You're reading from Learn Ansible Automate your cloud infrastructure, security configuration, and application deployment with Ansible

Product type Paperback

Published in May 2024

Publisher Packt

ISBN-13 9781835088913

Length 414 pages

Edition 2nd Edition

Tools

Ansible

Concepts

Cloud Computing

Author (1):

Russ McKendrick

View More author details

Table of Contents (24) Chapters

Preface

1. Part 1: Introducing, Installing, and Running Ansible FREE CHAPTER

2. Chapter 1: Installing and Running Ansible

3. Chapter 2: Exploring Ansible Galaxy

4. Chapter 3: The Ansible Commands

5. Part 2: Deploying Applications

6. Chapter 4: Deploying a LAMP Stack

7. Chapter 5: Deploying WordPress

8. Chapter 6: Targeting Multiple Distributions

9. Chapter 7: Ansible Windows Modules

10. Part 3: Network and Cloud Automation

11. Chapter 8: Ansible Network Modules

12. Chapter 9: Moving to the Cloud

13. Chapter 10: Building Out a Cloud Network

14. Chapter 11: Highly Available Cloud Deployments

15. Chapter 12: Building Out a VMware Deployment

16. Part 4: Ansible Workflows

17. Chapter 13: Scanning Your Ansible Playbooks

18. Chapter 14: Hardening Your Servers Using Ansible

19. Chapter 15: Using Ansible with GitHub Actions and Azure DevOps

20. Chapter 16: Introducing Ansible AWX and Red Hat Ansible Automation Platform

21. Chapter 17: Next Steps with Ansible

22. Index

Why subscribe?

23. Other Books You May Enjoy

Why scan your playbooks?

While we have been taking a sensible approach to deploying our cloud resources in previous chapters, many of the guardrails we have put in place have all been ones I have learned through experience and by applying a little common sense.

For example, when launching a virtual machine resource in either Microsoft Azure or Amazon Web Services, we have been locking down the SSH or RDP service to the host’s public IP address, which is running Ansible; up until now, this has been your local machine rather than just opening SSH or RDP to the world by using 0.0.0.0/0 as the source address, which is the CIDR notation for “allow all.”

This is not a problem for the workloads we have been working on; having a virtual machine exposed directly to the internet with its management port open for everyone to access is not considered best practice, as it will expose you to brute-force attacks, which, if they are successful, will not only lead to that...