This repo contains Ansible code and AWS CloudFormation templates for the provisioning of AWS resources.
A Symfony 3 API is used to illustrate how a web application which can be run within a Docker-based local development environment can be set-up to run on AWS.
- Install Ansible.
- Set-up Ansible for authenticating with AWS.
- Create an S3 bucket called synaptology-templates and upload scripts/upsert-resource-record-set.sh to this bucket.
- Register a domain name using AWS Route 53.
- Create a public hosted zone for the domain.
- Uncomment hosted_zone_public_name in group_vars/site/main.yml and insert the public hosted zone domain name.
- Create a certificate for *.hosted_zone_public_name (i.e., name inserted for hosted_zone_public_name in the previous step).
- Uncomment ssl_certificate_id in group_vars/site/main.yml and insert the certificate ARN.
- Uncomment key_name in group_vars/site/main.yml and insert the name of the EC2 key pair that you want to use to connect to the EC2 instances.
git clone git@github.com:bendbennett/ansible-aws.git
cd ansible-aws/cloud-formation
ansible-playbook basic-network.yml
ansible-playbook site.yml
cd ansible-aws/cloud-formation
ansible-playbook site-down.yml
ansible-playbook basic-network-down.yml
Running ansible-playbook basic-network.yml runs each of the roles specified in the basic-network playbook using the variables defined in group_vars/basic-network/main.yml and will provision:
- VPC (AWS::EC2::VPC)
- Internet Gateway (AWS::EC2::InternetGateway)
- Internet Gateway Attachment (AWS::EC2::VPCGatewayAttachment)
- Network ACL (AWS::EC2::NetworkAcl)
- Network ACL Entry (AWS::EC2::NetworkAclEntry)
- Route Table - public (AWS::EC2::RouteTable)
- Route (AWS::EC2::Route)
- Subnet - public (AWS::EC2::Subnet)
- Subnet Network ACL Association (AWS::EC2::SubnetNetworkAclAssociation)
- Subnet Route Table Association (AWS::EC2::SubnetRouteTableAssociation)
- Route Table - private (AWS::EC2::RouteTable)
- Elastic IP (AWS::EC2::EIP)
- NAT Gateway (AWS::EC2::NatGateway)
- Route (AWS::EC2::Route)
- Subnet - private (AWS::EC2::Subnet)
- Subnet Network ACL Association (AWS::EC2::SubnetNetworkAclAssociation)
- Subnet Route Table Association (AWS::EC2::SubnetRouteTableAssociation)
- Hosted Zone - private (AWS::Route53::HostedZone)
- Creates a Virtual Private Cloud (VPC) / virtual network with the CIDR block specified.
- Creates an Internet Gateway and attaches it to the VPC using an Internet Gateway Attachment to allow communication with the internet.
- Creates a Network Access Control List (ACL) and Network ACL Entries for ingress and egress as an optional security layer for controlling traffic into and out of subnets.
- Creates a Route Table and Route linked to the Internet Gateway.
- Creates 3 public Subnet(s) using the specified CIDR blocks, Network ACL and Route Table (public), placing 1 in each of 3 availability zones.
- Creates 3 Route Table(s), 3 Elastic IP(s) and 3 NAT Gateway(s)
- Creates 3 private Subnet(s) using the specified CIDR blocks, Network ACL and Route Table (private) placing 1 in each of 3 availability zones.
- Creates a private Hosted Zone for holding record sets.
Running ansible-playbook site.yml runs each of the roles specified in the site playbook using the variables defined in group_vars/site/main.yml and will provision:
- Security Group - load balancer (AWS::EC2::SecurityGroup)
- Security Group Ingress (AWS::EC2::SecurityGroupIngress)
- Load Balancer (AWS::ElasticLoadBalancing::LoadBalancer)
- Security Group - web (nginx / php-fpm) EC2 instance (AWS::EC2::SecurityGroup)
- Security Group Ingress (AWS::EC2::SecurityGroupIngress)
- Security Group - mongo EC2 instance (AWS::EC2::SecurityGroup)
- Security Group Ingress (AWS::EC2::SecurityGroupIngress)
- IAM Role - launch configuration (AWS::IAM::Role)
- IAM Instance Profile - launch configuration (AWS::IAM::InstanceProfile)
- IAM Role - ecs service (AWS::IAM::Role)
- Log Group (AWS::Logs::LogGroup)
- ECS Cluster - mongo (AWS::ECS::Cluster)
- Launch Configuration + Auto Scaling Group - mongo
- Task Definition + Service - mongo
- ECS Cluster - web (nginx / php-fpm) (AWS::ECS::Cluster)
- Launch Configuration + Auto Scaling Group - web (nginx / php-fpm)
- Task Definition + Service - web (nginx / php-fpm)
- Record Set (AWS::Route53::RecordSet)
- Creates a Security Group for use with the Load Balancer.
- Creates a Load Balancer for HTTP requests directed at the API.
- Creates a Security Group for use with EC2 instances that will be running nginx and php-fpm containers.
- Creates a Security Group for use with EC2 instances that will be running mongo containers.
- Creates an IAM Role for use with Launch Configurations used in the set-up of EC2 instances that host containers (web + mongo).
- Creates an IAM Instance Profile for associating IAM Role with a Launch Configuration.
- Creates an IAM Role to provide privileges to an ECS Service associated with the Load Balancer.
- Creates a Log Group for use by containers defined in Task Definitions.
- Creates an ECS Cluster for associating with ECS Service for EC2 instances running MongoDB containers.
- Creates Launch Configuration to define EC2 instances used for hosting MongoDB containers and an Auto Scaling Group to define instance number.
- Creates an ECS Task Definition which defines the container and configuration that will be deployed and an ECS Service which defines the desired number of containers and the cluster that they will be deployed on.
- Creates an ECS Cluster for associating with ECS Service for EC2 instances running nginx and php-fpm containers.
- Creates Launch Configuration to define EC2 instances used for hosting nginx and php-fpm containers and an Auto Scaling Group to define instance number.
- Creates an ECS Task Definition which defines the containers and configuration that will be deployed and an ECS Service which defines the desired number of containers and the cluster that they will be deployed on.
- Creates a DNS entry within Route 53 for the API.