aws-elb-role

This is an Ansible role that helps set up and remove an Elastic Load Balancer (ELB) in an AWS account easily.

Details on Creating ELBs and Route 53

For more information, refer to these links:

• Creating Auto-scaling Groups: Ansible EC2 ELB Module
• Route 53: Ansible Route 53 Module

This role will set up a multi-AZ ELB and register it with a Route 53 record in the zone you choose.

Requirements

You will need the latest Ansible EC2 support modules and Boto. Additionally, set up your Ansible environment for AWS: Ansible AWS Guide.

Role Variables

Default Variables:

• elb_purge_subnets: Remove existing listeners not mentioned, default is true.
• elb_cross_az_load_balancing: Balance load across all zones, default is true.
• elb_connection_draining_timeout: Time to wait for connections to clear before removing an instance, default is 60 seconds.
• elb_listeners: Default available listener is 80:80.
• elb_health_check: Default checks TCP connection on port 80.
• route53_overwrite: Replace existing entries if needed, default is true.
• route53_alias_evaluate_target_health: Monitor target health with Route 53, default is true.
• ec2_elb_state: State of the ELB, default is "present."
• route53_zone_state: State of the Route 53 zone, default is "present."

Required Variables:

• elb_name: Name of the ELB to create (e.g., my-elb).
• elb_security_groups: Specify security groups for the ELB.
• elb_region: Region to create the ELB (e.g., eu-west-1).
• elb_subnets: Subnets where the ELB will work.
• route53_zone: Name of the Route 53 zone to define (e.g., example.com).
• route53_host: Host name in the zone (e.g., www.example.com).

Dependencies

Please list any other necessary roles hosted on Galaxy, along with required parameters or variables.

Example Playbook

To use this role, install it with:

ansible-galaxy install daniel-rhoades.aws-elb-role

This example creates:

• A VPC for the ECS cluster using the daniel-rhoades.aws-vpc role.
• EC2 Security Groups for EC2 instances using the daniel-rhoades.aws-security-group role.

After creating, you can register EC2 instances to the ELB. The example requires my_route53_zone as a command line environment variable.

- name: My System | Provision all required infrastructure
  hosts: localhost
  connection: local
  gather_facts: no
  vars:
    my_vpc_name: "my_example_vpc"
    my_vpc_region: "eu-west-1"
    my_vpc_cidr: "172.40.0.0/16"
    everywhere_cidr: "0.0.0.0/0"
    my_vpc_subnets: ...
    my_public_subnet_routes: ...
    my_inbound_security_groups: ...
    my_internal_inbound_security_groups_file: "internal-securitygroups.yml"
    my_outbound_security_groups: ...
    my_elb_name: "my-elb"
    my_route53_host: "my-service-test"
  
  roles:
    - { role: daniel-rhoades.aws-vpc, ... }
    - { role: daniel-rhoades.aws-security-groups, ... }
    - { role: aws-elb-role, ... }

Internal Security Groups Example

The internal-securitygroups.yml might look like:

ec2_group_internal_inbound_sg:
  - sg_name: inbound-web-internal
    sg_description: allow http and https access (from load balancer only)
    sg_rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        group_id: "{{ ec2_group_inbound_sg.results[0].group_id }}"

To Decommission the ELB:

- name: My System | Decommission all required infrastructure
  hosts: localhost
  connection: local
  gather_facts: no
  vars:
    my_vpc_name: "my_example_vpc"
    my_vpc_region: "eu-west-1"
    my_vpc_cidr: "172.40.0.0/16"
    everywhere_cidr: "0.0.0.0/0" 
    my_elb_name: "my-elb"
    my_route53_host: "my-service-test"
  
  roles:
    - { role: aws-elb-role, ec2_elb_state: "absent", ... }

License

This project is licensed under MIT.

Author Information

Daniel Rhoades (https://github.com/daniel-rhoades)