Creating an access key and secret

It is more than possible to create an access key and secret key for your own AWS user that would give Ansible full access to your AWS account.

Because of this, we are going to look at creating a user for Ansible which only has permission to access the parts of AWS we know that Ansible will need to interact with for the tasks we are covering in this chapter. We will be giving Ansible full access to the following services:

  • Amazon VPC
  • Amazon EC2
  • Amazon RDS
  • Amazon EFS

To do this, log in to the AWS console, which can be found at https://console.aws.amazon.com/. Once logged in, click on Services, which can be found in the menu at the very top of the screen. In the menu which opens, enter IAM into the search box and then click on what should be the only result, IAM Manage User Access and Encryption Keys. This will take you to a page that looks something similar to the following:

On the IAM page, click on Groups in the left-hand side menu; we are going to be creating a group which will have the permissions assigned to it, then we will create a user and assign it to our group.

Once you are on the Groups page, click on the Create New Group button. This process has three main steps, the first of which is setting the name of the group. In the space provided, enter the group name Ansible and then click on the Next Step button.

The next step is where we attach the policies; we will be using the Amazon-supplied ones. Select AmazonEC2FullAccessAmazonVPCFullAccessAmazonRDSFullAccess, and AmazonElasticFileSystemFullAccess; once all four have been selected, click on the Next Step button.

You should now be on a page which is giving you an overview of the options you have selected; it should look something like the following:

When you are happy with your selection, click on the Create Group button and then click on Users in the left-hand side menu.

Once on the Users page, click on Add user, and this will take you to a page where you can configure your desired username and also what type of user you want. Enter the following information:

  • User name: Enter Ansible in here
  • AWS access type: Check the box next to where it says Programmatic access; our Ansible user does not need AWS Management Console access so leave that option unchecked

You should now be able to click on the Next: Permissions button; this will take you to the page where you set the permissions for your user. As we have already created the group, select the Ansible group from the list and then click on Next: Review which will take you to an overview of the options you have entered. If you are happy with them, then click on the Create user button.

This will take you to a page that looks like the following (I have blurred the access key ID on purpose):

As you can see, the success message tells you that this is the last time you will be able to download the credentials, meaning that you will not be able to see the secret access key again. Either click on the Show button and make a note of the key or click the Download .csv button; you will not have the opportunity to recover the secret access key, only to allow it to expire and generate a new one.

Now that we have an access key ID and secret access key for a user with the permissions we need to launch our VPC using Ansible, we can make a start at writing the playbook.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.188.11