git.squeep.com Git - awsible/blob - roles/aws-vpc-infrastructure/tasks/main.yml

   1 ---
   2 - assert:
   3     that:
   4     - vpc_region != ''
   5     - vpc_subnets_pub != ''
   6     - vpc_subnets_priv != ''
   7   tags: ['check_vars']
   8
   9 - name: IGW
  10   ec2_vpc_igw:
  11     state: present
  12     vpc_id: "{{ vpc.vpc.id }}"
  13     region: "{{ vpc_region }}"
  14   register: igw
  15
  16 - name: Name IGW
  17   ec2_tag:
  18     state: present
  19     resource: "{{ igw.gateway_id }}"
  20     region: "{{ vpc_region }}"
  21     tags:
  22       Name: "igw-{{ vpc_region }}"
  23
  24 - name: Subnets
  25   with_items: "{{ vpc_subnets_pub + vpc_subnets_priv }}"
  26   ec2_vpc_subnet:
  27     state: present
  28     vpc_id: "{{ vpc.vpc.id }}"
  29     region: "{{ vpc_region }}"
  30     cidr: "{{ item.cidr }}"
  31     az: "{{ item.az }}"
  32     tags: "{{ item.resource_tags }}"
  33
  34 # - name: Access/NAT EIP
  35 #   ec2_eip:
  36 #     in_vpc: yes
  37 #     region: "{{ vpc_region }}"
  38 #     reuse_existing_ip_allowed: yes
  39 #   register: access_eip
  40
  41 # As of ansible 2.2.1.0, it cannot set anything on the main route table
  42 # due to limitations of the underlying boto libarary.
  43 #
  44 # - name: route table facts
  45 #   ec2_vpc_route_table_facts:
  46 #     region: "{{ vpc_region }}"
  47 #     filters:
  48 #       vpc-id: "{{ vpc.vpc.id }}"
  49 #   register: vpc_default_route
  50 #
  51 # - debug:
  52 #     var: vpc_default_route
  53 #
  54 # - name: Main route table
  55 #   ec2_vpc_route_table:
  56 #     state: present
  57 #     vpc_id: "{{ vpc.vpc.id }}"
  58 #     region: "{{ vpc_region }}"
  59 #     lookup: id
  60 #     route_table_id: "{{ vpc_default_route.route_tables[0].id}}"
  61 #     routes:
  62 #     - gateway_id: igw
  63 #   register: main_route
  64 #
  65 # - debug:
  66 #     var: main_route
  67
  68 - name: Private route table
  69   ec2_vpc_route_table:
  70     state: present
  71     vpc_id: "{{ vpc.vpc.id }}"
  72     region: "{{ vpc_region }}"
  73     tags:
  74       Name: "Private-Routes-vpc-{{ vpc_region }}"
  75       zone: priv
  76       managed: 'yes'
  77     subnets: "{{ vpc_subnets_priv|map(attribute='cidr')|list }}"
  78   register: private_rt
  79
  80 # Using Main route table for public subnets, for now.
  81 #
  82 # - name: Public route table
  83 #   ec2_vpc_route_table:
  84 #     state: present
  85 #     vpc_id: "{{ vpc.vpc.id }}"
  86 #     region: "{{ vpc_region }}"
  87 #     tags:
  88 #       Name: "Public-Routes-vpc-{{ vpc_region }}"
  89 #       zone: pub
  90 #       managed: 'no'
  91 #     subnets: "{{ vpc_subnets_pub|map(attribute='cidr')|list }}"
  92 #     routes:
  93 #       - dest: 0.0.0.0/0
  94 #         gateway_id: "{{ igw.gateway_id }}"
  95 #   register: public_rt
  96
  97 - name: not implemented yet
  98   debug:
  99     msg: |
 100       Add IGW to VPC Main route table
 101       Change pub-subnets to auto-assign external IPs