--- - assert: that: tags: ['check_vars'] - name: vpcaccess iam iam: name: vpcaccess iam_type: role state: present - name: sg vpcaccess ec2_group: vpc_id: "{{ vpc.vpc.id }}" region: "{{ vpc_region }}" state: present name: vpcaccess description: "vpcaccess rules" purge_rules: false rules: rules_egress: - proto: all cidr_ip: 0.0.0.0/0 register: sg_vpcaccess - name: vpcaccess lc ec2_lc: region: "{{ vpc_region }}" name: vpcaccess-0000 image_id: "{{ DEFAULT_AMI }}" key_name: "{{ MANAGEMENT_KEY_NAME }}" instance_profile_name: vpcaccess security_groups: - "{{ sg_vpcaccess.group_id }}" - "{{ sg_ssh.group_id }}" instance_type: m4.large volumes: # setting the root volume seems to prevent instances from launching # - device_name: /dev/sda1 # volume_size: 8 # volume_type: gp2 # delete_on_termination: true - device_name: /dev/sdb ephemeral: ephemeral0 - device_name: /dev/sdc ephemeral: ephemeral1 - device_name: /dev/sdd ephemeral: ephemeral2 - device_name: /dev/sde ephemeral: ephemeral3 register: vpcaccess_lc - name: suss out our subnets ec2_vpc_subnet_facts: region: "{{ vpc_region }}" filters: vpc_id: "{{ vpc.vpc.id }}" "tag:zone": pub register: public_subnet_ids - debug: var: public_subnet_ids - name: vpcaccess asg ec2_asg: region: "{{ vpc_region }}" name: vpcaccess min_size: 1 max_size: 1 desired_capacity: 1 default_cooldown: 10 vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}" launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}" notification_topic: "{{ management_topic.sns_arn }}" notification_types: - autoscaling:EC2_INSTANCE_LAUNCH load_balancers: tags: - account: "{{ ACCT_NAME }}" propagate_at_launch: yes - module: vpcaccess propagate_at_launch: yes - stack: "" propagate_at_launch: yes - country: "" propagate_at_launch: yes - phase: dev propagate_at_launch: yes - name: not implemented yet debug: msg: | attach policies to iam role