create stacks with more generic role things

[awsible] / roles / vpcaccess-infrastructure / tasks / main.yml

diff --git a/roles/vpcaccess-infrastructure/tasks/main.yml b/roles/vpcaccess-infrastructure/tasks/main.yml
index 3faf612466e8e223505116090de13409bf596c3c..878402e72982bcb0ecc74122cd8bafa6be440c7f 100644 (file)
--- a/roles/vpcaccess-infrastructure/tasks/main.yml
+++ b/roles/vpcaccess-infrastructure/tasks/main.yml
@@ -3,91 +3,32 @@
     that:
   tags: ['check_vars']
 
-- name: vpcaccess iam
-  iam:
-    name: vpcaccess
-    iam_type: role
-    state: present
-
-- name: sg vpcaccess
-  ec2_group:
-    vpc_id: "{{ vpc.vpc.id }}"
-    region: "{{ vpc_region }}"
-    state: present
-    name: vpcaccess
-    description: "vpcaccess rules"
-    purge_rules: false
-    rules:
+- include_role:
+    name: module-aws-stack
+  vars:
+    sg_rules:
     - proto: all
+      from_port: -1
+      to_port: -1
       cidr_ip: "{{ vpc.vpc.cidr_block }}"
-    rules_egress:
-    - proto: all
+    elb_type: internal
+    elb_rules:
+    - proto: tcp
+      from_port: 22
+      to_port: 22
       cidr_ip: 0.0.0.0/0
-  register: sg_vpcaccess
-
-- name: vpcaccess lc
-  ec2_lc:
-    region: "{{ vpc_region }}"
-    name: vpcaccess-0000
-    image_id: "{{ DEFAULT_AMI }}"
-    key_name: "{{ MANAGEMENT_KEY_NAME }}"
-    instance_profile_name: vpcaccess
-    security_groups:
-      - "{{ sg_vpcaccess.group_id }}"
-      - "{{ sg_ssh.group_id }}"
-    instance_type: m4.large
-    volumes:
-# setting the root volume seems to prevent instances from launching
-#    - device_name: /dev/sda1
-#      volume_size: 8
-#      volume_type: gp2
-#      delete_on_termination: true
-    - device_name: /dev/sdb
-      ephemeral: ephemeral0
-    - device_name: /dev/sdc
-      ephemeral: ephemeral1
-    - device_name: /dev/sdd
-      ephemeral: ephemeral2
-    - device_name: /dev/sde
-      ephemeral: ephemeral3
-  register: vpcaccess_lc
-
-- name: suss out our subnets
-  ec2_vpc_subnet_facts:
-    region: "{{ vpc_region }}"
-    filters:
-      vpc_id: "{{ vpc.vpc.id }}"
-      "tag:zone": pub
-  register: public_subnet_ids
-
-- debug:
-    var: public_subnet_ids
-
-- name: vpcaccess asg
-  ec2_asg:
-    region: "{{ vpc_region }}"
-    name: vpcaccess
-    min_size: 1
+    elb_listeners:
+    - protocol: tcp
+      load_balancer_port: 22
+      instance_port: 22
+    elb_healthcheck:
+      ping_protocol: tcp
+      ping_port: 22
+      response_timeout: 5
+      interval: 30
+      unhealthy_threshold: 2
+      healthy_threshold: 2
     max_size: 1
-    desired_capacity: 1
-    default_cooldown: 10
-    vpc_zone_identifier: "{{ public_subnet_ids.subnets|map(attribute='id')|list }}"
-    launch_config_name: "{{ vpcaccess_lc.name|default('checkmode') }}"
-    notification_topic: "{{ management_topic.sns_arn }}"
-    notification_types:
-    - autoscaling:EC2_INSTANCE_LAUNCH
-    load_balancers:
-    tags:
-    - account: "{{ ACCT_NAME }}"
-      propagate_at_launch: yes
-    - module: vpcaccess
-      propagate_at_launch: yes
-    - stack: ""
-      propagate_at_launch: yes
-    - country: ""
-      propagate_at_launch: yes
-    - phase: dev
-      propagate_at_launch: yes
 
 - name: not implemented yet
   debug: