Provision, Configure LB , Terminate Ec2 Instances by Ansible Dynamically

6 min readSep 9, 2020

Ansible the best agentless configuration tool available. App deployment, configuration management, and orchestration — all from one system. Ansible is simple, agentless automation that anyone can use.


  • AWS IAM user crediantials
  • AWS EC2 instance key
  • Ansible on system, with boto and boto3 libraries


Deploy a Load Balancer and multiple Web Servers on AWS instances through ANSIBLE !

♦️ Configuration details.

♦️ Provision EC2 instances through Ansible.

♦️ About python file, usecases of

♦️ Configure the web servers through the ansible role.

♦️ Configure the load balancer through the ansible role.

♦️ #The target nodes of the load balancer should auto-update as per the status of web servers.

♦️ Terminate all the AWS resources from Ansible dynamically.

Github code link

Configuration Details

Ansible configuration file stores all the configuration details of managed nodes( like ssh username, password, or sudo user details)

  • inventory: A directory where all hosts ip address are stored
  • private_key_file: path of key that is used to login ec2 instances
  • remote_user: Name of user we will login via ssh
  • become: become a root user in ssh client
  • ask_pass: ask password for using sudo command
  • host_key_checking: auto adds the ssh public key to trusted ssh clients
  • roles_path: a directory where all roles are stored
  • [privilege-escalations] use these values when become is true
  • become_user: become the user “root”. we can give other user name also based on powers they have.
  • become_method: use sudo method for privilege-escalations. As there are lots of methods available (like zudo etc.)
  • become_ask_pass: asks password for privilege-escalations.

Default path of Ansible configuration file is

Provision EC2 Instances through Ansible

This playbook is launched from hosts as localhost.
As no details of system are used to launch ec2 instances. So, its better to disable the gathering facts module

vim ec2prov/tasks/main.yml

  • launching two security groups one for lbserver and one for webserver.
  • Loadbalancer does not require does not require port 80. So, Make a seperate security group with open ports as 8080 (for clients) and 22 (for ssh).
  • Webserver only requires port 80(for LB) and 22. So, make a seperate security group for it.
  • Launching a Loadbalancer instance with Security group as “loadbalancer_sg”.
  • Name of instance is “lbserver”. Name is very important as it will be used to configure ‘haproxy’ loadbalancer.
  • id” keyword is a normal string text. It makes the task idempotent, means when we run playbook again and again new instance is not launched.
    But had to manually change id keyword when we terminate an instance.
  • wait keyword waits for instance to launch successfully.
    means the keyword register can store all facts about ec2 instance.
    without wait register keyword returns empty value.
  • 3 instances are launched as “webserver”.
  • Security group is “webserver_sg”.
  • Printing IP’s of every instance to verify every instance is launched successfully. and to use save the values of IP’s for future use.
  • As developer we do not need to go to AWS console to get the IP of Ec2 instances.
  • variables file
  • aws_access_key and aws_secret_key are stored in a password protected vault.
    To access the vault use — ask-vault-pass in command.
  • Now running the “ec2prov” role. :)

About Python file, Usecases of file is used to dynamically fetch IP address of running and stopped ec2 instances.

  • also provides several task variables and host variables that can be used in playbook.
    like “{{ ec2_ip_address }}” This variable can be used in tasks.

chmod +x

  • change python to python3
  • copy the export cmds and run them in terminal.
  • Or we can also write crediantials details inside file(less secure).
  • executing
  • tag_Name_lbserver and tag_Name_webserver are the variables. That can be used directly in hosts.

- hosts: tag_Name_lbserver
gather_facts: false

  • Dynamically fetched IP’s by

Configure the Web Servers through the Ansible role

Configuring the Load Balancer and Web Server Dynamically.

vim haproxy.yml

  • Note the hosts name. They are fetched from Thus, making our code dynamic.
  • Installing haproxy
  • Sending conf file from templates

vim lbrole/templates/hitesh.cfg.j2

  • User for loop for printing multiple IP’s of webservers.

vim lbrole/vars/main.yml

vim lbrole/handlers/main.yml

  • No credentials are required here as login will be done by private ec2key file.

vim node_role/tasks/main.yml

ansible-playbook haproxy.yml

  • conf load balancer
  • conf webserver

Terminate all the AWS resources from Ansible dynamically

This role will terminate all the AWS resources that was launched by ansible previously

vim term.yml

vim term/tasks/main.yml

  • first task is run to fetch details of running ec2 instances
  • debug msgs to print individual instances id’s
  • last debug prints instances id’s in list
  • removing all ec2 instances in one task using when_items keyword.
    it displays the ids in list
  • removing security group of webserver and lbserver.
  • we had to provide very limited information while removing resources.
  • printing individual instance id’s for better debugging
  • removed all ec2 instances, lb and webserver security groups.
  • Termination role ran successfully :)