that:
tags: ['check_vars']
-- name: vpcaccess iam
- iam:
- name: vpcaccess
- iam_type: role
- state: present
-
-- name: sg vpcaccess
- ec2_group:
- vpc_id: "{{ vpc.vpc.id }}"
- region: "{{ vpc_region }}"
- state: present
- name: vpcaccess
- description: "vpcaccess rules"
- purge_rules: false
- rules:
- rules_egress:
+- include_role:
+ name: module-aws-stack
+ vars:
+ sg_rules:
- proto: all
+ from_port: -1
+ to_port: -1
+ cidr_ip: "{{ vpc.vpc.cidr_block }}"
+ - proto: tcp
+ from_port: 1195
+ to_port: 1195
cidr_ip: 0.0.0.0/0
- register: sg_vpcaccess
-
-- name: vpcaccess lc
- ec2_lc:
- region: "{{ vpc_region }}"
- name: vpcaccess-0000
- image_id: "{{ DEFAULT_AMI }}"
- key_name: "{{ MANAGEMENT_KEY_NAME }}"
- instance_profile_name: vpcaccess
- security_groups:
- - "{{ sg_vpcaccess.group_id }}"
- - "{{ sg_ssh.group_id }}"
- instance_type: m4.large
- volumes:
-# setting the root volume seems to prevent instances from launching
-# - device_name: /dev/sda1
-# volume_size: 8
-# volume_type: gp2
-# delete_on_termination: true
- - device_name: /dev/sdb
- ephemeral: ephemeral0
- - device_name: /dev/sdc
- ephemeral: ephemeral1
- - device_name: /dev/sdd
- ephemeral: ephemeral2
- - device_name: /dev/sde
- ephemeral: ephemeral3
- register: vpcaccess_lc
-
-- name: suss out our subnets
- ec2_vpc_subnet_facts:
- region: "{{ vpc_region }}"
- filters:
- vpc_id: "{{ vpc.vpc.id }}"
- "tag:zone": pub
- register: public_subnet_ids
-
-- debug:
- var: public_subnet_ids
-
-- name: vpcaccess asg
- ec2_asg:
- region: "{{ vpc_region }}"
- name: vpcaccess
+ - proto: udp
+ from_port: 1194
+ to_port: 1194
+ cidr_ip: 0.0.0.0/0
+ elb_type: internal
+ elb_rules:
+ - proto: tcp
+ from_port: 22
+ to_port: 22
+ cidr_ip: 0.0.0.0/0
+ elb_listeners:
+ - protocol: tcp
+ load_balancer_port: 22
+ instance_port: 22
+ elb_healthcheck:
+ ping_protocol: tcp
+ ping_port: 22
+ response_timeout: 5
+ interval: 30
+ unhealthy_threshold: 2
+ healthy_threshold: 2
min_size: 1
max_size: 1
- desired_capacity: 1
- default_cooldown: 10
- vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
- launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
- notification_topic: "{{ management_topic.sns_arn }}"
- notification_types:
- - autoscaling:EC2_INSTANCE_LAUNCH
- load_balancers:
- tags:
- - account: "{{ ACCT_NAME }}"
- propagate_at_launch: yes
- - module: vpcaccess
- propagate_at_launch: yes
- - stack: ""
- propagate_at_launch: yes
- - country: ""
- propagate_at_launch: yes
- - phase: dev
- propagate_at_launch: yes
- name: not implemented yet
debug: