Terraform に埋もれがちですが Ansible でも AWS のリソース構築が出来るんですよね。
作るもの
・VPC
・public subnet x 2
・private subnet x 2
・internet gateway
・route table
ディレクトリ構造
├── README.md
├── ansible.cfg
├── hosts
├── roles
│ └── aws_vpc
│ ├── tasks
│ │ └── main.yml
│ └── vars
│ └── main.yml
└── vpc_create.yml
インベントリファイル
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat hosts
[localhost]
127.0.0.1
サーバをプロビジョニングする訳ではないので、ローカルホストを指定
Role
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat roles/aws_vpc/tasks/main.yml
---
# tasks file for aws_vpc
- name: create_vpc
ec2_vpc_net:
name: "{{ vpc_name }}"
cidr_block: "{{ vpc_cidr }}"
region: "{{ region }}"
dns_hostnames: yes
dns_support: yes
register: vpc_info
# PUBLIC_SUBNETの作成
- name: create_public_subnet
ec2_vpc_subnet:
vpc_id: "{{ vpc_info.vpc.id }}"
cidr: "{{ item.pub_subnet_cidr }}"
az: "{{ item.subnet_az }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ item.pub_subnet_name }}" }
register: pubsub_info
with_items:
- "{{ pub_subnet }}"
# PRIVATE_SUBNETの作成
- name: create_private_subnet
ec2_vpc_subnet:
vpc_id: "{{ vpc_info.vpc.id }}"
cidr: "{{ item.pri_subnet_cidr }}"
az: "{{ item.subnet_az }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ item.pri_subnet_name }}" }
register: prisub_info
with_items:
- "{{ pri_subnet }}"
# IGWの作成
- name: create_igw
ec2_vpc_igw:
vpc_id: "{{ vpc_info.vpc.id }}"
region: "{{ region }}"
tags: { "Name":"{{ igw_name }}" }
register: igw_info
# ROUTETABLEの作成(IGW)
- name: create_route_table
ec2_vpc_route_table:
vpc_id: "{{ vpc_info.vpc.id }}"
subnets: "{{ atache_igw_subnet }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ igw_info.gateway_id }}"
region: "{{ region }}"
resource_tags: { "Name":"{{ rttable_pub_name }}" }
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat roles/aws_vpc/vars/main.yml
---
# vars file for aws_vpc
# REGION
region: "ap-northeast-1"
# VPC
vpc_name: "sanuki-wd-vpc"
vpc_cidr: "10.0.0.0/16"
# IGW
igw_name: "sanuki-igw"
# ROUTETABLE(PUBLIC)
rttable_pub_name: "sanuki-pub-rt"
# PUBLIC_SUBNET
pub_subnet:
- { pub_subnet_cidr: "10.0.10.0/24" ,subnet_az: "ap-northeast-1a" ,pub_subnet_name: "sanuki-wd-public-subnet-a" }
- { pub_subnet_cidr: "10.0.20.0/24" ,subnet_az: "ap-northeast-1c" ,pub_subnet_name: "sanuki-wd-public-subnet-c" }
# PRIVATE_SUBNET
pri_subnet:
- { pri_subnet_cidr: "10.0.50.0/24" ,subnet_az: "ap-northeast-1a" ,pri_subnet_name: "sanuki-wd-private-subnet-a" }
- { pri_subnet_cidr: "10.0.60.0/24" ,subnet_az: "ap-northeast-1c" ,pri_subnet_name: "sanuki-wd-private-subnet-c" }
# IGWに紐付けるサブネット
atache_igw_subnet:
- "10.0.10.0/24"
- "10.0.20.0/24"
playbook
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# cat vpc_create.yml
---
# VPC CREATE Playbook
- name: create vpc subnet igw routetable
hosts: localhost
connection: local
gather_facts: False
become: False
roles:
- aws_vpc
実行
root@DESKTOP-MOGIJIA:/opt/playbook/aws-vpc-2layer# ansible-playbook -i hosts vpc_create.yml
PLAY [create vpc subnet igw routetable] ********************************************************************************
TASK [aws_vpc : create_vpc] ********************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host 127.0.0.1 should use /usr/bin/python3, but is using
/usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using
the discovered platform python for this host. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature
will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
changed: [127.0.0.1]
TASK [aws_vpc : create_public_subnet] **********************************************************************************
changed: [127.0.0.1] => (item={u'pub_subnet_name': u'sanuki-wd-public-subnet-a', u'subnet_az': u'ap-northeast-1a', u'pub_subnet_cidr': u'10.0.10.0/24'})
changed: [127.0.0.1] => (item={u'pub_subnet_name': u'sanuki-wd-public-subnet-c', u'subnet_az': u'ap-northeast-1c', u'pub_subnet_cidr': u'10.0.20.0/24'})
TASK [aws_vpc : create_private_subnet] *********************************************************************************
changed: [127.0.0.1] => (item={u'pri_subnet_cidr': u'10.0.50.0/24', u'pri_subnet_name': u'sanuki-wd-private-subnet-a', u'subnet_az': u'ap-northeast-1a'})
changed: [127.0.0.1] => (item={u'pri_subnet_cidr': u'10.0.60.0/24', u'pri_subnet_name': u'sanuki-wd-private-subnet-c', u'subnet_az': u'ap-northeast-1c'})
TASK [aws_vpc : create_igw] ********************************************************************************************
changed: [127.0.0.1]
TASK [aws_vpc : create_route_table] ************************************************************************************
changed: [127.0.0.1]
PLAY RECAP *************************************************************************************************************
127.0.0.1 : ok=5 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
補足
boto3 が必要になります。
pip でインストールしておいて下さい。
pip install boto boto3
