4 - MANAGEMENT_EVENT_FAILURE_QUEUE != ''
5 - MANAGEMENT_EVENT_QUEUE != ''
6 - MANAGEMENT_SUBNET != ''
10 - name: Management failure queue.
13 region: "{{ vpc_region }}"
14 name: "{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}"
15 default_visibility_timeout: 30
16 message_retention_period: 1209600
17 maximum_message_size: 262144
19 receive_message_wait_time: 0
20 register: management_failure_queue
22 # as of Ansible 2.2.1.0 sqs_queue does not seem to be returning queue_arn
24 - name: Managment queue.
27 region: "{{ vpc_region }}"
28 name: "{{ MANAGEMENT_EVENT_QUEUE }}"
29 default_visibility_timeout: 30
30 message_retention_period: 345600
31 maximum_message_size: 262144
33 receive_message_wait_time: 20
36 deadLetterTargetArn: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_FAILURE_QUEUE }}"
37 # deadLetterTargetArn: "{{ management_failure_queue.queue_arn }}"
38 register: management_queue
40 - name: Management topic and subscription.
43 region: "{{ vpc_region }}"
44 name: "{{ MANAGEMENT_EVENT_QUEUE }}"
45 display_name: "{{ MANAGEMENT_EVENT_QUEUE_SHORT }}"
46 purge_subscriptions: False
48 # - endpoint: "{{ management_queue.queue_arn }}"
49 - endpoint: "arn:aws:sqs:{{ vpc_region }}:{{ ACCT_ID }}:{{ MANAGEMENT_EVENT_QUEUE }}"
51 register: management_topic
53 - name: Management notice topic
56 region: "{{ vpc_region }}"
57 name: "{{ MANAGEMENT_NOTICE_TOPIC }}"
58 display_name: "{{ MANAGEMENT_NOTICE_TOPIC_SHORT }}"
59 purge_subscriptions: False
60 register: management_notice_topic
62 - name: Management backup bucket
63 when: MANAGEMENT_BACKUP_S3_BUCKET is defined
66 name: "{{ MANAGEMENT_BACKUP_S3_BUCKET }}"
70 vpc_id: "{{ vpc.vpc.id }}"
71 region: "{{ vpc_region }}"
74 description: "allow ssh from anywhere"
86 - name: sg management-elb
88 vpc_id: "{{ vpc.vpc.id }}"
89 region: "{{ vpc_region }}"
92 description: "sg for internal elb for monitoring management"
103 - name: sg management
105 vpc_id: "{{ vpc.vpc.id }}"
106 region: "{{ vpc_region }}"
109 description: "sg for management"
113 group_name: management
115 group_name: management-elb
116 register: sg_management
118 - name: elb management-int-elb
120 region: "{{ vpc_region }}"
122 name: management-int-elb
123 cross_az_load_balancing: yes
125 subnets: "{{ MANAGEMENT_SUBNET }}"
126 security_group_names:
130 load_balancer_port: 22
137 unhealthy_threshold: 2
140 - name: management key
142 region: "{{ vpc_region }}"
143 name: "{{ MANAGEMENT_KEY_NAME }}"
144 key_material: "{{ item }}"
145 with_file: keys/{{ MANAGEMENT_KEY_NAME }}.pub
147 - name: management iam
153 # this is only ansible 2.3+
154 # - name: management role policies
159 # - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
160 # - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
162 # will need to rev name-version when changing AMI
163 - name: management lc
165 region: "{{ vpc_region }}"
166 name: management-0000
167 image_id: "{{ DEFAULT_AMI }}"
168 key_name: "{{ MANAGEMENT_KEY_NAME }}"
169 instance_profile_name: management
171 - "{{ sg_management.group_id }}"
172 - "{{ sg_ssh.group_id }}"
173 instance_type: m4.large
175 # setting the root volume seems to prevent instances from launching
176 # - device_name: /dev/sda1
179 # delete_on_termination: true
180 - device_name: /dev/sdb
181 ephemeral: ephemeral0
182 - device_name: /dev/sdc
183 ephemeral: ephemeral1
184 - device_name: /dev/sdd
185 ephemeral: ephemeral2
186 - device_name: /dev/sde
187 ephemeral: ephemeral3
190 - name: management asg
192 region: "{{ vpc_region }}"
198 vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
199 launch_config_name: "{{ mgmt_lc.name }}"
200 notification_topic: "{{ management_topic.sns_arn }}"
202 - autoscaling:EC2_INSTANCE_LAUNCH
207 propagate_at_launch: yes
209 - name: not implemented yet
212 attach policies to iam role
projects / awsible / blob