How to do it...

We can create a VPC by using an ec2_vpc_net module. This module will take a name, the regions, and a CIDR block as the argument along with our credentials. 

1. Let us define the task:

- name: Create AWS VPC
  ec2_vpc_net:
    name: "{{ vpc_name }}"
    cidr_block: "{{ vpc_cidr_block }}"
    region: "{{ aws_region }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
  register: my_first_vpc

Note that we have registered the output of the task in a variable called my_first_vpc. We will use values from this variable in the subsequent tasks. We have used quite a few variables as well. Using variables appropriately makes it easier to reuse the roles and playbooks at a later point. Other than access_key and secret_key, the rest of the variables are defined in chapter2/roles/ec2/vars/main.yml:

# VPC Information
vpc_name: "My VPC"
vpc_cidr_block: "10.0.0.0/16"
aws_region: "us-east-1"

1. Now let us create a public and a private subnet using an ec2_vpc_subnet module. We will supply a smaller block of CIDR out of the CIDR block that we used while creating the VPC. We also need to provide information about the region and the availability zone within the region. We will get the VPC ID from the variable that we registered in the previous task:

- name: Create Public Subnet in VPC
  ec2_vpc_subnet:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    cidr: "{{ vpc_public_subnet_cidr }}"
    region: "{{ aws_region }}"
    az: "{{ aws_zone }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
    tags:
      Name: Public Subnet
  register: my_public_subnet

- name: Create Private Subnet in VPC
  ec2_vpc_subnet:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    cidr: "{{ vpc_private_subnet_cidr }}"
    region: "{{ aws_region }}"
    az: "{{ aws_zone }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
    tags:
      Name: Private Subnet
  register: my_private_subnet

We have created two subnets using these two tasks. The tasks are identical, except for the CIDR block allocated to them. At this point, there is not much of a difference between the public and private subnet in terms of functionality. The functional difference will arise when we attach route tables later. We will register the output of these tasks in a variable for further use. For these tasks, we need to add the following variables to our roles/ec2/vars/main.yml:

aws_zone: "us-east-1a"
    
# Subnets
vpc_public_subnet_cidr: "10.0.0.0/24"

# Subnets
vpc_private_subnet_cidr: "10.0.1.0/24"

1. Let us create the Internet Gateway now. This is quite simple. All we need to do is provide the VPC ID and region along with the credentials. We will register the output of this task in a variable:

- name: Create Internet Gateway
  ec2_vpc_igw:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    state: present
  register: my_first_igw

1. After this, we will create the NAT Gateway. One thing to note here is that the NAT Gateway is attached to the private subnet but it is created in the public subnet. This is because inbound traffic needs to reach this instance, which will then be translated and forward onto instances in the private subnet. We will get the public subnet ID from the variable that we registered:

- name: Create NAT Gateway
  ec2_vpc_nat_gateway:
    if_exist_do_not_create: yes
    subnet_id: "{{ my_public_subnet.subnet.id }}"
    region: "{{ aws_region }}"
    state: present
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    wait: yes
  register: my_first_nat_gateway

1. With both the Internet Gateway and NAT Gateway created, we will create and attach the routing table using an ec2_vpc_route_table module. We will get the VPC ID, subnet ID, and gateway ID from the variables that we have registered before:

- name: Create Route Table for Public Subnet
  ec2_vpc_route_table:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ my_first_igw.gateway_id }}"
    subnets:
      - "{{ my_public_subnet.subnet.id }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    tags:
      Name: Public Subnet Route Table

- name: Create Route Table for Private Subnet
  ec2_vpc_route_table:
    vpc_id: "{{ my_first_vpc.vpc.id }}"
    region: "{{ aws_region }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ my_first_nat_gateway.nat_gateway_id }}"
    subnets:
      - "{{ my_private_subnet.subnet.id }}"
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    tags:
      Name: Private Subnet Route Table

With these tasks, our VPC is configured and ready to use. We can create resources in this VPC and use them to deploy our applications.