This is a simple (but effective) project that allows to quickly set-up windows instances in AWS environment. It includes the possibility of creating the VPC, subnet, security groups and more for you.
You can place it as well in your existing VPC and create the subnet, or place it inside your existing subnet.
It is quite flexible. Enjoy it!
The main resources for this project are located inside provisioner
folder where the Ansible code is located.
Inside this folder we will find:
aws
:ansible
: containing the Ansible configuration, the different related playbooks (all started withmain.yml
) and the env_variables_aws.yaml containing the changeable configuration.modules
: those define the specific behavior for preparing the AWS related resources (Internet Gateway, Instances, Route Tables, Security Groups, Subnet and VPCs
)
filter_plugins
: Global plugins that are used for simplification of some tasks.Dockerfile
: for building the image to run the Ansible and Terraform dynamically generated project without having to install anything besidesDocker
..dockerignore
: To exclude some files from the image build for security and keeping it clean purposes.password_retriever.py
: Utility for getting the password in clear text for the windows instance decrypting it using the private key for the instance.
Important
Do not forget to set the ANSIBLE_FILTER_PLUGINS environment variable to the absolute path where the custom_filters are located with the actual path of the project.
Caution
Remember to review the env variables. This playbook has direct support for several regions but do not cover all. Include your region and ami if missing in the list.
- Install Python.
sudo apt-get update && apt-get install -y python3 python3-pip
- Install Ansible:
pip install ansible==9.4.0
- Install Ansible collection for aws:
ansible-galaxy collection install amazon.aws
- Install boto3 with pip.
pip3 install boto3 botocore
- Install Terraform following Official instructions from Hashicorp documentation.
Tip
You can decide which version to install by checking PIP Ansible release history
You just have to build the Docker image!
docker build provisioner -f provisioner/Dockerfile -t windows-provider:1.0 \
--build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg USER=$(id -un) --build-arg GROUP=$(id -gn)
Important
Do not forget to set at least your public IP in the rules of the security groups to be able to access using the SSH generated key after launching the playbook.
- Set the required environment variables. If you do not have such, please check Amazon documentation on how to generate those here.
export AWS_REGION="eu-west-2"
export AWS_ACCESS_KEY_ID="REAL_VALUE_OF_AWS_ACCESS_KEY_ID"
export AWS_SECRET_ACCESS_KEY="REAL_VALUE_OF_AWS_SECRET_ACCESS_KEY"
-
Remember to change the Ansible env variables as your desired configuration.
-
Ensure to set the filter plugins env variable and make those available:
cp -r provisioner/filter_plugins ${HOME}
export ANSIBLE_FILTER_PLUGINS="${HOME}/filter_plugins"
- Run the playbook.
ansible-playbook provisioner/aws/main.yaml -vv
- When the Terraform playbook has been generated, initialize and apply the project.
cd <outputs-folder-dynamically-calculated>
terraform init
terraform plan -var-file=envVariables --out tfplan
terraform apply tfplan
If you have built the image and adapted the Ansible env variables as your desired configuration, then you just need to execute this!
docker run --user $(id -u):$(id -g) -v $(pwd)/provisioner:/app -e AWS_ACCESS_KEY_ID="" -e AWS_SECRET_ACCESS_KEY="" \
-e AWS_REGION="eu-west-2" -e VERBOSITY="-vvv" -e ANSIBLE_FILTER_PLUGINS=/app/filter_plugins windows-provider:1.0
Important
Do not forget to set the real values for AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
.
- Obtain the password for the instance.
python3 provisioner/password_retriever.py <bsa_auto_infra_sbt_0_password_data-value-showed-in-console> $(find $(pwd) -type d -name infra-provision*)/bsa-auto-infra/modules/key/bsa_auto_infra_sbt_key_0.pem
- Use
Remote Desktop
from your instance to connect. Creds:Administrator:<your-decrypted-password>
Tip
If you have enabled the creation of client vpn, follow the next steps. Make sure to select your region first!
- Navigate to Client VPNS
- Click on Download client configuration
- Insert the client certificates in the downloaded file. Check the illustration for the format.
terraform_outputs=$(find $(pwd) -type d -name infra-provision*)
cat ${terraform_outputs}/bsa-auto-infra/modules/vpn/pki_certs/client.crt
cat ${terraform_outputs}/bsa-auto-infra/modules/vpn/pki_certs/client.key
- Support for AWS
- Support flexibility in creating the Terraform through ansible.
- Creates: VPC, Subnet, Internet Gateway, Security Groups, SSH keys and instances linking all the objects as required.
- Include creation of client vpn endpoint with self-signed certificates (not recommended for production set up).
- Support for more regions.
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated 💹.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
- Fork the Project
- Create your Feature Branch
git checkout -b feature/AmazingFeature
- Commit your Changes
git commit -m 'Add some AmazingFeature
- Push to the Branch
git push origin feature/AmazingFeature
- Open a Pull Request
Distributed under the Apache 2.0
License. See LICENSE for more information.
As we always state, our main purpose is keep learning, contributing to the community and finding ways to collaborate in interesting initiatives.
Do not hesitate to contact us at codetriariism@gmail.com
If you are interested in our content creation, also check our social media accounts. We have all sorts of training resources, blogs, hackathons, write-ups and more! Do not skip it, you will like it 😏 😏 😏 👍
Don't forget to give the project a star if you liked it! Thanks again! 🌟 💛