Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
comanage-registry-training-ansible/vpc.yml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
137 lines (118 sloc)
5.02 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: localhost | |
connection: local | |
gather_facts: False | |
tasks: | |
- name: VPC for COmanage Registry training | |
amazon.aws.ec2_vpc_net: | |
name: comanage_training | |
cidr_block: "{{ vpc_cidr_block }}" | |
region: "{{ comanage_training_region }}" | |
tags: | |
Name: VPC for COmanage Registry training | |
tenancy: default | |
register: comanage_training_vpc | |
# refer to the VPC id using {{ comanage_training_vpc.vpc.id }} | |
- name: List VPC information | |
debug: | |
msg: "vpc_id: {{ comanage_training_vpc.vpc.id }}" | |
- name: Internet gateway for COmanage Registry training VPC | |
community.aws.ec2_vpc_igw: | |
vpc_id: "{{ comanage_training_vpc.vpc.id }}" | |
region: "{{ comanage_training_region }}" | |
state: present | |
tags: | |
Name: comanage_training_igw | |
register: igw | |
- name: List IGW information | |
debug: | |
msg: "gateway_id: {{ igw.gateway_id }}" | |
- name: Public subnet for COmanage Registry training | |
amazon.aws.ec2_vpc_subnet: | |
state: present | |
vpc_id: "{{ comanage_training_vpc.vpc.id }}" | |
region: "{{ comanage_training_region }}" | |
cidr: "{{ item.value.public_subnet }}" | |
az: "{{ comanage_training_region }}{{ item.key }}" | |
tags: | |
Name: "{{ item.key }}-public-comanage-training" | |
register: subnet_public | |
loop: "{{ vpc_availability_zone | dict2items }}" | |
- name: List public subnet information | |
debug: | |
msg: "{{ item.subnet.availability_zone }}|{{ item.subnet.id }}|{{ item.subnet.cidr_block }}" | |
loop: "{{ subnet_public.results }}" | |
- name: Build public_subnet_id_by_az dictionary | |
set_fact: | |
public_subnet_id_by_az: "{{ public_subnet_id_by_az | default({}) | combine( {item.subnet.availability_zone: item.subnet.id} ) }}" | |
loop: "{{ subnet_public.results }}" | |
- name: Build public_subnet_ids | |
set_fact: | |
public_subnet_ids: "{{ public_subnet_ids | default([]) + [ item.subnet.id ] }}" | |
loop: "{{ subnet_public.results }}" | |
- name: Route table through Internet gateway for public subnets | |
community.aws.ec2_vpc_route_table: | |
vpc_id: "{{ comanage_training_vpc.vpc.id }}" | |
region: "{{ comanage_training_region }}" | |
tags: | |
Name: comanage_training_public_igw | |
subnets: "{{ public_subnet_ids }}" | |
routes: | |
- dest: 0.0.0.0/0 | |
gateway_id: igw | |
- name: NAT gateway for public subnet | |
community.aws.ec2_vpc_nat_gateway: | |
region: "{{ comanage_training_region }}" | |
state: present | |
subnet_id: "{{ item.subnet.id }}" | |
if_exist_do_not_create: yes | |
wait: yes | |
register: nat_gateway | |
loop: "{{ subnet_public.results }}" | |
- name: List NAT GW information | |
debug: | |
msg: "nat_gateway_id: {{ item.nat_gateway_id }} , subnet_id: {{ item.subnet_id }}, cidr_block: {{ item.item.subnet.cidr_block }}" | |
loop: "{{ nat_gateway.results }}" | |
- name: Build nat_id_by_az dictionary | |
set_fact: | |
nat_id_by_az: "{{ nat_id_by_az | default({}) | combine( {item.item.subnet.availability_zone: item.nat_gateway_id} ) }}" | |
loop: "{{ nat_gateway.results }}" | |
- name: Private subnet for COmanage Registry training | |
amazon.aws.ec2_vpc_subnet: | |
state: present | |
vpc_id: "{{ comanage_training_vpc.vpc.id }}" | |
region: "{{ comanage_training_region }}" | |
cidr: "{{ item.value.private_subnet }}" | |
az: "{{ comanage_training_region }}{{ item.key }}" | |
tags: | |
Name: "{{ item.key }}-private-comanage-training" | |
register: subnet_private | |
loop: "{{ vpc_availability_zone | dict2items }}" | |
- name: List private subnets | |
debug: | |
msg: "private|{{ item.subnet.id }}|{{ item.subnet.availability_zone }}|{{ item.subnet.cidr_block }}" | |
loop: "{{ subnet_private.results }}" | |
- name: Build private_subnet_id_by_az dictionary | |
set_fact: | |
private_subnet_id_by_az: "{{ private_subnet_id_by_az | default({}) | combine( {item.subnet.availability_zone: item.subnet.id} ) }}" | |
loop: "{{ subnet_private.results }}" | |
- name: Build private_subnet_cidr_by_az dictionary | |
set_fact: | |
private_subnet_cidr_by_az: "{{ private_subnet_cidr_by_az | default({}) | combine( {item.subnet.availability_zone: item.subnet.cidr_block} ) }}" | |
loop: "{{ subnet_private.results }}" | |
- name: Build private_subnet_ids | |
set_fact: | |
private_subnet_ids: "{{ private_subnet_ids | default([]) + [ item.subnet.id ] }}" | |
loop: "{{ subnet_private.results }}" | |
- name: Build routing tables for private subnet through NAT GW | |
community.aws.ec2_vpc_route_table: | |
vpc_id: "{{ comanage_training_vpc.vpc.id }}" | |
region: "{{ comanage_training_region }}" | |
tags: | |
Name: "comanage-training-private-{{ item.item.key }}" | |
subnets: | |
- "{{ item.subnet.id }}" | |
routes: | |
- dest: 0.0.0.0/0 | |
gateway_id: "{{ nat_id_by_az[item.subnet.availability_zone] }}" | |
loop: "{{ subnet_private.results }}" |