← Back to homeansible-collection

Automating AWS EC2 Instance Provisioning with Ansible

← All writing

Introduction

Manually provisioning AWS EC2 instances can be time-consuming and error-prone. But with Ansible, you can automate the entire process — from instance creation to securing credentials and making configurations reusable.

In this guide, you’ll learn how to:

✅ Install necessary dependencies (Boto3 and AWS Collection)

✅ Write an Ansible playbook to create an EC2 instance

✅ Secure AWS credentials using Ansible Vault

✅ Make your playbook modular and reusable with variables

✅ Execute the playbook to provision AWS EC2 instances seamlessly

By the end of this article, you’ll have a fully functional and reusable Ansible automation for EC2 provisioning. 🚀

GitHub Repository

You can find all the code examples used in this guide in my GitHub repository:

🔗 GitHub Repo

Step 1: Installing Dependencies

Before provisioning AWS resources, install the required dependencies:

pip install boto3 botocore
ansible-galaxy collection install amazon.aws

Why Do We Need These?

Boto3 → Python SDK for AWS, required for Ansible’s AWS modules.

Amazon AWS Collection → Set of Ansible modules specifically for AWS.

To verify the installation, run:

ansible-galaxy collection list | grep amazon.aws

Step 2: Writing an Ansible Playbook to Create an EC2 Instance

Instead of adding all tasks in a single, cluttered playbook, we’ll use Ansible Roles to keep it modular.

1️⃣ Creating a Role for EC2 Provisioning

Initialize an Ansible role for EC2 provisioning:

ansible-galaxy role init ec2

Now, open ec2/tasks/main.yaml and define the task to launch an EC2 instance:

#SPDX-License-Identifier: MIT-0
---
- name: Start an EC2 instance with a public IP address
amazon.aws.ec2_instance:
name: "ansible-instance"
instance_type: t3.micro
security_group: default
region: eu-north-1
aws_access_key: "{{ ec2_access_key }}" # Secured with Vault
aws_secret_key: "{{ ec2_secret_key }}" # Secured with Vault
network:
assign_public_ip: true
image_id: ami-016038ae9cc8d9f51 # Replace with a valid AMI
tags:
Environment: Testing

2️⃣ Writing the Playbook to Apply the Role

Create a playbook ec2-creation-playbook.yaml that applies the role:

---
- hosts: localhost
connection: local
roles:
- ec2

This approach keeps your playbook clean and separates concerns effectively.

Step 3: Securing AWS Credentials with Ansible Vault

Using plain text AWS credentials in playbooks is a security risk. Instead, use Ansible Vault to encrypt them.

1️⃣ Creating a Vault Password File

Generate a strong password and store it:

openssl rand -base64 2048 > vault.pass

2️⃣ Storing AWS Credentials Securely

Create an encrypted variable file:

ansible-vault create group_vars/all/pass.yml --vault-password-file vault.pass

Inside pass.yml, add the credentials:

---
ec2_access_key: "YOUR_AWS_ACCESS_KEY"
ec2_secret_key: "YOUR_AWS_SECRET_KEY"

3️⃣ Running the Playbook with Vault

To execute the playbook securely, use:

ansible-playbook ec2-creation-playbook.yaml --vault-password-file vault.pass

With Ansible Vault, you can safely store sensitive credentials and avoid accidental exposure.

Step 4: Making the Playbook Reusable with Variables

Instead of hardcoding values like instance type in tasks, use variables to make the playbook dynamic and reusable.

1️⃣ Updating the Task to Use Variables

Modify ec2/tasks/main.yaml to reference variables:

#SPDX-License-Identifier: MIT-0
---
- name: Start an EC2 instance with a public IP address
amazon.aws.ec2_instance:
name: "ansible-instance"
instance_type: "{{ type }}"
security_group: default
region: eu-north-1
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
network:
assign_public_ip: true
image_id: ami-016038ae9cc8d9f51
tags:
Environment: Testing

2️⃣ Creating a Separate Role for Variables

To manage default values, create another role:

ansible-galaxy role init ec2-variables

Inside ec2-variables/defaults/main.yaml, define the default instance type:

---
type: t3.micro

3️⃣ Writing the New Playbook

Now, create ec2-creation-variables-playbook.yaml that uses both roles:

---
- hosts: localhost
connection: local
roles:
- ec2-variables

4️⃣ Running the Playbook with Variables

Execute the playbook while ensuring variables are dynamically set:

ansible-playbook ec2-creation-variables-playbook.yaml --vault-password-file vault.pass

Conclusion

By following this step-by-step guide, you have successfully:

✅ Installed dependencies and set up Ansible for AWS

✅ Written an Ansible playbook to create an EC2 instance

✅ Secured AWS credentials using Ansible Vault

✅ Used variables to make the playbook modular and reusable

✅ Automated the provisioning process for better efficiency and scalability

This approach makes your AWS infrastructure management cleaner, reusable, and more secure. 🚀

💡 Want to scale automation further? Try integrating Ansible with Terraform or Jenkins for CI/CD!

🚀 Let’s Connect!

If you found this guide helpful, follow me for more DevOps and Cloud Engineering content:

🔗 GitHubgithub.com/Dhanika-Kumarasiri

🔗 Mediummedium.com/@dhanika-kumarasiri

Have questions? Drop them in the comments! Let’s automate AWS the smart way! 🚀

Originally published on Medium.

Read on Medium