From: Justin Wind Date: Tue, 7 Mar 2017 23:03:40 +0000 (-0800) Subject: add initial vpc buildout role X-Git-Url: http://git.squeep.com/?p=awsible;a=commitdiff_plain;h=8340a2a2e78ba728ab0aa82973477bb9d8e38c40 add initial vpc buildout role --- diff --git a/roles/aws-vpc/tasks/main.yml b/roles/aws-vpc/tasks/main.yml new file mode 100644 index 0000000..26a75ae --- /dev/null +++ b/roles/aws-vpc/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: VPC + ec2_vpc_net: + state: present + name: "{{ vpc_name }}" + cidr_block: "{{ vpc_cidr }}" + region: "{{ vpc_region }}" + register: vpc + +- name: IGW + ec2_vpc_igw: + state: present + vpc_id: "{{ vpc.vpc.id }}" + region: "{{ vpc_region }}" + register: igw + +- name: Name IGW + ec2_tag: + state: present + resource: "{{ igw.gateway_id }}" + region: "{{ vpc_region }}" + tags: + Name: "igw-{{ vpc_region }}" + +- name: Subnets + with_items: "{{ subnets_pub + subnets_priv }}" + ec2_vpc_subnet: + state: present + vpc_id: "{{ vpc.vpc.id }}" + region: "{{ vpc_region }}" + cidr: "{{ item.cidr }}" + az: "{{ item.az }}" + tags: "{{ item.resource_tags }}" + +- name: Access/NAT EIP + ec2_eip: + in_vpc: yes + region: "{{ vpc_region }}" + reuse_existing_ip_allowed: yes + register: access_eip + +- name: Private route table + ec2_vpc_route_table: + state: present + vpc_id: "{{ vpc.vpc.id }}" + region: "{{ vpc_region }}" + tags: + Name: "Private-Routes-vpc-{{ vpc_region }}" + zone: priv + managed: 'yes' + subnets: "{{ subnets_priv|map(attribute='cidr')|list }}" + register: private_rt + +- name: Public route table + ec2_vpc_route_table: + state: present + vpc_id: "{{ vpc.vpc.id }}" + region: "{{ vpc_region }}" + tags: + Name: "Public-Routes-vpc-{{ vpc_region }}" + zone: pub + managed: 'no' + subnets: "{{ subnets_pub|map(attribute='cidr')|list }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ igw.gateway_id }}" + register: public_rt + +- name: not implemented yet + debug: + msg: | + Change pub-subnets to auto-assign external IPs