ITBlogger · June 3, 2018 02:55
diff --git a/aws_dev_var_sample b/aws_dev_var_sample
 ---
 asg_extra_tags:
  - asg_extra:
    - system: product1
    - billing: Account1

 elb_group_rules:
  - rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: 0.0.0.0/0

 instance_group_rules:
  - rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: "0.0.0.0/0"
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: "0.0.0.0/0"

 elb_listeners:
  - listeners:
    - protocol: http
      load_balancer_port: 80
      instance_port: 80
diff --git a/aws_playbook_sample b/aws_playbook_sample
 ---
 - hosts: localhost
  connection: local
  gather_facts: false
  any_errors_fatal: true

  vars:
    branch: 'dev'
    commit: 'some-random-git-commit-ref'
    dmza_subnet_id: 'dmza_subnet_id'
    dmzb_subnet_id: 'dmzb_subnet_id'
    dmzc_subnet_id: 'dmzc_subnet_id'
    env: 'dev'
    health_check_type: 'ELB'
    image_owner: '099720109477'
    merged_tags: {}
    owner: 'our-company'
    region: 'us-west-1'
    replace_all_instances: yes
    scheme: 'internet-facing'
    service: 'microservice1'
    vpc_id: 'our-vpc-1'
    wait_for_instances: true

  pre_tasks:
    - name: check for env
      local_action: stat path=/{{ playbook_dir }}/group_vars/aws_dev_var_sample
      become: False
      register: env_vars

    - name: include env vars locally
      include_vars:
        file: '{{ playbook_dir }}/group_vars/aws_dev_var_sample'
      become: False
      when: env_vars.stat.exists

  roles:
    - asg-provision
diff --git a/aws_role_sample b/aws_role_sample
 ---
  - name: stat service environment vars
    stat: path='{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
    register: service_vars

  - name: include service vars
    include_vars: '{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
    when: service_vars.stat.exists == true

  - name: find latest ami
    ec2_ami_find:
      owner: self
      region: '{{ region }}'
      ami_tags:
        Service: '{{ service }}'
        Env: '{{ env }}'
        Branch: '{{ branch }}'
        Commit: '{{ commit }}'
      sort: name
      sort_order: descending
      sort_end: 1
      no_result_action: fail
    register: ami_find

  - debug: var=ami_find.results

  # Native tags are for all below resources that use tags
  # Tags specific to ASGs
  - name: create native_tags and asg_native_tags fact
    set_fact:
      native_tags:
        - Name: '{{ env }}_{{ service }}'
        - Service: '{{ service }}'
        - Environment: '{{ env }}'
        - Branch: '{{ branch }}'
        - Commit: '{{ commit }}'
      asg_native_tags:
        - ELB: '{{ env }}-{{ service }}ELB'
        - LC: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'

  - name: change native_tags list to dict
    set_fact:
      merged_tags: '{{ merged_tags | combine( item ) }}'
    with_items: '{{ native_tags }}'

  - name: change native_tags list to dict debug
    debug: var=merged_tags

  - name: merge non-asg and asg extra tags when extra tags are defined
    set_fact:
      merged_tags: '{{ merged_tags | combine( item.asg_extra ) }}'
    with_items: '{{ asg_extra_tags }}'
    when: asg_extra_tags is defined

  - name: merge non-asg and asg extra tags when extra tags are defined debug
    debug: var=merged_tags

  - name: create asg_extra_tags fact from variable
    set_fact:
      asg_extra_tags: '{{ item.asg_extra }}'
    with_items: '{{ asg_extra_tags | default([]) }}'

  - name: merge non-asg and asg tag facts when extra tags are defined
    set_fact:
      merged_asg_tags: '{{ native_tags }} + {{ asg_native_tags }} + {{ asg_extra_tags }}'
    when: asg_extra_tags is defined

  - name: set asg_native_tags as merged asg tags when extra tags are undefined
    set_fact:
      merged_asg_tags: '{{ asg_native_tags }}'
    when: asg_extra_tags is undefined

  - name: find dmz subnets
    ec2_vpc_subnet_facts:
      filters:
        'tag:Tier': dmz
    register: dmz_subnets

  - name: find private subnets
    ec2_vpc_subnet_facts:
      filters:
        'tag:Tier': private
    register: private_subnets

  - debug: msg="{{ dmz_subnets.subnets | map(attribute='id') | list }}"
  - debug: msg="{{ private_subnets.subnets | map(attribute='id') | list }}"

  - name: create ELB security_group
    ec2_group:
      state: present
      name: '{{ env }}_{{ service }}_ELBSG'
      description: 'SG for {{ env }} {{ service }} ELB'
      region: '{{ region }}'
      vpc_id: '{{ vpc_id }}'
      rules: '{{ item.rules }}'
      rules_egress:
        - proto: all
          from_port: -1
          to_port: -1
          cidr_ip: 0.0.0.0/0
      tags: '{{ merged_tags }}'
    with_items: '{{ elb_group_rules }}'
    register: elb_sg_out

  - name: create instance security_group
    ec2_group:
      state: present
      name: '{{ env }}_{{ service }}_SG'
      description: 'SG for {{ env }} {{ service }} Instances'
      region: '{{ region }}'
      vpc_id: '{{ vpc_id }}'
      rules: '{{ item.rules }}'
      rules_egress:
        - proto: all
          from_port: -1
          to_port: -1
          cidr_ip: 0.0.0.0/0
      tags: '{{ merged_tags }}'
    with_items: '{{ instance_group_rules }}'
    register: instance_sg_out

  - name: create private ELB
    ec2_elb_lb:
      name: '{{ env }}-{{ service }}ELB'
      state: present
      security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
      subnets: "{{ private_subnets.subnets | map(attribute='id') | list }}"
      listeners: '{{ item.listeners }}'
      health_check: '{{ health_check }}'
      cross_az_load_balancing: yes
      scheme: '{{ elb_scheme }}'
      tags: '{{ merged_tags }}'
    with_items: '{{ elb_listeners }}'
    when: elb_scheme == 'internal'
    register: elb_out

  - name: create public ELB
    ec2_elb_lb:
      name: '{{ env }}-{{ service }}ELB'
      state: present
      security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
      subnets: "{{ dmz_subnets.subnets | map(attribute='id') | list }}"
      listeners: '{{ item.listeners }}'
      health_check: '{{ health_check }}'
      cross_az_load_balancing: yes
      scheme: '{{ elb_scheme }}'
      tags: '{{ merged_tags }}'
    with_items: '{{ elb_listeners }}'
    when: elb_scheme == 'internet-facing'
    register: elb_out

  - name: create launch config with {{ ami_find.results[0].ami_id }}
    ec2_lc:
      name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
      image_id: '{{ ami_find.results[0].ami_id }}'
      key_name: '{{ env }}'
      security_groups: '{{ instance_sg_out.results.0.group_id }}'
      instance_type: '{{ instance_type }}'
      region: '{{ region }}'
      state: present
      instance_monitoring: '{{ instance_monitoring }}'
      instance_profile_name: '{{ iam_role }}'
    register: lc_out
    tags: '{{ service }}'

  - name: Create ASG with {{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}
    ec2_asg:
      name: '{{ env }}_{{ service }}ASG'
      launch_config_name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
      health_check_period: '{{ health_check_period }}'
      health_check_type: '{{ health_check_type }}'
      min_size: '{{ min_size }}'
      max_size: '{{ max_size }}'
      desired_capacity: '{{ desired_capacity }}'
      region: '{{ region }}'
      load_balancers:
        - '{{ env }}-{{ service }}ELB'
      replace_all_instances: '{{ replace_all_instances }}'
      replace_batch_size: '{{ min_size }}'
      wait_for_instances: '{{ wait_for_instances }}'
      wait_timeout: '{{ wait_timeout }}'
      tags: '{{ merged_asg_tags }}'
      vpc_zone_identifier: "{{ private_subnets.subnets | map(attribute='id') | list }}"
    register:  asg_out
    tags: '{{ service }}'
	---
	asg_extra_tags:
	- asg_extra:
	- system: product1
	- billing: Account1

	elb_group_rules:
	- rules:
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: 0.0.0.0/0

	instance_group_rules:
	- rules:
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: "0.0.0.0/0"
	- proto: tcp
	from_port: 22
	to_port: 22
	cidr_ip: "0.0.0.0/0"

	elb_listeners:
	- listeners:
	- protocol: http
	load_balancer_port: 80
	instance_port: 80
	---
	- hosts: localhost
	connection: local
	gather_facts: false
	any_errors_fatal: true

	vars:
	branch: 'dev'
	commit: 'some-random-git-commit-ref'
	dmza_subnet_id: 'dmza_subnet_id'
	dmzb_subnet_id: 'dmzb_subnet_id'
	dmzc_subnet_id: 'dmzc_subnet_id'
	env: 'dev'
	health_check_type: 'ELB'
	image_owner: '099720109477'
	merged_tags: {}
	owner: 'our-company'
	region: 'us-west-1'
	replace_all_instances: yes
	scheme: 'internet-facing'
	service: 'microservice1'
	vpc_id: 'our-vpc-1'
	wait_for_instances: true

	pre_tasks:
	- name: check for env
	local_action: stat path=/{{ playbook_dir }}/group_vars/aws_dev_var_sample
	become: False
	register: env_vars

	- name: include env vars locally
	include_vars:
	file: '{{ playbook_dir }}/group_vars/aws_dev_var_sample'
	become: False
	when: env_vars.stat.exists

	roles:
	- asg-provision
	---
	- name: stat service environment vars
	stat: path='{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
	register: service_vars

	- name: include service vars
	include_vars: '{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
	when: service_vars.stat.exists == true

	- name: find latest ami
	ec2_ami_find:
	owner: self
	region: '{{ region }}'
	ami_tags:
	Service: '{{ service }}'
	Env: '{{ env }}'
	Branch: '{{ branch }}'
	Commit: '{{ commit }}'
	sort: name
	sort_order: descending
	sort_end: 1
	no_result_action: fail
	register: ami_find

	- debug: var=ami_find.results

	# Native tags are for all below resources that use tags
	# Tags specific to ASGs
	- name: create native_tags and asg_native_tags fact
	set_fact:
	native_tags:
	- Name: '{{ env }}_{{ service }}'
	- Service: '{{ service }}'
	- Environment: '{{ env }}'
	- Branch: '{{ branch }}'
	- Commit: '{{ commit }}'
	asg_native_tags:
	- ELB: '{{ env }}-{{ service }}ELB'
	- LC: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'

	- name: change native_tags list to dict
	set_fact:
	merged_tags: '{{ merged_tags \| combine( item ) }}'
	with_items: '{{ native_tags }}'

	- name: change native_tags list to dict debug
	debug: var=merged_tags

	- name: merge non-asg and asg extra tags when extra tags are defined
	set_fact:
	merged_tags: '{{ merged_tags \| combine( item.asg_extra ) }}'
	with_items: '{{ asg_extra_tags }}'
	when: asg_extra_tags is defined

	- name: merge non-asg and asg extra tags when extra tags are defined debug
	debug: var=merged_tags

	- name: create asg_extra_tags fact from variable
	set_fact:
	asg_extra_tags: '{{ item.asg_extra }}'
	with_items: '{{ asg_extra_tags \| default([]) }}'

	- name: merge non-asg and asg tag facts when extra tags are defined
	set_fact:
	merged_asg_tags: '{{ native_tags }} + {{ asg_native_tags }} + {{ asg_extra_tags }}'
	when: asg_extra_tags is defined

	- name: set asg_native_tags as merged asg tags when extra tags are undefined
	set_fact:
	merged_asg_tags: '{{ asg_native_tags }}'
	when: asg_extra_tags is undefined

	- name: find dmz subnets
	ec2_vpc_subnet_facts:
	filters:
	'tag:Tier': dmz
	register: dmz_subnets

	- name: find private subnets
	ec2_vpc_subnet_facts:
	filters:
	'tag:Tier': private
	register: private_subnets

	- debug: msg="{{ dmz_subnets.subnets \| map(attribute='id') \| list }}"
	- debug: msg="{{ private_subnets.subnets \| map(attribute='id') \| list }}"

	- name: create ELB security_group
	ec2_group:
	state: present
	name: '{{ env }}_{{ service }}_ELBSG'
	description: 'SG for {{ env }} {{ service }} ELB'
	region: '{{ region }}'
	vpc_id: '{{ vpc_id }}'
	rules: '{{ item.rules }}'
	rules_egress:
	- proto: all
	from_port: -1
	to_port: -1
	cidr_ip: 0.0.0.0/0
	tags: '{{ merged_tags }}'
	with_items: '{{ elb_group_rules }}'
	register: elb_sg_out

	- name: create instance security_group
	ec2_group:
	state: present
	name: '{{ env }}_{{ service }}_SG'
	description: 'SG for {{ env }} {{ service }} Instances'
	region: '{{ region }}'
	vpc_id: '{{ vpc_id }}'
	rules: '{{ item.rules }}'
	rules_egress:
	- proto: all
	from_port: -1
	to_port: -1
	cidr_ip: 0.0.0.0/0
	tags: '{{ merged_tags }}'
	with_items: '{{ instance_group_rules }}'
	register: instance_sg_out

	- name: create private ELB
	ec2_elb_lb:
	name: '{{ env }}-{{ service }}ELB'
	state: present
	security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
	subnets: "{{ private_subnets.subnets \| map(attribute='id') \| list }}"
	listeners: '{{ item.listeners }}'
	health_check: '{{ health_check }}'
	cross_az_load_balancing: yes
	scheme: '{{ elb_scheme }}'
	tags: '{{ merged_tags }}'
	with_items: '{{ elb_listeners }}'
	when: elb_scheme == 'internal'
	register: elb_out

	- name: create public ELB
	ec2_elb_lb:
	name: '{{ env }}-{{ service }}ELB'
	state: present
	security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
	subnets: "{{ dmz_subnets.subnets \| map(attribute='id') \| list }}"
	listeners: '{{ item.listeners }}'
	health_check: '{{ health_check }}'
	cross_az_load_balancing: yes
	scheme: '{{ elb_scheme }}'
	tags: '{{ merged_tags }}'
	with_items: '{{ elb_listeners }}'
	when: elb_scheme == 'internet-facing'
	register: elb_out

	- name: create launch config with {{ ami_find.results[0].ami_id }}
	ec2_lc:
	name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
	image_id: '{{ ami_find.results[0].ami_id }}'
	key_name: '{{ env }}'
	security_groups: '{{ instance_sg_out.results.0.group_id }}'
	instance_type: '{{ instance_type }}'
	region: '{{ region }}'
	state: present
	instance_monitoring: '{{ instance_monitoring }}'
	instance_profile_name: '{{ iam_role }}'
	register: lc_out
	tags: '{{ service }}'

	- name: Create ASG with {{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}
	ec2_asg:
	name: '{{ env }}_{{ service }}ASG'
	launch_config_name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
	health_check_period: '{{ health_check_period }}'
	health_check_type: '{{ health_check_type }}'
	min_size: '{{ min_size }}'
	max_size: '{{ max_size }}'
	desired_capacity: '{{ desired_capacity }}'
	region: '{{ region }}'
	load_balancers:
	- '{{ env }}-{{ service }}ELB'
	replace_all_instances: '{{ replace_all_instances }}'
	replace_batch_size: '{{ min_size }}'
	wait_for_instances: '{{ wait_for_instances }}'
	wait_timeout: '{{ wait_timeout }}'
	tags: '{{ merged_asg_tags }}'
	vpc_zone_identifier: "{{ private_subnets.subnets \| map(attribute='id') \| list }}"
	register: asg_out
	tags: '{{ service }}'