Ansible Aws & Cisco
Ansible Guide: AWS VPC Deployment & Cisco Configuration Backup
This guide outlines the step-by-step process for using **Ansible** to:
1. **Provision a VPC in AWS** while securing credentials with **Ansible Vault**. 2. **Log into Cisco switches and download configurations** using best practices.
Part 1: AWS VPC Deployment with Ansible
Step 1: Install Required Packages
Ensure you have Ansible and necessary dependencies installed.
```bash sudo apt update && sudo apt install -y ansible python3-boto3 ```
For **MacOS**: ```bash brew install ansible pip3 install boto3 ```
Step 2: Configure Ansible Vault for Credential Security
Ansible Vault allows secure storage of AWS credentials.
1. **Create a vault file**: ```bash ansible-vault create aws_credentials.yml ``` 2. **Add the following content:** ```yaml aws_access_key: "YOUR_AWS_ACCESS_KEY" aws_secret_key: "YOUR_AWS_SECRET_KEY" aws_region: "us-east-1" ``` 3. **Save and exit** (Press ESC, then type `:wq!`).
4. **Edit the vault file later if needed**: ```bash ansible-vault edit aws_credentials.yml ```
5. **Decrypt if necessary**: ```bash ansible-vault decrypt aws_credentials.yml ```
6. **Encrypt again**: ```bash ansible-vault encrypt aws_credentials.yml ```
Step 3: Configure the Ansible Inventory File
Create an inventory file (`inventory.ini`) and define the target group.
```ini [aws] localhost ansible_connection=local ```
Step 4: Create the Ansible Playbook for AWS VPC
Create `aws_vpc.yml`:
```yaml --- - name: Create AWS VPC
hosts: aws
gather_facts: no
vars_files:
- aws_credentials.yml
tasks:
- name: Create VPC
amazon.aws.ec2_vpc_net:
name: my-vpc
cidr_block: 10.0.0.0/16
region: "Template:Aws region"
aws_access_key: "Template:Aws access key"
aws_secret_key: "Template:Aws secret key"
register: vpc_output
- debug:
var: vpc_output
```
Step 5: Run the Ansible Playbook
```bash ansible-playbook aws_vpc.yml --ask-vault-pass ```
This will prompt for the Vault password and execute the playbook to create a VPC in AWS.
Part 2: Cisco Configuration Backup Using Ansible
Step 1: Install Required Packages
Ensure Ansible and the necessary networking modules are installed: ```bash pip3 install paramiko netmiko ansible ```
Step 2: Create Ansible Inventory File
Create `inventory.ini`: ```ini [cisco] switch1 ansible_host=192.168.1.1 ansible_user=admin ansible_network_os=ios switch2 ansible_host=192.168.1.2 ansible_user=admin ansible_network_os=ios ```
Step 3: Secure Cisco Credentials with Ansible Vault
1. **Create Vault File:** ```bash ansible-vault create cisco_credentials.yml ```
2. **Add the following content:** ```yaml ansible_password: "YOUR_CISCO_PASSWORD" ```
3. **Save & exit**.
Step 4: Create the Cisco Backup Playbook
Create `cisco_backup.yml`: ```yaml --- - name: Backup Cisco Configuration
hosts: cisco
gather_facts: no
vars_files:
- cisco_credentials.yml
tasks:
- name: Run show running-config
cisco.ios.ios_command:
commands:
- show running-config
register: config_output
- name: Save to local file
copy:
content: "{{ config_output.stdout[0] }}"
dest: "backups/Template:Inventory hostname.cfg"
```
Step 5: Run the Cisco Backup Playbook
```bash ansible-playbook cisco_backup.yml --ask-vault-pass ```
This will log into the Cisco devices and save their configurations locally.
Best Practices
- **Use Ansible Vault** for sensitive data. - **Follow Role-Based Ansible Structures** for modularity. - **Test in a Lab Environment** before production execution. - **Use Version Control** (e.g., Git) for playbooks.
This guide ensures **secure**, **scalable**, and **efficient** automation for AWS and Cisco environments using **Ansible**.