
Introduction
Manually provisioning AWS EC2 instances can be time-consuming and error-prone. But with Ansible, you can automate the entire process — from instance creation to securing credentials and making configurations reusable.
In this guide, you’ll learn how to:
✅ Install necessary dependencies (Boto3 and AWS Collection)
✅ Write an Ansible playbook to create an EC2 instance
✅ Secure AWS credentials using Ansible Vault
✅ Make your playbook modular and reusable with variables
✅ Execute the playbook to provision AWS EC2 instances seamlessly
By the end of this article, you’ll have a fully functional and reusable Ansible automation for EC2 provisioning. 🚀
GitHub Repository
You can find all the code examples used in this guide in my GitHub repository:
Step 1: Installing Dependencies
Before provisioning AWS resources, install the required dependencies:
pip install boto3 botocore
ansible-galaxy collection install amazon.aws
Why Do We Need These?
• Boto3 → Python SDK for AWS, required for Ansible’s AWS modules.
• Amazon AWS Collection → Set of Ansible modules specifically for AWS.
To verify the installation, run:
ansible-galaxy collection list | grep amazon.aws
Step 2: Writing an Ansible Playbook to Create an EC2 Instance
Instead of adding all tasks in a single, cluttered playbook, we’ll use Ansible Roles to keep it modular.
1️⃣ Creating a Role for EC2 Provisioning
Initialize an Ansible role for EC2 provisioning:
ansible-galaxy role init ec2
Now, open ec2/tasks/main.yaml and define the task to launch an EC2 instance:
#SPDX-License-Identifier: MIT-0
---
- name: Start an EC2 instance with a public IP address
amazon.aws.ec2_instance:
name: "ansible-instance"
instance_type: t3.micro
security_group: default
region: eu-north-1
aws_access_key: "{{ ec2_access_key }}" # Secured with Vault
aws_secret_key: "{{ ec2_secret_key }}" # Secured with Vault
network:
assign_public_ip: true
image_id: ami-016038ae9cc8d9f51 # Replace with a valid AMI
tags:
Environment: Testing
2️⃣ Writing the Playbook to Apply the Role
Create a playbook ec2-creation-playbook.yaml that applies the role:
---
- hosts: localhost
connection: local
roles:
- ec2
This approach keeps your playbook clean and separates concerns effectively.
Step 3: Securing AWS Credentials with Ansible Vault
Using plain text AWS credentials in playbooks is a security risk. Instead, use Ansible Vault to encrypt them.
1️⃣ Creating a Vault Password File
Generate a strong password and store it:
openssl rand -base64 2048 > vault.pass
2️⃣ Storing AWS Credentials Securely
Create an encrypted variable file:
ansible-vault create group_vars/all/pass.yml --vault-password-file vault.pass
Inside pass.yml, add the credentials:
---
ec2_access_key: "YOUR_AWS_ACCESS_KEY"
ec2_secret_key: "YOUR_AWS_SECRET_KEY"
3️⃣ Running the Playbook with Vault
To execute the playbook securely, use:
ansible-playbook ec2-creation-playbook.yaml --vault-password-file vault.pass
With Ansible Vault, you can safely store sensitive credentials and avoid accidental exposure.
Step 4: Making the Playbook Reusable with Variables
Instead of hardcoding values like instance type in tasks, use variables to make the playbook dynamic and reusable.
1️⃣ Updating the Task to Use Variables
Modify ec2/tasks/main.yaml to reference variables:
#SPDX-License-Identifier: MIT-0
---
- name: Start an EC2 instance with a public IP address
amazon.aws.ec2_instance:
name: "ansible-instance"
instance_type: "{{ type }}"
security_group: default
region: eu-north-1
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
network:
assign_public_ip: true
image_id: ami-016038ae9cc8d9f51
tags:
Environment: Testing
2️⃣ Creating a Separate Role for Variables
To manage default values, create another role:
ansible-galaxy role init ec2-variables
Inside ec2-variables/defaults/main.yaml, define the default instance type:
---
type: t3.micro
3️⃣ Writing the New Playbook
Now, create ec2-creation-variables-playbook.yaml that uses both roles:
---
- hosts: localhost
connection: local
roles:
- ec2-variables
4️⃣ Running the Playbook with Variables
Execute the playbook while ensuring variables are dynamically set:
ansible-playbook ec2-creation-variables-playbook.yaml --vault-password-file vault.pass
Conclusion
By following this step-by-step guide, you have successfully:
✅ Installed dependencies and set up Ansible for AWS
✅ Written an Ansible playbook to create an EC2 instance
✅ Secured AWS credentials using Ansible Vault
✅ Used variables to make the playbook modular and reusable
✅ Automated the provisioning process for better efficiency and scalability
This approach makes your AWS infrastructure management cleaner, reusable, and more secure. 🚀
💡 Want to scale automation further? Try integrating Ansible with Terraform or Jenkins for CI/CD!
🚀 Let’s Connect!
If you found this guide helpful, follow me for more DevOps and Cloud Engineering content:
🔗 GitHub → github.com/Dhanika-Kumarasiri
🔗 Medium → medium.com/@dhanika-kumarasiri
Have questions? Drop them in the comments! Let’s automate AWS the smart way! 🚀