Ansible 2.0 & AWS: The Power of AWS Meets Ansible Simplicity
Before diving straight into the new Ansible 2.0 updates (which we will do in Part 2 of this short blog series), let’s take a step back and look at why Amazon Web Services (AWS) and Ansible make such a terrific match for DevOps enterprises. As you likely know, AWS is a collection of cloud computing services that make up the on-demand computing platform offered by Amazon.com. These services operate from 12 geographical regions across the world. The most central and best-known of these services arguably include Amazon Elastic Compute Cloud, also known as “EC2”, and Amazon Simple Storage Service, also known as “S3”. AWS now has more than 70 services that range from compute, storage, networking, database, analytics, application services, deployment, management and mobile.
Juxtaposed to Amazon’s power, Ansible is simple and lightweight. Specifically, Ansible is an IT automation engine for environment and infrastructure provisioning, configuration management, application deployment and much more. In comparison to other tools such as Chef or Puppet, Ansible aims to provide simple large scale orchestration of systems in a lightweight package over SSH rather than an all-encompassing solution. Think of Ansible as a higher-level, idempotent version of bash scripts that is a lot easier to rapidly develop and manage, especially given the language choice of YAML.
Ansible’s unique feature set:
- Based on an agent-less architecture (unlike Chef or Puppet).
- Accessed mostly through SSH (it also has local and paramiko modes).
- No custom security infrastructure is required.
- Configurations (playbooks, modules etc.) written in the easy-to-use YAML format.
- Shipped with more than 250 built-in modules.
- Full configuration management, orchestration, and deployment capability.
- Interacts with its clients either through playbooks or a command-line tool.
Using Ansible to automate your applications in AWS greatly increases the chances that your cloud initiative will be a success. Here are eight great reasons why:
- Agile DevOps: Ansible has built a simple, flexible and reusable networking support in a way that can work as a common language between the traditional networking teams and DevOps teams, allowing organizations to benefit from the knowledge base of both teams. With Ansible, DevOps gets the capability to automate network infrastructure using SSH and APIs. In addition, DevOps don’t have to worry about a specific data model or abstraction in their infrastructure. Ansible directly supports DevOps by giving both teams an easy-to-use tool they can use to collaborate in a natural fashion (without invoking a series of tickets and other time-consuming processes that burden the business), thus streamlining the DevOps promise to meet changing business needs instead of manually pushing network configuration.
- Secure automatic updates: Ansible features three elements that helps ensure secure updates. First, it avoids manual setup which is important as manual set-ups are hard to audit and hence more prone to having an unintended, overlooked hole. Second, Ansible updates are made regular through automation avoiding controls that may be accidentally removed in the process. Third, Ansible updates and software upgrades are regular, which implicitly requires the upgrade processes to be easy. If a setup is provisioned using Ansible, relevant policies can be baked in the Ansible configuration files. Rather than manual upgrades, an upgrade becomes an upgrade to an Ansible config file, which can be deployed with confidence, knowing it will not have unintended consequences.
- Secure credentials: Ansible offers a clean solution here. Called the Ansible vault, it allows you to encrypt your secrets with a password. These encrypted files can then be safely part of the repo.
- Operational efficiency: Ansible uses a very simple language (YAML, in the form of Ansible playbooks) that can be used to define, deploy and manage a wide variety of AWS services. Even the most complicated of AWS environments can be easily explained in Ansible playbooks that allow you to describe your automation jobs in a way that approaches plain English. The result: your team can work faster and spend more time on strategic work, while new team members can hit the ground running.
- Control cloud sprawl: Keeping accurate track of deployed infrastructure is a critical part of ensuring that systems are properly managed through their lifecycles. With Ansible Tower’s cloud inventory synchronization, you can know exactly what AWS instances you have no matter how they were launched. Simply enter your AWS credentials and your entire AWS infrastructure can be made available as resources to use in your Ansible automation jobs.
- Safe permissions: Ansible Tower also features an extensive set of role-based access controls that ensure users will only have access to the AWS resources (networks, systems, security groups, etc.) that they require for their job. Plus, Tower encrypts credentials such as AWS and SSH keys so that you can delegate simple automation jobs to junior employees without giving away the keys to the kingdom.
- Easy migrations: With Ansible, you can use the same simple playbook language to manage your infrastructure and deploy your application. Use Ansible to define your application locally. Once you can repeatedly deploy that application locally, re-deploying it to a different infrastructure is as straightforward as defining your AWS environment, and then applying your application’s playbook.
- Monitoring: Monitoring and alerting go hand in hand. At an infrastructure and application level, you may monitor several metrics–from CPU and memory to application-level information such as heap and number of database connections from your application–and alert relevant teams based on that. Ansible makes it easier by providing several modules for DataDog, Monit, Nagios, PagerDuty integration.
AWS is powerful indeed. However, with great power comes the opportunity to make great mistakes and thankfully Ansible offers a sleek solution to help AWS shops move more nimbly while avoiding common development, operations and security pitfalls. In our next installment of this two-part blog on Ansible and AWS, we will take a look at the notable additions to Ansible 2.0 and how they can help further increase your effectiveness with AWS. In the meantime, feel free check out our video tutorial on getting started with Ansible for AWS.
Did you find this useful?
Interested in getting tips, best practices and commentary delivered regularly? Click the button below to sign up for our blog and set your topic and frequency preferences.