Written by Mitch in Automation on Sat 09 January 2016. Tags: ansible, automation, coreos, docker, aws,
Part 2 of CoreOS on AWS with Ansible, part 1 discussed the CoreOS Cluster Setup. As I was writing this, it did dawn on me that the order I'm writing these in, is probably backwards. You would need the Security Group setup before the cluster could come up. Sorry, but on we go.
AWS Security Groups, are "kinda" like firewalls. Except they do not exist on the typical network boundary, they exist within the virtual layers of the network bridges between the host OS and the Virtual Machines running on it. Its what allows EC2 instances that reside on multiple networks and separate Availability Zones to exist within the same Security Group, and thus the same access privileges. Overall, it does make Security on AWS simpler to manage. Then VPC's came along with the ability to put firewall ACL's on your private subnets in addition to them, and things can get pretty harry, quickly, but maybe another time.
I will again be running everything in one file, and not with a separate rules directory as is typical of Ansible play books, for simplicity. The first part is pretty typical of an Ansible EC2 play.
--- - name: Configure Security Groups for AWS Infrastructure hosts: localhost gather_facts: false vars: security_group: docker-sg01 vpc_id: vpc-1111111 vpc_region: us-east-1 my_ip: 10.1.1.1/32 # My Home Public IP
I'm using a few variables here, basically the name of the security group, region and the VPC id. I also have a variable ...