Scribd
Upload
88 views

Ansible AWS Automation Project

The document describes an Ansible automation project to create and destroy AWS IAM users and groups. The project aims to address the challenge of manually creating 1000 IAM users by developing an Ansible playbook. The implementation is divided into phases including setting up the development environment, configuring AWS CLI and Ansible, creating sample IAM resources, and developing playbooks to create and remove IAM users and groups. The solution demonstrates automating the provisioning of AWS IAM resources using Ansible.

Uploaded by

Rakesh Mahta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views

Ansible AWS Automation Project

The document describes an Ansible automation project to create and destroy AWS IAM users and groups. The project aims to address the challenge of manually creating 1000 IAM users by developing an Ansible playbook. The implementation is divided into phases including setting up the development environment, configuring AWS CLI and Ansible, creating sample IAM resources, and developing playbooks to create and remove IAM users and groups. The solution demonstrates automating the provisioning of AWS IAM resources using Ansible.

Uploaded by

Rakesh Mahta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Page |0

https://linkedin.com/in/prafulpatel16

https://github.com/

Date: June 10, 2022


AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

 Project:

AWS IAM USERS & GROUPS CREATION & DESTROY USING ANSIBLE 100%
AUTOMATION

 Project Description:

Solution: IAM Automation Solution using Ansible Tool


Cloud: AWS Cloud
Cloud Services: Identity & Access Management (IAM)
Automation Tool: Ansible

An IT services provider, PRAfect Systems Inc., is engaged in providing Cloud/DevOps & software
development solutions. The company recently migrated its entire workload to the AWS Cloud. So
Along with all the application and database servers, there was a challenge that they had to create
1000 users who needed to assign to the relevant groups and roles and it’s a challenge to create
manually and time-consuming tasks which could be error-prone.

Solution:

This project demonstrates an experience of creating an automation solution using an Ansible


playbooks for AWS IAM users and group creation on AWS cloud.

 Project Cost Estimation:


(Note: This cost is Not any actual cost, it’s just an estimation based on high level requirement. Price may be vary
based on adding and removing services based on requirement.)

 Tools & Technologies covered:

AWS Cloud
AWS Identity & Access Management (IAM)
Ansible (Configuration Management Automation Tool)
Visual studio code IDE
GitHub
GitBash
Draw.io

 Solution Architecture:

1
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

This project will be completed in following implementation phases.


 Project implementation Phase:

Phase 1: Development IDE configuration


Phase 2: AWS CLI and Ansible configuration
Phase 3: Create an IAM group and users in AWS using Ansible
Phase 4: Remove an IAM group and users in AWS using Ansible

2
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

 Implementation in an Action:

Phase 1: Development IDE configuration

 Install AWS cli in VS code Ubuntu WSL


Sudo apt install awscli
Pip install boto

 Configure aws credentials in to vscode


Sudo apt install ansible

Configure Aws Profile

3
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Source: https://github.com/xchangebit/ansible-aws-cli

Phase 2: AWS cli and Ansible configuration

4
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Install ansible

Verify ansible

5
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

https://docs.ansible.com/ansible/latest/collections/community/aws/iam_user_module.html
Create Ansible IAM user

Attach permission

Copy secret key and access key

6
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

AWS configure from vs code

https://github.com/xchangebit/ansible-aws-cli
Install
Pip install boto

7
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Configure Inventory

Cd /etc/ansible
Vi hosts

Add this line to locahost


[localhost]

8
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

localhost ansible_connection=local ansible_python_interpreter=python

Create vars directory for aws credentials


Create main.yml
---
aws_system_user: root
aws_profile: default
aws_access_key: "<aws-accesss-key>"
aws_secret_key: "<aws-secret-key>"
aws_region: eu-west-2
aws_format: table

Export aws credentials

export AWS_ACCESS_KEY_ID={access key id}

export AWS_SECRET_ACCESS_KEY={secret access key}

 Test the sample script and connection between Ansible local with AWS

Group Creation: SecurityAdmin

9
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Run ansible playbook


Ansible-playbook –I hosts iam_group.yml

Playbook execution successful

Verify that User Group has been created in AWS

Error

10
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Test 2

Test 3 Create Users and Groups

11
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Verify in AWS console if user and group created successfully

12
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Note: The above solution was just a research and experiment for the particular use case

Phase 3: Create IAM group and users in AWS using Ansible


 Final Working Solution:
Solution 1: Create IAM group and users in AWS using Ansible
Implementation steps:
1.Create main working directory
2.Prepare groups.csv and users.csv data files
3.Create sub directory ‘tasks’
4.Create two separate tasks file inside ‘tasks’ folder
1. create iam_group.yml
2. create iam_users.yml
5.Create main playbook file & include tasks folders file
Playbook.yml
6.Run Playbook
7.Verify that users and group are created in aws cloud

1.Create a main working directory: 01-aws-ansible-iam-create

13
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

2.Prepare groups.csv and users.csv data files

Prepare CSV files:


1.groups.csv

2.users.csv

14
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

3.Create sub directory ‘tasks’


Folder: tasks ;
01-aws-ansible-iam-create/tasks/
4.Create two separate tasks file inside ‘tasks’ folder
1. iam_group,yml
2. iam_users.yml
3. iam_group_policy.yml

1.Iam_group.yml

2.iam_users.yml

15
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

5.Create main playbook file & include tasks folders file


Playbook.yml

Main Playbook file: Playbook.yml

6.Run Playbook
$ansible-playbook –I hosts playbook.yml

16
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

7.Verify that users and group are created in aws cloud

Groups: Groups successfully created automated way

Users: Users successfully created automated way

17
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Phase 4: Remove IAM group and users in AWS using Ansible

-------------------------------------------------------------------------------------------------------------------------------------
Solution 2: Create IAM group and users in AWS using Ansible

Source: GitHub: https://github.com/prafulpatel16/aws-ansible.git

Implementation steps:
1.Create main working directory
2.Prepare groups.csv and users.csv data files
3.Create sub directory ‘tasks’
4.Create two separate tasks file inside ‘tasks’ folder
1. create iam_group.yml
2. create iam_users.yml
5.Create main playbook file & include tasks folders file
Playbook.yml
6.Run Playbook
7.Verify that users and group are created in aws cloud

1.Create a main working directory: 02-aws-ansible-iam-delete

18
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

2.Prepare groups.csv and users.csv data files


Prepare CSV files:
1.groups.csv

2.users.csv

19
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

3.Create sub directory ‘tasks’


Folder: tasks ;
02-aws-ansible-iam-delete/tasks/
4.Create two separate tasks file inside ‘tasks’ folder
1. create iam_group,yml
2. create iam_users.yml

1.Iam_group.yml

20
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

2. create iam_users.yml

5.Create main playbook file & include tasks folders file


Playbook.yml

Main Playbook file: Playbook.yml

6.Run Playbook
$ansible-playbook –I hosts playbook.yml

21
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

7.Verify that users and group are deleted from AWS cloud
Groups: Groups are successfully removed from aws

22
AWS - ansible AUTOMATION PROJECT CHALLENGE: AWS IAM USERS &
GROUP CREATION & DESTroY USING ANSIBLE 100% AUTOMATION SOLUTION DESIGN &
IMPLEMENTATION BY: PRAFUL PATEL

Users: users are successfully removed from aws

Congratulations!!!! 🔥🚀

23

You might also like