Ansible Cloud Providers Guide
Overview
Ansible provides extensive support for cloud automation across major providers through dedicated collections and modules. This guide covers the implementation, best practices, and common patterns for cloud automation.
Cloud Provider Collections
AWS (amazon.aws)
# Install AWS collection
ansible-galaxy collection install amazon.aws
# Example AWS EC2 Instance Creation
- name: Launch EC2 instance
amazon.aws.ec2_instance:
name: "{{ instance_name }}"
instance_type: t2.micro
image_id: ami-0123456789
region: us-east-1
vpc_subnet_id: subnet-0123456789
security_group: "{{ security_group_id }}"
network:
assign_public_ip: true
tags:
Environment: Production
wait: yes
register: ec2
# Example S3 Bucket Management
- name: Create S3 bucket with versioning
amazon.aws.s3_bucket:
name: "{{ bucket_name }}"
versioning: true
tags:
Environment: Production
public_access:
block_public_acls: true
block_public_policy: true
Azure (azure.azcollection)
# Install Azure collection
ansible-galaxy collection install azure.azcollection
# Example Azure VM Creation
- name: Create Azure VM
azure.azcollection.azure_rm_virtualmachine:
resource_group: "{{ resource_group }}"
name: "{{ vm_name }}"
vm_size: Standard_DS1_v2
admin_username: "{{ admin_username }}"
ssh_password_enabled: false
ssh_public_keys:
- path: /home/{{ admin_username }}/.ssh/authorized_keys
key_data: "{{ ssh_public_key }}"
network_interfaces: "{{ nic_name }}"
image:
offer: UbuntuServer
publisher: Canonical
sku: 18.04-LTS
version: latest
# Example Storage Account Management
- name: Create Azure Storage Account
azure.azcollection.azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name }}"
account_type: Standard_LRS
tags:
Environment: Production
Google Cloud (google.cloud)
# Install Google Cloud collection
ansible-galaxy collection install google.cloud
# Example GCP Instance Creation
- name: Create GCP instance
google.cloud.gcp_compute_instance:
name: "{{ instance_name }}"
machine_type: n1-standard-1
zone: us-central1-a
project: "{{ gcp_project }}"
auth_kind: serviceaccount
service_account_file: "{{ gcp_cred_file }}"
disks:
- auto_delete: true
boot: true
initialize_params:
source_image: projects/debian-cloud/global/images/debian-10
network_interfaces:
- network: "{{ vpc_network }}"
access_configs:
- name: External NAT
type: ONE_TO_ONE_NAT
# Example Cloud Storage Bucket
- name: Create GCP storage bucket
google.cloud.gcp_storage_bucket:
name: "{{ bucket_name }}"
project: "{{ gcp_project }}"
auth_kind: serviceaccount
service_account_file: "{{ gcp_cred_file }}"
location: US
storage_class: STANDARD
Multi-Cloud Strategy
Provider-Agnostic Variables
# group_vars/all.yml
cloud_providers:
aws:
enabled: true
region: us-east-1
credentials:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
azure:
enabled: true
location: eastus
credentials:
client_id: "{{ azure_client_id }}"
secret: "{{ azure_secret }}"
subscription_id: "{{ azure_subscription_id }}"
gcp:
enabled: false
region: us-central1
credentials:
service_account_file: "{{ gcp_cred_file }}"
Unified Resource Management
# playbooks/create_resources.yml
---
- name: Provision Cloud Resources
hosts: localhost
gather_facts: false
vars:
resource_spec:
name: "app-server"
size: "small"
os: "ubuntu"
environment: "production"
tasks:
- name: Create AWS resources
when: cloud_providers.aws.enabled
block:
- name: Create EC2 instance
amazon.aws.ec2_instance:
name: "{{ resource_spec.name }}"
instance_type: "{{ lookup('vars', 'aws_sizes')[resource_spec.size] }}"
# Additional AWS-specific configuration
- name: Create Azure resources
when: cloud_providers.azure.enabled
block:
- name: Create Azure VM
azure.azcollection.azure_rm_virtualmachine:
name: "{{ resource_spec.name }}"
vm_size: "{{ lookup('vars', 'azure_sizes')[resource_spec.size] }}"
# Additional Azure-specific configuration
Cloud Resource Tagging
Standardized Tagging Strategy
# roles/common/vars/main.yml
standard_tags:
Environment: "{{ environment }}"
Application: "{{ application_name }}"
Owner: "{{ team_email }}"
CostCenter: "{{ cost_center }}"
Terraform: "false"
Ansible: "true"
# roles/common/tasks/tag_resources.yml
- name: Ensure AWS resources are tagged
amazon.aws.ec2_tag:
region: "{{ aws_region }}"
resource: "{{ resource_id }}"
tags: "{{ standard_tags | combine(custom_tags|default({})) }}"
when: cloud_providers.aws.enabled
- name: Ensure Azure resources are tagged
azure.azcollection.azure_rm_resourcegroup_info:
name: "{{ resource_group }}"
tags: "{{ standard_tags | combine(custom_tags|default({})) }}"
when: cloud_providers.azure.enabled
Security Implementation
Security Group Management
# roles/security/tasks/configure_security.yml
- name: Configure AWS security groups
amazon.aws.ec2_security_group:
name: "{{ security_group_name }}"
description: "Security group for {{ application_name }}"
vpc_id: "{{ vpc_id }}"
rules:
- proto: tcp
ports: "{{ allowed_ports }}"
cidr_ip: "{{ allowed_cidrs }}"
rule_desc: "Allow application traffic"
when: cloud_providers.aws.enabled
- name: Configure Azure network security groups
azure.azcollection.azure_rm_securitygroup:
resource_group: "{{ resource_group }}"
name: "{{ security_group_name }}"
rules:
- name: "Allow_{{ application_name }}"
protocol: Tcp
destination_port_range: "{{ allowed_ports }}"
access: Allow
priority: 100
direction: Inbound
when: cloud_providers.azure.enabled
Cost Management
Resource Scheduling
# playbooks/cost_optimization.yml
- name: Manage resource scheduling
hosts: localhost
gather_facts: false
tasks:
- name: Stop non-production AWS instances
amazon.aws.ec2_instance:
instance_ids: "{{ instance_ids }}"
state: stopped
when:
- cloud_providers.aws.enabled
- inventory_hostname in groups['non_production']
- current_time.hour >= 18
- name: Stop non-production Azure VMs
azure.azcollection.azure_rm_virtualmachine:
resource_group: "{{ resource_group }}"
name: "{{ vm_name }}"
started: no
when:
- cloud_providers.azure.enabled
- inventory_hostname in groups['non_production']
- current_time.hour >= 18
Common Patterns
- Resource Provisioning ```yaml # roles/provision/tasks/main.yml
-
name: Ensure base infrastructure exists include_tasks: "{{ cloud_provider }}_provision.yml" loop: "{{ cloud_providers | dict2items | selectattr('value.enabled', 'true') }}" loop_control: loop_var: cloud_provider ```
-
State Management ```yaml # roles/state/tasks/main.yml
-
name: Gather cloud resource states include_tasks: "gather_{{ cloud_provider.key }}_state.yml" loop: "{{ cloud_providers | dict2items | selectattr('value.enabled', 'true') }}" loop_control: loop_var: cloud_provider ```
-
Cleanup and Maintenance ```yaml # roles/cleanup/tasks/main.yml
- name: Cleanup unused resources include_tasks: "cleanup_{{ cloud_provider.key }}_resources.yml" loop: "{{ cloud_providers | dict2items | selectattr('value.enabled', 'true') }}" loop_control: loop_var: cloud_provider ```
Monitoring Integration
# roles/monitoring/tasks/main.yml
- name: Configure cloud monitoring
include_tasks: "setup_{{ cloud_provider.key }}_monitoring.yml"
loop: "{{ cloud_providers | dict2items | selectattr('value.enabled', 'true') }}"
loop_control:
loop_var: cloud_provider