fix vpcaccess sg
[awsible] / roles / vpcaccess-infrastructure / tasks / main.yml
1 ---
2 - assert:
3 that:
4 tags: ['check_vars']
5
6 - name: vpcaccess iam
7 iam:
8 name: vpcaccess
9 iam_type: role
10 state: present
11
12 - name: sg vpcaccess
13 ec2_group:
14 vpc_id: "{{ vpc.vpc.id }}"
15 region: "{{ vpc_region }}"
16 state: present
17 name: vpcaccess
18 description: "vpcaccess rules"
19 purge_rules: false
20 rules:
21 - proto: all
22 cidr_ip: "{{ vpc.vpc.cidr_block }}"
23 rules_egress:
24 - proto: all
25 cidr_ip: 0.0.0.0/0
26 register: sg_vpcaccess
27
28 - name: vpcaccess lc
29 ec2_lc:
30 region: "{{ vpc_region }}"
31 name: vpcaccess-0000
32 image_id: "{{ DEFAULT_AMI }}"
33 key_name: "{{ MANAGEMENT_KEY_NAME }}"
34 instance_profile_name: vpcaccess
35 security_groups:
36 - "{{ sg_vpcaccess.group_id }}"
37 - "{{ sg_ssh.group_id }}"
38 instance_type: m4.large
39 volumes:
40 # setting the root volume seems to prevent instances from launching
41 # - device_name: /dev/sda1
42 # volume_size: 8
43 # volume_type: gp2
44 # delete_on_termination: true
45 - device_name: /dev/sdb
46 ephemeral: ephemeral0
47 - device_name: /dev/sdc
48 ephemeral: ephemeral1
49 - device_name: /dev/sdd
50 ephemeral: ephemeral2
51 - device_name: /dev/sde
52 ephemeral: ephemeral3
53 register: vpcaccess_lc
54
55 - name: suss out our subnets
56 ec2_vpc_subnet_facts:
57 region: "{{ vpc_region }}"
58 filters:
59 vpc_id: "{{ vpc.vpc.id }}"
60 "tag:zone": pub
61 register: public_subnet_ids
62
63 - debug:
64 var: public_subnet_ids
65
66 - name: vpcaccess asg
67 ec2_asg:
68 region: "{{ vpc_region }}"
69 name: vpcaccess
70 min_size: 1
71 max_size: 1
72 desired_capacity: 1
73 default_cooldown: 10
74 vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
75 launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
76 notification_topic: "{{ management_topic.sns_arn }}"
77 notification_types:
78 - autoscaling:EC2_INSTANCE_LAUNCH
79 load_balancers:
80 tags:
81 - account: "{{ ACCT_NAME }}"
82 propagate_at_launch: yes
83 - module: vpcaccess
84 propagate_at_launch: yes
85 - stack: ""
86 propagate_at_launch: yes
87 - country: ""
88 propagate_at_launch: yes
89 - phase: dev
90 propagate_at_launch: yes
91
92 - name: not implemented yet
93 debug:
94 msg: |
95 attach policies to iam role