git.squeep.com Git - awsible/blob - roles/vpcaccess-infrastructure/tasks/main.yml

   1 ---
   2 - assert:
   3     that:
   4   tags: ['check_vars']
   5
   6 - name: vpcaccess iam
   7   iam:
   8     name: vpcaccess
   9     iam_type: role
  10     state: present
  11
  12 - name: sg vpcaccess
  13   ec2_group:
  14     vpc_id: "{{ vpc.vpc.id }}"
  15     region: "{{ vpc_region }}"
  16     state: present
  17     name: vpcaccess
  18     description: "vpcaccess rules"
  19     purge_rules: false
  20     rules:
  21     rules_egress:
  22     - proto: all
  23       cidr_ip: 0.0.0.0/0
  24   register: sg_vpcaccess
  25
  26 - name: vpcaccess lc
  27   ec2_lc:
  28     region: "{{ vpc_region }}"
  29     name: vpcaccess-0000
  30     image_id: "{{ DEFAULT_AMI }}"
  31     key_name: "{{ MANAGEMENT_KEY_NAME }}"
  32     instance_profile_name: vpcaccess
  33     security_groups:
  34       - "{{ sg_vpcaccess.group_id }}"
  35       - "{{ sg_ssh.group_id }}"
  36     instance_type: m4.large
  37     volumes:
  38 # setting the root volume seems to prevent instances from launching
  39 #    - device_name: /dev/sda1
  40 #      volume_size: 8
  41 #      volume_type: gp2
  42 #      delete_on_termination: true
  43     - device_name: /dev/sdb
  44       ephemeral: ephemeral0
  45     - device_name: /dev/sdc
  46       ephemeral: ephemeral1
  47     - device_name: /dev/sdd
  48       ephemeral: ephemeral2
  49     - device_name: /dev/sde
  50       ephemeral: ephemeral3
  51   register: vpcaccess_lc
  52
  53 - name: suss out our subnets
  54   ec2_vpc_subnet_facts:
  55     region: "{{ vpc_region }}"
  56     filters:
  57       vpc_id: "{{ vpc.vpc.id }}"
  58       "tag:zone": pub
  59   register: public_subnet_ids
  60
  61 - debug:
  62     var: public_subnet_ids
  63
  64 - name: vpcaccess asg
  65   ec2_asg:
  66     region: "{{ vpc_region }}"
  67     name: vpcaccess
  68     min_size: 1
  69     max_size: 1
  70     desired_capacity: 1
  71     default_cooldown: 10
  72     vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
  73     launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
  74     notification_topic: "{{ management_topic.sns_arn }}"
  75     notification_types:
  76     - autoscaling:EC2_INSTANCE_LAUNCH
  77     load_balancers:
  78     tags:
  79     - account: "{{ ACCT_NAME }}"
  80       propagate_at_launch: yes
  81     - module: vpcaccess
  82       propagate_at_launch: yes
  83     - stack: ""
  84       propagate_at_launch: yes
  85     - country: ""
  86       propagate_at_launch: yes
  87     - phase: dev
  88       propagate_at_launch: yes
  89
  90 - name: not implemented yet
  91   debug:
  92     msg: |
  93       attach policies to iam role