X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=roles%2Fvpcaccess-infrastructure%2Ftasks%2Fmain.yml;fp=roles%2Fvpcaccess-infrastructure%2Ftasks%2Fmain.yml;h=5149ad0f3c5f4e46f19fdb56145d5bad29fccb94;hb=0c733ff299d246a5e733c5ad4532a2a8d245e429;hp=0000000000000000000000000000000000000000;hpb=3658971fdd29384720c6e44b172fb27d883ae3fe;p=awsible

diff --git a/roles/vpcaccess-infrastructure/tasks/main.yml b/roles/vpcaccess-infrastructure/tasks/main.yml
new file mode 100644
index 0000000..5149ad0
--- /dev/null
+++ b/roles/vpcaccess-infrastructure/tasks/main.yml
@@ -0,0 +1,93 @@
+---
+- assert:
+    that:
+  tags: ['check_vars']
+
+- name: vpcaccess iam
+  iam:
+    name: vpcaccess
+    iam_type: role
+    state: present
+
+- name: sg vpcaccess
+  ec2_group:
+    vpc_id: "{{ vpc.vpc.id }}"
+    region: "{{ vpc_region }}"
+    state: present
+    name: vpcaccess
+    description: "vpcaccess rules"
+    purge_rules: false
+    rules:
+    rules_egress:
+    - proto: all
+      cidr_ip: 0.0.0.0/0
+  register: sg_vpcaccess
+
+- name: vpcaccess lc
+  ec2_lc:
+    region: "{{ vpc_region }}"
+    name: vpcaccess-0000
+    image_id: "{{ DEFAULT_AMI }}"
+    key_name: "{{ MANAGEMENT_KEY_NAME }}"
+    instance_profile_name: vpcaccess
+    security_groups:
+      - "{{ sg_vpcaccess.group_id }}"
+      - "{{ sg_ssh.group_id }}"
+    instance_type: m4.large
+    volumes:
+# setting the root volume seems to prevent instances from launching
+#    - device_name: /dev/sda1
+#      volume_size: 8
+#      volume_type: gp2
+#      delete_on_termination: true
+    - device_name: /dev/sdb
+      ephemeral: ephemeral0
+    - device_name: /dev/sdc
+      ephemeral: ephemeral1
+    - device_name: /dev/sdd
+      ephemeral: ephemeral2
+    - device_name: /dev/sde
+      ephemeral: ephemeral3
+  register: vpcaccess_lc
+
+- name: suss out our subnets
+  ec2_vpc_subnet_facts:
+    region: "{{ vpc_region }}"
+    filters:
+      vpc_id: "{{ vpc.vpc.id }}"
+      "tag:zone": pub
+  register: public_subnet_ids
+
+- debug:
+    var: public_subnet_ids
+
+- name: vpcaccess asg
+  ec2_asg:
+    region: "{{ vpc_region }}"
+    name: vpcaccess
+    min_size: 1
+    max_size: 1
+    desired_capacity: 1
+    default_cooldown: 10
+    vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
+    launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
+    notification_topic: "{{ management_topic.sns_arn }}"
+    notification_types:
+    - autoscaling:EC2_INSTANCE_LAUNCH
+    load_balancers:
+    tags:
+    - account: "{{ ACCT_NAME }}"
+      propagate_at_launch: yes
+    - module: vpcaccess
+      propagate_at_launch: yes
+    - stack: ""
+      propagate_at_launch: yes
+    - country: ""
+      propagate_at_launch: yes
+    - phase: dev
+      propagate_at_launch: yes
+
+- name: not implemented yet
+  debug:
+    msg: |
+      attach policies to iam role