A demonstration of deploying a small infrastructure into AWS using Ansible.
3 t2.micro instances are booted, in a VPC. Each class of instance has its own subnet.
- bastion - allows ssh access to the other nodes
- web - 80/443 to internet - proxy for app
- app - a backend app accessible via the web front-end
The following environment variables must be set:
AWS_ACCESS_KEY_ID- Credentials for AWSAWS_SECRET_KEY- Credentials for AWSAWS_REGION- e.g.us-east-2
Certain versions of boto3 have an issue with newlines in the AWS_ environment variables, may require quotes:
export AWS_SECRET_KEY='MY AWS SECRET KEY'
make prep
make deploy
After the deploy complete, access information is printed on the terminal
make clean
-
How to make fault tolerant and H/A?
This deployment could be more fault tolerant by splaying the resources into different AZs in the region, or moreso by deploying to different regions. The modules used support these features, and could be configured as such if desired. Additionally, ansible has modules to create elastic load-balancers.
-
How to make this deployment more secure?
There are various system-administration practices that can be applied to cloud instances. Obviously, the use of an ACME (Let's Encrypt) system would be step 1 in a real production deployment. Periodic replacement of the instances when newer images are available would ensure that we're not running with known vulnerabilities.
-
How to keep up with changing demands?
The deployment language (ansible) supports the creation of auto-scaling groups (ASG), which can be configured with launch configs.