

Ask HN: Has someone automated best practices for AWS? - fizx

I&#x27;m looking for a configuration tool that will let you declaratively specify the condition of your AWS account (mostly IAM, user permissions, roles, etc) in code or config.  Perhaps similar to Chef, Ansible, Puppet, etc, but <i>not</i> for individual instances, but rather for the AWS metadata itself.<p>Has someone built this?
======
ryane
Check out AWS CloudFormation (AWS specific) or Terraform.

[http://aws.amazon.com/cloudformation/](http://aws.amazon.com/cloudformation/)

[https://terraform.io/](https://terraform.io/)

------
davismwfl
You can do this using the AWS library or cli tools, combine that with Ansible
etc and it works nice. Also, have you checked out Netflix for all their open
source tools for AWS? They have a couple that dig into AWS and inventory what
you have and allow you to make changes etc.

IIRC, Ansible has an inventory command, you just have to run it per AZ. I
don't do the Ansible work everyday so it may be slightly different now.

For our configuration we use Ansible alone with the AWS API library and cli
tools. So for example, we have backups scripted via cli tools and shell
scripts but those scripts are configured and deployed using Ansible. In other
places we have tools deployed via Ansible that use the Node API into AWS to
get more information and make some minor setting changes.

------
penguinlinux
Ansible has plenty of cloud modules for AWS. you can describe your whole AWS
environment from VPC , Security Groups, Routing tables, etc. You might not be
able to find everything but you can also use the AWS Cli to handle IAM roles
and user permissions. You have to use a mix of both Ansible and plain AWS Cli
to achieve your goal.

~~~
fizx
It's sooo limited in what's implemented.

