This playbook provisions within Amazon Web Services (AWS):
- A Virtual Private Cloud (VPC) environment
- Two subnets assigned to different availability zones (AZ)
- A route table with both subnets associated
- A security group (SG)
- Two Elastic Compute Cloud (EC2) instances, assigned to the two subets
- Two customer gateways (CGW) instances
- One VPN gateway (VGW) instance
- Two Site-to-Site VPN connections (one to each CGW)
- Enables route propagation for the VGW in the route table
The following diagram shows the AWS topology as well as the local setup, which is not part of this Playbook, though.
The AWS Ansible modules refer to these three Python modules, which must be installed prior to using this Playbook:
- boto
- boto3
- botocore
Please make sure you install them for the Python interpreter used by Ansible. See Interpreter Discovery for more information on how Ansible identifies its preferred Python interpreter.
To connect to AWS, we need to provide the
- Access key ID
- Secret access key
The parameters are stored in group_vars/password.yaml:
password:
AWS_ACCESS_KEY_ID: XXX
AWS_SECRET_ACCESS_KEY: XXX
Note: We highly recommend to use ansible-vault to encrypt this file.
The group_vars/parameters.yaml file allows to customise the playbook:
| Key | Default value |
|---|---|
| parameter.region | eu-central-1 |
| parameter.vpc.name | vpc-hybridcloud |
| parameter.vpc.cidr_block | 10.1.0.0/16 |
| parameter.subnet1.cidr | 10.1.1.0/24 |
| parameter.subnet1.az | eu-central-1a |
| parameter.subnet1.name | vpc-hybridcloud-subnet-10-1-1-0 |
| parameter.subnet2.cidr | 10.1.2.0/24 |
| parameter.subnet2.az | eu-central-1b |
| parameter.subnet2.name | vpc-hybridcloud-subnet-10-1-2-0 |
| parameter.sg.name | vpc-hybridcloud-sg |
| parameter.sg.description | Security group for VPC vpc-hybridcloud |
| parameter.route_table.name | vpc-hybridcloud-rt |
| parameter.host1.name | host1 |
| parameter.host1.ami | ami-0f3a43fbf2d3899f7 |
| parameter.host1.type | t2.micro |
| parameter.host1.key_name | at.rappaport.frankfurt |
| parameter.host2.name | host2 |
| parameter.host2.ami | ami-0f3a43fbf2d3899f7 |
| parameter.host2.type | t2.micro |
| parameter.host2.key_name | at.rappaport.frankfurt |
| parameter.customer_gateway1.name | cgw1 |
| parameter.customer_gateway1.ip_address | 46.38.231.224 |
| parameter.customer_gateway1.bgp_asn | 65001 |
| parameter.customer_gateway2.name | cgw2 |
| parameter.customer_gateway2.ip_address | 185.243.10.179 |
| parameter.customer_gateway2.bgp_asn | 65002 |
| parameter.vpn_gateway.name | vgw |
| parameter.vpn_gateway.asn | 64512 |
| parameter.vpn1.name | vpn-to-cgw1 |
| parameter.vpn2.name | vpn-to-cgw2 |
- Modify
password.yamlto enter your AWS credentials - Modify
parameters.yamland adjust the values, if required - Run
ansible-playbook --ask-vault-pass create-hybridcloud1-vpc.yamlto create the topology within AWS, assuming thepassword.yamlfile is encrypted. - Run
ansible-playbook --ask-vault-pass delete-hybridcloud-vpc.yamlto delete the topology within AWS, assuming thepassword.yamlfile is encrypted, after you have completed your tests.