split infrastructure further

[awsible] / roles / common-infrastructure / tasks / main.yml

diff --git a/roles/common-infrastructure/tasks/main.yml b/roles/common-infrastructure/tasks/main.yml
new file mode 100644 (file)
index 0000000..6d40a64
--- /dev/null
+++ b/roles/common-infrastructure/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: sg ssh
+  ec2_group:
+    vpc_id: "{{ vpc.vpc.id }}"
+    region: "{{ vpc_region }}"
+    state: present
+    name: ssh
+    description: "allow ssh from anywhere"
+    purge_rules: false
+    rules:
+    - proto: tcp
+      from_port: 22
+      to_port: 22
+      cidr_ip: 0.0.0.0/0
+    rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+  register: sg_ssh