From 450b1cd04ce7a03f1133a970f43d8638d75cdb1a Mon Sep 17 00:00:00 2001 From: vorkos Date: Fri, 6 Jul 2018 10:56:00 +0300 Subject: [PATCH 1/2] fix indent --- tasks/main.yml | 150 +++++++++++++++++++++++++------------------------ 1 file changed, 77 insertions(+), 73 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 4aff548..e35e8dc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,79 +1,83 @@ --- # tasks file for ansible-aws-vpc - - - name: Create project VPC - ec2_vpc_net: - name: "{{ vpc.aws_vpc_name }}" - cidr_block: "{{ vpc.aws_vpc_cidrblock }}" - region: "{{ vpc.aws_vpc_region }}" - tenancy: default - state: present - register: vpc_result - tags: - - vpc +- name: Create project VPC + ec2_vpc_net: + name: "{{ vpc.aws_vpc_name }}" + cidr_block: "{{ vpc.aws_vpc_cidrblock }}" + region: "{{ vpc.aws_vpc_region }}" + tenancy: default + state: present + register: vpc_result + tags: + - vpc - - name: Create subnet - ec2_vpc_subnet: - region: "{{ vpc.aws_vpc_region }}" - state: present - vpc_id: "{{ vpc_result.vpc.id }}" - az: "{{ item.name }}" - cidr: "{{ item.value }}" - map_public: true - resource_tags: - Name: "Subnet {{ item.tag }}" - with_items: - - { name: "{{ vpc.aws_vpc_az_a }}", value: "{{ vpc.aws_vpc_subnet_az_a }}", tag: "{{ vpc.aws_vpc_subnet_az_a }}" } - - { name: "{{ vpc.aws_vpc_az_b }}", value: "{{ vpc.aws_vpc_subnet_az_b }}", tag: "{{ vpc.aws_vpc_subnet_az_b }}" } - - { name: "{{ vpc.aws_vpc_az_c }}", value: "{{ vpc.aws_vpc_subnet_az_c }}", tag: "{{ vpc.aws_vpc_subnet_az_c }}" } - register: subnet_result - tags: - - subnet +- name: Create subnet + ec2_vpc_subnet: + region: "{{ vpc.aws_vpc_region }}" + state: present + vpc_id: "{{ vpc_result.vpc.id }}" + az: "{{ item.name }}" + cidr: "{{ item.value }}" + map_public: true + resource_tags: + Name: "Subnet {{ item.tag }}" + with_items: + - { name: "{{ vpc.aws_vpc_az_a }}", value: "{{ vpc.aws_vpc_subnet_az_a }}", tag: "{{ vpc.aws_vpc_subnet_az_a }}" } + - { name: "{{ vpc.aws_vpc_az_b }}", value: "{{ vpc.aws_vpc_subnet_az_b }}", tag: "{{ vpc.aws_vpc_subnet_az_b }}" } + - { name: "{{ vpc.aws_vpc_az_c }}", value: "{{ vpc.aws_vpc_subnet_az_c }}", tag: "{{ vpc.aws_vpc_subnet_az_c }}" } + register: subnet_result + tags: + - subnet + +- name: Create igw + ec2_vpc_igw: + region: "{{ vpc.aws_vpc_region }}" + vpc_id: "{{ vpc_result.vpc.id }}" + state: present + register: igw_result + tags: + - igw - - name: Create igw - ec2_vpc_igw: - region: "{{ vpc.aws_vpc_region }}" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - register: igw_result - tags: - - igw +- name: Setup subnet route table + ec2_vpc_route_table: + vpc_id: "{{ vpc_result.vpc.id }}" + region: "{{ vpc.aws_vpc_region }}" + tags: + Name: Public + subnets: + - "{{ vpc.aws_vpc_subnet_az_a }}" + - "{{ vpc.aws_vpc_subnet_az_b }}" + - "{{ vpc.aws_vpc_subnet_az_c }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ igw_result.gateway_id }}" + register: rt_result + tags: + - rt - - name: Setup subnet route table - ec2_vpc_route_table: - vpc_id: "{{ vpc_result.vpc.id }}" - region: "{{ vpc.aws_vpc_region }}" - tags: - Name: Public - subnets: - - "{{ vpc.aws_vpc_subnet_az_a }}" - - "{{ vpc.aws_vpc_subnet_az_b }}" - - "{{ vpc.aws_vpc_subnet_az_c }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: "{{ igw_result.gateway_id }}" - register: rt_result - tags: - - rt +- name: Set vpc_id + set_fact: + vpc_id: "{{ vpc_result.vpc.id }}" - - name: Default SG for prod subnet - ec2_group: - name: Prod - description: an prod EC2 group - vpc_id: "{{ vpc_result.vpc.id }}" - region: "{{ vpc.aws_vpc_region }}" - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 443 - to_port: 443 - cidr_ip: 0.0.0.0/0 - - proto: all - cidr_ip: "{{ vpc.aws_vpc_cidrblock }}" +- name: Default SG for prod subnet + ec2_group: + name: "{{ vpc.sg }}" + description: an prod EC2 group + vpc_id: "{{ vpc_result.vpc.id }}" + region: "{{ vpc.aws_vpc_region }}" + rules: + - proto: tcp + from_port: 80 + to_port: 80 + cidr_ip: 0.0.0.0/0 + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + - proto: tcp + from_port: 443 + to_port: 443 + cidr_ip: 0.0.0.0/0 + - proto: all + cidr_ip: "{{ vpc.aws_vpc_cidrblock }}" + register: secgrp \ No newline at end of file From b451c9bf7f1fc7ab42cb7e0ed4d0957c2c2c23fb Mon Sep 17 00:00:00 2001 From: vorkos Date: Wed, 18 Jul 2018 16:55:41 +0300 Subject: [PATCH 2/2] aws_access_key: "{{ ec2_access_key }}" aws_secret_key: "{{ ec2_secret_key }}" adde to keep credentials in vault --- tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index e35e8dc..f7e8934 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,8 @@ # tasks file for ansible-aws-vpc - name: Create project VPC ec2_vpc_net: + aws_access_key: "{{ ec2_access_key }}" + aws_secret_key: "{{ ec2_secret_key }}" name: "{{ vpc.aws_vpc_name }}" cidr_block: "{{ vpc.aws_vpc_cidrblock }}" region: "{{ vpc.aws_vpc_region }}" @@ -13,6 +15,8 @@ - name: Create subnet ec2_vpc_subnet: + aws_access_key: "{{ ec2_access_key }}" + aws_secret_key: "{{ ec2_secret_key }}" region: "{{ vpc.aws_vpc_region }}" state: present vpc_id: "{{ vpc_result.vpc.id }}" @@ -32,6 +36,8 @@ - name: Create igw ec2_vpc_igw: region: "{{ vpc.aws_vpc_region }}" + aws_access_key: "{{ ec2_access_key }}" + aws_secret_key: "{{ ec2_secret_key }}" vpc_id: "{{ vpc_result.vpc.id }}" state: present register: igw_result @@ -40,6 +46,8 @@ - name: Setup subnet route table ec2_vpc_route_table: + aws_access_key: "{{ ec2_access_key }}" + aws_secret_key: "{{ ec2_secret_key }}" vpc_id: "{{ vpc_result.vpc.id }}" region: "{{ vpc.aws_vpc_region }}" tags: @@ -62,6 +70,8 @@ - name: Default SG for prod subnet ec2_group: name: "{{ vpc.sg }}" + aws_access_key: "{{ ec2_access_key }}" + aws_secret_key: "{{ ec2_secret_key }}" description: an prod EC2 group vpc_id: "{{ vpc_result.vpc.id }}" region: "{{ vpc.aws_vpc_region }}" @@ -80,4 +90,4 @@ cidr_ip: 0.0.0.0/0 - proto: all cidr_ip: "{{ vpc.aws_vpc_cidrblock }}" - register: secgrp \ No newline at end of file + register: secgrp