4 - MANAGEMENT_SUBNET != ''
8 - name: sg management-elb
10 vpc_id: "{{ vpc.vpc.id }}"
11 region: "{{ vpc_region }}"
14 description: "sg for internal elb for monitoring management"
27 vpc_id: "{{ vpc.vpc.id }}"
28 region: "{{ vpc_region }}"
31 description: "sg for management"
35 group_name: management
37 group_name: management-elb
38 register: sg_management
40 - name: elb management-int-elb
42 region: "{{ vpc_region }}"
44 name: management-int-elb
45 cross_az_load_balancing: yes
47 subnets: "{{ MANAGEMENT_SUBNET }}"
52 load_balancer_port: 22
59 unhealthy_threshold: 2
62 - name: management key
64 region: "{{ vpc_region }}"
65 name: "{{ MANAGEMENT_KEY_NAME }}"
66 key_material: "{{ item }}"
67 with_file: keys/{{ MANAGEMENT_KEY_NAME }}.pub
69 - name: management iam
75 # this is only ansible 2.3+
76 # - name: management role policies
81 # - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
82 # - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
84 # will need to rev name-version when changing AMI
87 region: "{{ vpc_region }}"
89 image_id: "{{ DEFAULT_AMI }}"
90 key_name: "{{ MANAGEMENT_KEY_NAME }}"
91 instance_profile_name: management
93 - "{{ sg_management.group_id }}"
94 - "{{ sg_ssh.group_id }}"
95 instance_type: m4.large
97 # setting the root volume seems to prevent instances from launching
98 # - device_name: /dev/sda1
101 # delete_on_termination: true
102 - device_name: /dev/sdb
103 ephemeral: ephemeral0
104 - device_name: /dev/sdc
105 ephemeral: ephemeral1
106 - device_name: /dev/sdd
107 ephemeral: ephemeral2
108 - device_name: /dev/sde
109 ephemeral: ephemeral3
112 - name: management asg
114 region: "{{ vpc_region }}"
120 vpc_zone_identifier: "{{ MANAGEMENT_SUBNET }}"
121 launch_config_name: "{{ mgmt_lc.name|default('checkmode') }}"
122 notification_topic: "{{ management_topic.sns_arn }}"
124 - autoscaling:EC2_INSTANCE_LAUNCH
128 - account: "{{ ACCT_NAME }}"
129 propagate_at_launch: yes
131 propagate_at_launch: yes
133 propagate_at_launch: yes
135 propagate_at_launch: yes
137 propagate_at_launch: yes
139 - name: not implemented yet
142 attach policies to iam role