--- /dev/null
+---
+- assert:
+ that:
+ tags: ['check_vars']
+
+- name: vpcaccess iam
+ iam:
+ name: vpcaccess
+ iam_type: role
+ state: present
+
+- name: sg vpcaccess
+ ec2_group:
+ vpc_id: "{{ vpc.vpc.id }}"
+ region: "{{ vpc_region }}"
+ state: present
+ name: vpcaccess
+ description: "vpcaccess rules"
+ purge_rules: false
+ rules:
+ rules_egress:
+ - proto: all
+ cidr_ip: 0.0.0.0/0
+ register: sg_vpcaccess
+
+- name: vpcaccess lc
+ ec2_lc:
+ region: "{{ vpc_region }}"
+ name: vpcaccess-0000
+ image_id: "{{ DEFAULT_AMI }}"
+ key_name: "{{ MANAGEMENT_KEY_NAME }}"
+ instance_profile_name: vpcaccess
+ security_groups:
+ - "{{ sg_vpcaccess.group_id }}"
+ - "{{ sg_ssh.group_id }}"
+ instance_type: m4.large
+ volumes:
+# setting the root volume seems to prevent instances from launching
+# - device_name: /dev/sda1
+# volume_size: 8
+# volume_type: gp2
+# delete_on_termination: true
+ - device_name: /dev/sdb
+ ephemeral: ephemeral0
+ - device_name: /dev/sdc
+ ephemeral: ephemeral1
+ - device_name: /dev/sdd
+ ephemeral: ephemeral2
+ - device_name: /dev/sde
+ ephemeral: ephemeral3
+ register: vpcaccess_lc
+
+- name: suss out our subnets
+ ec2_vpc_subnet_facts:
+ region: "{{ vpc_region }}"
+ filters:
+ vpc_id: "{{ vpc.vpc.id }}"
+ "tag:zone": pub
+ register: public_subnet_ids
+
+- debug:
+ var: public_subnet_ids
+
+- name: vpcaccess asg
+ ec2_asg:
+ region: "{{ vpc_region }}"
+ name: vpcaccess
+ min_size: 1
+ max_size: 1
+ desired_capacity: 1
+ default_cooldown: 10
+ vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
+ launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
+ notification_topic: "{{ management_topic.sns_arn }}"
+ notification_types:
+ - autoscaling:EC2_INSTANCE_LAUNCH
+ load_balancers:
+ tags:
+ - account: "{{ ACCT_NAME }}"
+ propagate_at_launch: yes
+ - module: vpcaccess
+ propagate_at_launch: yes
+ - stack: ""
+ propagate_at_launch: yes
+ - country: ""
+ propagate_at_launch: yes
+ - phase: dev
+ propagate_at_launch: yes
+
+- name: not implemented yet
+ debug:
+ msg: |
+ attach policies to iam role
projects / awsible / blobdiff