Using Ansible to manage internal VPC private instances without using VPNs, by deploying a SSH proxy bastion host. background When dealing with a web stack or AWS infrastructure, how are private instances that do NOT need a public IP address managed? It’s not an extremely difficult question. In many cases VPNs are used for this purpose. But what if a VPN isn’t needed? It’s arguably overkill and it can introduce a lot of overhead, creating multiple site-to-site VPNs and linking various regions together.

A lot of times I’ll need to quickly generate an SSL CA and sign some SSL certs. This can be for a variety of reasons. Maybe I need to test out an SSL configuration. Maybe I want to use throw away SSL connections that aren’t public and don’t matter. Regardless on how it’s used, here’s a fast way to generate a self-signed CA, a private key, a CSR, and finally a signed certificate.

I use AWS infrastructure as a service (IaaS) heavily, both personally and professionally. I have a slew of all different types of instances, doing different types of things. In many cases, I’ll want backups; basically, AWS snapshots. I needed a way to quickly create and manage backups through the use of AWS snapshots in an automated fashion. Sounds like a job for Ansible - and that’s exactly what I did. I wrote a playbook to handle all of this management.

2017-03-16 UPDATE - this is an old, unmanaged project. Use as a reference only. Mostly using Kubernetes now. Using Rancher, a container management platform, to deploy a dockerized ELK stack to AWS using Ansible. Background In certain scenarios, deploying Docker containers to infrastructure can be trickier than expected. Take an Elasticsearch, Logstash, Kibana (ELK) stack. Three docker containers, straight forward. Running a simple docker compose and our stack can be up without issue.

Automating the creation and updating of AWS AMI images uses Ansible. the problem One of the first problems when deploying anything is managing the base image. The gold load. The template. The thing that all systems are created from. Since we’re operating in AWS, our story begins with AMIs. We use AMIs. From those AMIs, instances are built and configured. We want to optimize this configuration process, so it makes sense to pre-configure our AMIs as much as possible.

overview I’ve been thinking about dynamic inventories and Ansible, especially when using AWS. One major difference between static IT infrastructures and dynamic AWS infrastructures is that IP addresses may change, instances may be terminated, and things just flat out change. Your resources are a moving target. Finding those instances/servers/VMs is the first step in managing your inventory. Ansible has a great tool for this, “ec2.py”. It basically pulls information on instances in AWS at runtime (as -i .