Create Network Infrastructure on AWS using Ansible Modules

Reading Time: 5 minutes

Hi Readers, In previous blog we understood how to Setup AWS resource using Ansible modules. Now In this blog we will see how we can create Networking resources in aws using Ansible Modules.

Before directly jumping into the practical part, let’s understand what network is and what are some basic components of a proper Networking Infrastructure.

Some Basic components of Network

  • Virtual Private Cloud
    • A Virtual Network solely dedicated to our AWS account.
  • Subnet
    • It is for range of IP addresses in our vpc.
  • Internet Gateway
    • An Internet gateway is an intermediate which we attach to our VPC to enable communication between resources in your VPC and the internet.
  • Network access control list
    • network access control list (ACL) is an optional layer of security for our VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
  • Route Table
    • A Route table is a set of rules, called routes, that are used to determine where network traffic is directed.
  • CIDR block
    • Classless Inter-Domain Routing. An internet protocol address allocation and route aggregation methodology.

What we are trying to create?

In this exercise we are going to create infrastructure as shown in below prototype.

Let’s understand step by step, how we are going to implement this,
  1. Create a VPC using ec2_vpc_net:10.0.0.0/16 module where ec2_vpc_net is the Module name and 10.0.0.0/16 is the CIDR block.
  2. After this, create a internet gateway and connect it to the the VPC, it’s module name would be ec2_vpc_igw.
  3. Then create 2 subnets,
    • subnet-1 using ec2_vpc_subnet:10.0.1.0/24
    • subnet-2 using ec2_vpc_subnet:10.0.2.0/24
  4. Now instead of using default NACL from VPC, we will create our own NACL using ec2_vpc_nacl module and connect both subnets to it.
  5. Also provide inbound and outbound rules to NACL.
  6. Then create route table and connect subnets to it also connect it to the internet gateway so that all outbound traffic that has to go to internet, will go via this internet gateway.

Now lets see how we can implement above mentioned infrastructure,

Declare variables that we are going to use while creating the networking resources.
vars : 
    vpc_title: 'knoldus'
    vpc_name: "{{ vpc_title }} VPC"
    igw_name: "{{ vpc_title }} IGW"
    subnet_name_1: "{{ vpc_title }} Subnet"
    subnet_name_2: "{{ vpc_title }} Subnet"
    acl_name: "{{ vpc_title }} ACL"
    route_table_name: "{{ vpc_title }} route table"
    vpcCidrBlock: '10.0.0.0/16'
    destinationCidrBlock: '0.0.0.0/0'
    subNetCidrBlock_1: '10.0.1.0/24'
    subNetCidrBlock_2: '10.0.2.0/24'
    state : "present"
    zone: 'ap-south-1a'
    region: 'ap-south-1'
Create a VPC using the ec2_vpc_net modules with name, cidr block, dns support and tenancy.
- name: create a new ec2 VPC
     ec2_vpc_net:
       name: "{{ vpc_name }}" 
       cidr_block: "{{ vpcCidrBlock }}"
       region: "{{ region }}"
       # enable dns support 
       dns_support: yes
       # enable dns hostnames
       dns_hostnames: yes
       tenancy: default
       state: "{{ state }}"
     register: ec2_vpc_net_result
Now create a Internet Gateway using the ec2_vpc_igw module for the created vpc.
- name: create ec2 vpc internet gateway       
     ec2_vpc_igw:
      vpc_id: "{{ ec2_vpc_net_result.vpc.id }}"
      region: "{{ region }}"
      state: "{{ state }}" 
      tags:
        Name: "{{ igw_name }}"
     register: igw_result
Then create a two subnets using the ec2_vpc_subnet module for the vpc with cidr block and enable public ip
- name: create ec2 vpc subnet - 1 
     ec2_vpc_subnet:
      vpc_id: "{{ ec2_vpc_net_result.vpc.id }}"
      region: "{{ region }}"
      az: "{{ zone }}"
      state: "{{ state }}"
      cidr: "{{ subNetCidrBlock_1 }}"
      map_public: yes
      resource_tags:
        Name: "{{ subnet_name_1 }}"
     register: subnet_result_1

- name: create ec2 vpc subnet - 1 
     ec2_vpc_subnet:
      vpc_id: "{{ ec2_vpc_net_result.vpc.id }}"
      region: "{{ region }}"
      az: "{{ zone }}"
      state: "{{ state }}"
      cidr: "{{ subNetCidrBlock_2 }}"
      map_public: yes
      resource_tags:
        Name: "{{ subnet_name_2 }}"
     register: subnet_result_2
After this create NACL using the ec2_vpc_nacl module with ingress and egress ports.
- name: create ec2 VPC Network access control list 
     ec2_vpc_nacl:
      vpc_id: "{{ ec2_vpc_net_result.vpc.id }}"
      region: "{{ region }}"
      state: "{{ state }}"
      name: "{{ acl_name }}"
      subnets:  
        - "{{ subnet_result_2.subnet.id }}" 
        - "{{ subnet_result_1.subnet.id }}" 
      tags:
        Name: "{{ acl_name }}"
        Description: "{{ acl_name }}"
      # ingress rules
      ingress:
        # rule no, protocol, allow/deny, cidr, icmp_type, icmp_code, port from, port to
        - [100, 'tcp', 'allow', "{{ destinationCidrBlock }}", null, null, 80,80]
      # egress rules
      egress:
        # rule no, protocol, allow/deny, cidr, icmp_type, icmp_code, port from, port to
        # allow egres port 22 
        - [100, 'tcp', 'allow', "{{ destinationCidrBlock }}", null, null, 80, 80]
       
     register: acl_results
And then create a Route table using the ec2_vpc_route_table module and connect subnet to routes
- name: create ec2 VPC public subnet route table
     ec2_vpc_route_table:
      vpc_id: "{{ ec2_vpc_net_result.vpc.id }}"
      region: "{{ region }}"
      state: "{{ state }}"
      tags:
        Name: "{{ route_table_name }}"
      subnets:  
        - "{{ subnet_result_2.subnet.id }}" 
        - "{{ subnet_result_1.subnet.id }}" 
      
      # create routes
      routes:
        - dest: "{{ destinationCidrBlock }}" 
          gateway_id: "{{ igw_result.gateway_id }}"
     register: public_route_table
  
   - name: print out new vpc, subnet id, and security group for vpc
    # print out new subnet id and security group
     debug:
      msg: "VPC created "

Now run below command to create this resources,

ansible-playbook network_infra.yml

Then check from your aws console if all resources are created properly,
VPC has been created as you can check below,

Internet gateway is also there and is attached to our VPC.

Then check our two subnets which we created

Now look for Route table which is connected with two subnets

Last check NACL which is associated with two subnets.

That’s all for this blog, I hope you got some understanding of networking and how to created networking infrastructure in aws with this blog. If you have any doubt, feel free to contact me nitin.mishra@knoldus.com.

Thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs ups and share this blog and if you feel, give me suggestions on scope of improvements.

knoldus

Written by 

Nitin Mishra is a Software Consultant at Knoldus Software LLP. He has done MCA from GGSIPU and completed Bachelor of Science in Computer Science from Delhi University. He is a tech enthusiast with good knowledge of Java. He is majorly focused in DevOps practice. On personal front he loves to travel mountains and writes poetry.