4 - MANAGEMENT_SUBNET != ''
10 vpc_id: "{{ vpc.vpc.id }}"
11 region: "{{ vpc_region }}"
14 description: "allow ssh from anywhere"
26 - name: sg management-elb
28 vpc_id: "{{ vpc.vpc.id }}"
29 region: "{{ vpc_region }}"
32 description: "sg for internal elb for monitoring management"
45 vpc_id: "{{ vpc.vpc.id }}"
46 region: "{{ vpc_region }}"
49 description: "sg for management"
53 group_name: management
55 group_name: management-elb
56 register: sg_management
58 - name: elb management-int-elb
60 region: "{{ vpc_region }}"
62 name: management-int-elb
63 cross_az_load_balancing: yes
65 subnets: "{{ MANAGEMENT_SUBNET }}"
70 load_balancer_port: 22
77 unhealthy_threshold: 2
80 - name: management key
82 region: "{{ vpc_region }}"
83 name: "{{ MANAGEMENT_KEY_NAME }}"
84 key_material: "{{ item }}"
85 with_file: keys/{{ MANAGEMENT_KEY_NAME }}.pub
87 - name: management iam
93 # this is only ansible 2.3+
94 # - name: management role policies
99 # - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
100 # - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
102 # will need to rev name-version when changing AMI
103 - name: management lc
105 region: "{{ vpc_region }}"
106 name: management-0000
107 image_id: "{{ DEFAULT_AMI }}"
108 key_name: "{{ MANAGEMENT_KEY_NAME }}"
109 instance_profile_name: management
111 - "{{ sg_management.group_id }}"
112 - "{{ sg_ssh.group_id }}"
113 instance_type: m4.large
115 # setting the root volume seems to prevent instances from launching
116 # - device_name: /dev/sda1
119 # delete_on_termination: true
120 - device_name: /dev/sdb
121 ephemeral: ephemeral0
122 - device_name: /dev/sdc
123 ephemeral: ephemeral1
124 - device_name: /dev/sdd
125 ephemeral: ephemeral2
126 - device_name: /dev/sde
127 ephemeral: ephemeral3
130 - name: management asg
132 region: "{{ vpc_region }}"
138 vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
139 launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}"
140 notification_topic: "{{ management_topic.sns_arn }}"
142 - autoscaling:EC2_INSTANCE_LAUNCH
146 - account: "{{ ACCT_NAME }}"
147 propagate_at_launch: yes
149 propagate_at_launch: yes
151 propagate_at_launch: yes
153 propagate_at_launch: yes
155 propagate_at_launch: yes
157 - name: not implemented yet
160 attach policies to iam role