vpc_id: "{{ vpc.vpc.id }}"
region: "{{ vpc_region }}"
state: present
- name: management-elb
+ name: "{{ module }}-elb"
description: "sg for internal elb for monitoring management"
purge_rules: false
rules:
vpc_id: "{{ vpc.vpc.id }}"
region: "{{ vpc_region }}"
state: present
- name: management
+ name: "{{ module }}"
description: "sg for management"
purge_rules: false
rules:
- proto: all
- group_name: management
+ group_name: "{{ module }}"
- proto: all
- group_name: management-elb
+ group_name: "{{ module }}-elb"
register: sg_management
- name: elb management-int-elb
ec2_elb_lb:
region: "{{ vpc_region }}"
state: present
- name: management-int-elb
+ name: "{{ module }}-int-elb"
cross_az_load_balancing: yes
scheme: internal
subnets: "{{ MANAGEMENT_SUBNET }}"
security_group_names:
- - management-elb
+ - "{{ module }}-elb"
listeners:
- protocol: tcp
load_balancer_port: 22
region: "{{ vpc_region }}"
name: "{{ MANAGEMENT_KEY_NAME }}"
key_material: "{{ item }}"
- with_file: keys/{{ MANAGEMENT_KEY_NAME }}.pub
+ with_file: ../keys/{{ MANAGEMENT_KEY_NAME }}.pub
- name: management iam
iam:
- name: management
+ name: "{{ module }}"
iam_type: role
state: present
+ register: role_management
# this is only ansible 2.3+
# - name: management role policies
# - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
# - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
+- debug:
+ msg: "If next step fails, wait a little while and retry."
+
- include_role:
name: launchconfig
vars:
projects / awsible / commitdiff