Ansbile + AWS Private hosts provisioning

Question

I am trying to provision 2 ec2 instances on a private subnet using Ansible playbooks. My infrastructure includes:

• Bastion Host on a public subnet
• 2 EC2 instances on 2 private subnets
• NAT Gate for outgoing connections
• Application Load Balancer

My question is how to run the Ansible playbook from localhost to affect the private instances. Can I SSH forward the playbook or does the playbook have to reside in the bastion host and then use the private IPs as hosts?

Answer 1

Create ssh-config file ~/.ssh/config and then add the following line to config file

host bastion
   HostName bastion_ip
   User bastion_user
   identityFile ~/.ssh/mykey.pem

host private_instance
   HostName  10.0.0.11
   user  private_ec2_user
   ProxyCommand ssh bastion -W %h:%p
   identityFile ~/.ssh/mykey.pem

My question is how to run the Ansible playbook from localhost to affect the private instances.

Now you have configured ssh config file all you need to type

ssh private_instance

this will create SSH tunneling to your private instance, you do not need complex or lengthy command to type every time.