130 | - pause: seconds=5 131 | 132 | 133 | # Now we set up the Route Tables. 134 | # We will have one RT for the public subnet, 135 | # and one for the private subnet. 136 | # You can see that the Route Table for the private subnet 137 | # will redirect default destinations to the NAT Gateway 138 | # and the Route Table for the public subnet will use the 139 | # Internet Gateway. 140 | # 141 | # We don't see it here, but the Route Tables will also contain 142 | # a route for resources inside the VPC, so that if we need 143 | # to reach an internal resource, we don't go to the Internet 144 | # Gateway or the NAT Gateway 145 | 146 | 147 | - name: Set up public subnet route table 148 | ec2_vpc_route_table: 149 | vpc_id: "{{ vpc_id }}" 150 | region: "{{ aws_region }}" 151 | aws_access_key: "{{ aws_access_key }}" 152 | aws_secret_key: "{{ aws_secret_key }}" 153 | tags: 154 | Name: "Public" 155 | subnets: 156 | - "{{ public_subnet_id }}" 157 | routes: 158 | - dest: "0.0.0.0/0" 159 | gateway_id: "{{ igw_id }}" 160 | 161 | - name: Set up private subnet route table 162 | ec2_vpc_route_table: 163 | vpc_id: "{{ vpc_id }}" 164 | region: "{{ aws_region }}" 165 | aws_access_key: "{{ aws_access_key }}" 166 | aws_secret_key: "{{ aws_secret_key }}" 167 | tags: 168 | Name: "Private" 169 | subnets: 170 | - "{{ private_subnet_id }}" 171 | routes: 172 | - dest: "0.0.0.0/0" 173 | gateway_id: "{{ nat_gateway_id }}" 174 | 175 | 176 | # Finally, let's create the Security Groups. 177 | # We will create two : one to attach to public instances, 178 | # and one to attach to private instances. 179 | 180 | - name: Create Main Security Group 181 | ec2_group: 182 | name: "External SSH Access" 183 | description: "External SSH Access" 184 | vpc_id: "{{ vpc_id }}" 185 | region: "{{ aws_region }}" 186 | aws_access_key: "{{ aws_access_key }}" 187 | aws_secret_key: "{{ aws_secret_key }}" 188 | rules: 189 | - proto: "tcp" 190 | from_port: "22" 191 | to_port: "22" 192 | cidr_ip: "{{ my_ip }}/32" 193 | register: my_main_sg 194 | 195 | - name: Set Main SG ID 196 | set_fact: 197 | main_sg_id: "{{ my_main_sg.group_id }}" 198 | 199 | - name: Create Private Security Group 200 | ec2_group: 201 | name: "Private Instances SG" 202 | description: "Private Instances SG" 203 | vpc_id: "{{ vpc_id }}" 204 | region: "{{ aws_region }}" 205 | aws_access_key: "{{ aws_access_key }}" 206 | aws_secret_key: "{{ aws_secret_key }}" 207 | rules: 208 | - proto: "tcp" 209 | from_port: "22" 210 | to_port: "22" 211 | group_id: "{{ main_sg_id }}" 212 | -------------------------------------------------------------------------------- /2-private-vpc/vars.yml.dist: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ############################ 4 | # Used in parts 1, 2 and 3 # 5 | ############################ 6 | 7 | # AWS Credentials 8 | aws_access_key: "THISISMYAWSACCESSKEY" 9 | aws_secret_key: "ThisIsMyAwSSecretKey" 10 | aws_region: "eu-west-1" 11 | 12 | # VPC Information 13 | vpc_name: "My VPC" 14 | vpc_cidr_block: "10.0.0.0/16" 15 | 16 | # For Security Group Rule 17 | my_ip: "X.X.X.X" 18 | 19 | # Subnets 20 | public_subnet_1_cidr: "10.0.1.0/24" 21 | 22 | ############################ 23 | # Used in parts 2 and 3 # 24 | ############################ 25 | 26 | # Subnets 27 | private_subnet_1_cidr: "10.0.2.0/24" 28 | 29 | ############################ 30 | # Used in part 3 only # 31 | ############################ 32 | 33 | # Subnets 34 | public_subnet_2_cidr: "10.0.11.0/24" 35 | private_subnet_2_cidr: "10.0.12.0/24" 36 | -------------------------------------------------------------------------------- /3-ha-private-vpc/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost ansible_connection=local 3 | -------------------------------------------------------------------------------- /3-ha-private-vpc/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: local 4 | roles: 5 | - vpc 6 | -------------------------------------------------------------------------------- /3-ha-private-vpc/roles/vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # roles/vpc/tasks/main.yml 4 | 5 | 6 | # First task : creating the VPC. 7 | # We are using the variables set in the vars.yml file. 8 | # The module gives us back its result, 9 | # which contains information about our new VPC. 10 | # We register it in the variable my_vpc. 11 | 12 | - name: Create VPC 13 | ec2_vpc_net: 14 | name: "{{ vpc_name }}" 15 | cidr_block: "{{ vpc_cidr_block }}" 16 | region: "{{ aws_region }}" 17 | aws_access_key: "{{ aws_access_key }}" 18 | aws_secret_key: "{{ aws_secret_key }}" 19 | state: "present" 20 | register: my_vpc 21 | 22 | - name: Set VPC ID in variable 23 | set_fact: 24 | vpc_id: "{{ my_vpc.vpc.id }}" 25 | 26 | 27 | # Now let's create the subnets. 28 | # Two for AZ1, two for AZ2. 29 | # For each AZ : one public, one private. 30 | # Again, we save their ids in variables. 31 | 32 | - name: Create Public Subnet [AZ-1] 33 | ec2_vpc_subnet: 34 | state: "present" 35 | vpc_id: "{{ vpc_id }}" 36 | cidr: "10.0.1.0/24" 37 | az: "{{ aws_region }}a" 38 | region: "{{ aws_region }}" 39 | aws_access_key: "{{ aws_access_key }}" 40 | aws_secret_key: "{{ aws_secret_key }}" 41 | resource_tags: 42 | Name: "Public Subnet 1" 43 | register: my_public_subnet_az1 44 | 45 | - name: Set Public Subnet ID in variable [AZ-1] 46 | set_fact: 47 | public_subnet_az1_id: "{{ my_public_subnet_az1.subnet.id }}" 48 | 49 | - name: Create Private Subnet [AZ-1] 50 | ec2_vpc_subnet: 51 | state: "present" 52 | vpc_id: "{{ vpc_id }}" 53 | cidr: "10.0.2.0/24" 54 | az: "{{ aws_region }}a" 55 | region: "{{ aws_region }}" 56 | aws_access_key: "{{ aws_access_key }}" 57 | aws_secret_key: "{{ aws_secret_key }}" 58 | resource_tags: 59 | Name: "Private Subnet 1" 60 | register: my_private_subnet_az1 61 | 62 | - name: Set Private Subnet ID in variable [AZ-1] 63 | set_fact: 64 | private_subnet_az1_id: "{{ my_private_subnet_az1.subnet.id }}" 65 | 66 | - name: Create Public Subnet [AZ-2] 67 | ec2_vpc_subnet: 68 | state: "present" 69 | vpc_id: "{{ vpc_id }}" 70 | cidr: "10.0.11.0/24" 71 | az: "{{ aws_region }}b" 72 | region: "{{ aws_region }}" 73 | aws_access_key: "{{ aws_access_key }}" 74 | aws_secret_key: "{{ aws_secret_key }}" 75 | resource_tags: 76 | Name: "Public Subnet 2" 77 | register: my_public_subnet_az2 78 | 79 | - name: Set Public Subnet ID in variable [AZ-2] 80 | set_fact: 81 | public_subnet_az2_id: "{{ my_public_subnet_az2.subnet.id }}" 82 | 83 | - name: Create Private Subnet [AZ-2] 84 | ec2_vpc_subnet: 85 | state: "present" 86 | vpc_id: "{{ vpc_id }}" 87 | cidr: "10.0.12.0/24" 88 | az: "{{ aws_region }}b" 89 | region: "{{ aws_region }}" 90 | aws_access_key: "{{ aws_access_key }}" 91 | aws_secret_key: "{{ aws_secret_key }}" 92 | resource_tags: 93 | Name: "Private Subnet 2" 94 | register: my_private_subnet_az2 95 | 96 | - name: Set Private Subnet ID in variable [AZ-2] 97 | set_fact: 98 | private_subnet_az2_id: "{{ my_private_subnet_az2.subnet.id }}" 99 | 100 | 101 | # Every VPC needs at least one Internet Gateway. 102 | # This component allows traffic between the VPC and the outside world. 103 | # Even though we have two AZ, we only need one Internet Gateway, 104 | # as this component is external to our VPC, and highly available. 105 | 106 | - name: Create Internet Gateway for VPC 107 | ec2_vpc_igw: 108 | vpc_id: "{{ vpc_id }}" 109 | region: "{{ aws_region }}" 110 | aws_access_key: "{{ aws_access_key }}" 111 | aws_secret_key: "{{ aws_secret_key }}" 112 | state: "present" 113 | register: my_vpc_igw 114 | 115 | - name: Set Internet Gateway ID in variable 116 | set_fact: 117 | igw_id: "{{ my_vpc_igw.gateway_id }}" 118 | 119 | 120 | # Now we create two AWS Elastic IPs. 121 | # We will attach them to the two NAT Gateways. 122 | # That basically means that each AZ will have its own gateway, 123 | # and therefore your VPC will have 2 external IP addresses. 124 | 125 | - name: Setup AWS CLI (1/3) 126 | shell: > 127 | aws configure set aws_access_key_id "{{ aws_access_key }}" 128 | 129 | - name: Setup AWS CLI (2/3) 130 | shell: > 131 | aws configure set aws_secret_access_key "{{ aws_secret_key }}" 132 | 133 | - name: Setup AWS CLI (3/3) 134 | shell: > 135 | aws configure set region {{ aws_region }} 136 | 137 | - name: Create Elastic IP [AZ-1] 138 | shell: > 139 | aws ec2 allocate-address --domain vpc --query AllocationId | tr -d '"' 140 | register: eip_az1 141 | 142 | - name: Set EIP in variable [AZ-1] 143 | set_fact: 144 | my_eip_az1: "{{ eip_az1.stdout }}" 145 | 146 | - name: Create Elastic IP [AZ-2] 147 | shell: > 148 | aws ec2 allocate-address --domain vpc --query AllocationId | tr -d '"' 149 | register: eip_az2 150 | 151 | - name: Set EIP in variable [AZ-2] 152 | set_fact: 153 | my_eip_az2: "{{ eip_az2.stdout }}" 154 | 155 | 156 | # Time to create the NAT Gateways. 157 | # As you can see, we attach one NAT Gateway to the public subnet of AZ1, 158 | # and the other to the public subnet of AZ2. 159 | 160 | - name: Create NAT Gateway [AZ-1] 161 | shell: > 162 | aws ec2 create-nat-gateway \ 163 | --subnet-id {{ public_subnet_az1_id }} \ 164 | --allocation-id {{ my_eip_az1 }} \ 165 | --query NatGateway.NatGatewayId | tr -d '"' 166 | register: my_nat_gateway_z1 167 | 168 | - name: Set Nat Gateway ID in variable [AZ-1] 169 | set_fact: 170 | nat_gateway_az1_id: "{{ my_nat_gateway_z1.stdout }}" 171 | 172 | - name: Create NAT Gateway [AZ-2] 173 | shell: > 174 | aws ec2 create-nat-gateway \ 175 | --subnet-id {{ public_subnet_az2_id }} \ 176 | --allocation-id {{ my_eip_az2 }} \ 177 | --query NatGateway.NatGatewayId | tr -d '"' 178 | register: my_nat_gateway_z2 179 | 180 | - name: Set Nat Gateway ID in variable [AZ-2] 181 | set_fact: 182 | nat_gateway_az2_id: "{{ my_nat_gateway_z2.stdout }}" 183 | 184 | 185 | # We pause a few seconds for the NAT Gateways to be ready. 186 | 187 | - pause: seconds=5 188 | 189 | 190 | # Now we set up the Route Tables. 191 | # We will have one RT for the public subnet, 192 | # and one for each of the private subnets. 193 | # You can see that the Route Tables for the private subnets 194 | # will redirect default destinations to the NAT Gateways 195 | # and the Route Table for the public subnet will use the 196 | # Internet Gateway. 197 | # We can use the same Route Table for the two public subnets, 198 | # as their configuration is identical : 199 | # they both use the internet gateway 200 | # to reach the outside world. 201 | # 202 | # We don't see it here, but the Route Tables will also contain 203 | # a route for resources inside the VPC, so that if we need 204 | # to reach an internal resource, we don't go to the Internet 205 | # Gateway or the NAT Gateway 206 | 207 | - name: Set up public subnet route table 208 | ec2_vpc_route_table: 209 | vpc_id: "{{ vpc_id }}" 210 | region: "{{ aws_region }}" 211 | aws_access_key: "{{ aws_access_key }}" 212 | aws_secret_key: "{{ aws_secret_key }}" 213 | tags: 214 | Name: "Public" 215 | subnets: 216 | - "{{ public_subnet_az1_id }}" 217 | - "{{ public_subnet_az2_id }}" 218 | routes: 219 | - dest: "0.0.0.0/0" 220 | gateway_id: "{{ igw_id }}" 221 | 222 | - name: Set up private subnet route table [AZ-1] 223 | ec2_vpc_route_table: 224 | vpc_id: "{{ vpc_id }}" 225 | region: "{{ aws_region }}" 226 | aws_access_key: "{{ aws_access_key }}" 227 | aws_secret_key: "{{ aws_secret_key }}" 228 | tags: 229 | Name: "Private 1" 230 | subnets: 231 | - "{{ private_subnet_az1_id }}" 232 | routes: 233 | - dest: "0.0.0.0/0" 234 | gateway_id: "{{ nat_gateway_az1_id }}" 235 | 236 | - name: Set up private subnet route table [AZ-2] 237 | ec2_vpc_route_table: 238 | vpc_id: "{{ vpc_id }}" 239 | region: "{{ aws_region }}" 240 | aws_access_key: "{{ aws_access_key }}" 241 | aws_secret_key: "{{ aws_secret_key }}" 242 | tags: 243 | Name: "Private 2" 244 | subnets: 245 | - "{{ private_subnet_az2_id }}" 246 | routes: 247 | - dest: "0.0.0.0/0" 248 | gateway_id: "{{ nat_gateway_az2_id }}" 249 | 250 | 251 | # Finally, let's create the Security Groups. 252 | # We will create two : one to attach to public instances, 253 | # and one to attach to private instances. 254 | 255 | - name: Create Main Security Group 256 | ec2_group: 257 | name: "External SSH Access" 258 | description: "External SSH Access" 259 | vpc_id: "{{ vpc_id }}" 260 | region: "{{ aws_region }}" 261 | aws_access_key: "{{ aws_access_key }}" 262 | aws_secret_key: "{{ aws_secret_key }}" 263 | rules: 264 | - proto: "tcp" 265 | from_port: "22" 266 | to_port: "22" 267 | cidr_ip: "{{ my_ip }}/32" 268 | register: my_main_sg 269 | 270 | - name: Set Main SG ID 271 | set_fact: 272 | main_sg_id: "{{ my_main_sg.group_id }}" 273 | 274 | - name: Create Private Security Group 275 | ec2_group: 276 | name: "Private Instances SG" 277 | description: "Private Instances SG" 278 | vpc_id: "{{ vpc_id }}" 279 | region: "{{ aws_region }}" 280 | aws_access_key: "{{ aws_access_key }}" 281 | aws_secret_key: "{{ aws_secret_key }}" 282 | rules: 283 | - proto: "tcp" 284 | from_port: "22" 285 | to_port: "22" 286 | group_id: "{{ main_sg_id }}" 287 | -------------------------------------------------------------------------------- /3-ha-private-vpc/vars.yml.dist: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ############################ 4 | # Used in parts 1, 2 and 3 # 5 | ############################ 6 | 7 | # AWS Credentials 8 | aws_access_key: "THISISMYAWSACCESSKEY" 9 | aws_secret_key: "ThisIsMyAwSSecretKey" 10 | aws_region: "eu-west-1" 11 | 12 | # VPC Information 13 | vpc_name: "My VPC" 14 | vpc_cidr_block: "10.0.0.0/16" 15 | 16 | # For Security Group Rule 17 | my_ip: "X.X.X.X" 18 | 19 | # Subnets 20 | public_subnet_1_cidr: "10.0.1.0/24" 21 | 22 | ############################ 23 | # Used in parts 2 and 3 # 24 | ############################ 25 | 26 | # Subnets 27 | private_subnet_1_cidr: "10.0.2.0/24" 28 | 29 | ############################ 30 | # Used in part 3 only # 31 | ############################ 32 | 33 | # Subnets 34 | public_subnet_2_cidr: "10.0.11.0/24" 35 | private_subnet_2_cidr: "10.0.12.0/24" 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansible-aws-vpc 2 | Create an AWS VPC from scratch with Ansible. 3 different topologies. 3 | 4 | Documentation : [here](http://jeremievallee.com/2016/07/27/aws-vpc-ansible/) 5 | --------------------------------------------------------------------------------