Ansible Aws & Cisco

From Dave-Wiki

Ansible Guide: AWS VPC Deployment & Cisco Configuration Backup

This guide outlines the step-by-step process for using **Ansible** to:

  1. Provision a VPC in AWS while securing credentials with **Ansible Vault**.
  2. Log into Cisco switches and download configurations using best practices.

Part 1: AWS VPC Deployment with Ansible

Step 1: Install Required Packages

Ensure you have Ansible and necessary dependencies installed.

For Ubuntu/Linux: 

sudo apt update && sudo apt install -y ansible python3-boto3

For MacOS: 

brew install ansible
pip3 install boto3

Step 2: Configure Ansible Vault for Credential Security

Ansible Vault allows secure storage of AWS credentials.

  1. Create a vault file:
ansible-vault create aws_credentials.yml
  1. Add the following content:
aws_access_key: "YOUR_AWS_ACCESS_KEY"
aws_secret_key: "YOUR_AWS_SECRET_KEY"
aws_region: "us-east-1"
  1. Save and exit.
  2. Edit the vault file later if needed:
ansible-vault edit aws_credentials.yml
  1. Decrypt if necessary:
ansible-vault decrypt aws_credentials.yml
  1. Encrypt again:
ansible-vault encrypt aws_credentials.yml

Step 3: Configure the Ansible Inventory File

Create an inventory file (inventory.ini) and define the target group. 

[aws]
localhost ansible_connection=local

Step 4: Create the Ansible Playbook for AWS VPC

Create aws_vpc.yml: 

---
- name: Create AWS VPC
  hosts: aws
  gather_facts: no
  vars_files:
    - aws_credentials.yml
  tasks:
    - name: Create VPC
      amazon.aws.ec2_vpc_net:
        name: my-vpc
        cidr_block: 10.0.0.0/16
        region: "Template:Aws region"
        aws_access_key: "Template:Aws access key"
        aws_secret_key: "Template:Aws secret key"
      register: vpc_output

    - debug:
        var: vpc_output

Step 5: Run the Ansible Playbook

ansible-playbook aws_vpc.yml --ask-vault-pass

This will prompt for the Vault password and execute the playbook to create a VPC in AWS.

Part 2: Cisco Configuration Backup Using Ansible

Step 1: Install Required Packages

Ensure Ansible and the necessary networking modules are installed: 

pip3 install paramiko netmiko ansible

Step 2: Create Ansible Inventory File

Create inventory.ini: 

[cisco]
switch1 ansible_host=192.168.1.1 ansible_user=admin ansible_network_os=ios
switch2 ansible_host=192.168.1.2 ansible_user=admin ansible_network_os=ios

Step 3: Secure Cisco Credentials with Ansible Vault

  1. Create Vault File:
ansible-vault create cisco_credentials.yml
  1. Add the following content:
ansible_password: "YOUR_CISCO_PASSWORD"
  1. Save & exit.

Step 4: Create the Cisco Backup Playbook

Create cisco_backup.yml: 

---
- name: Backup Cisco Configuration
  hosts: cisco
  gather_facts: no
  vars_files:
    - cisco_credentials.yml
  tasks:
    - name: Run show running-config
      cisco.ios.ios_command:
        commands:
          - show running-config
      register: config_output

    - name: Save to local file
      copy:
        content: "{{ config_output.stdout[0] }}"
        dest: "backups/Template:Inventory hostname.cfg"

Step 5: Run the Cisco Backup Playbook

ansible-playbook cisco_backup.yml --ask-vault-pass

This will log into the Cisco devices and save their configurations locally.

Best Practices

  • Use Ansible Vault for sensitive data.
  • Follow Role-Based Ansible Structures for modularity.
  • Test in a Lab Environment before production execution.
  • Use Version Control (e.g., Git) for playbooks.

This guide ensures **secure**, **scalable**, and **efficient** automation for AWS and Cisco environments using **Ansible**.

Retrieved from "https://davehome.net/wiki/index.php?title=Ansible_Aws_%26_Cisco&oldid=559"