Starting up a new AWSible environment
-------------------------------------

* create ssh keypair as keys/management{,.pub}

* configure group_vars/all with:
  - ACCT_ID   aws acct id
  - DEFAULT_AMI  ami of amazon linux in chosen region
  - vpc variables

* install managed policies by hand
    for f in roles/aws-infrastructure/files/*-policy.json
    do
        n=$(basename "$f" .json)
        aws --region "{{ vpc_region }}" iam create-policy --policy-name "$n" --description "{{ get this from somewhere }}" --policy-document file://"$f"
    done

* ansible-playbook init_vpc.yml

* add IGW to VPC Main route table

* change pub-subnets to auto-assign external IPs

* configure group_vars/all with chosen MANAGEMENT_SUBNET

* ansible-playbook init_management.yml

* add base and management policies to management IAM role

* create persistant management data volume
    * attach and format
      mkfs -t ext4 -j -m 0 -L /media/data /dev/xvdf
    * add to /etc/fstab
      mkdir /media/data && chown ec2-user:ec2-user /media/data
      LABEL=/media/data /media/data    ext4    defaults 0   2
      mount -a
    * install AWSible repo in /data/management/

* bootstrap management server from external system
    * INVENTORY_PUBLIC=1 ansible-playbook management.yml