--- # A Note about ec2 environment variable name preference: # - EC2_URL -> AWS_URL # - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY # - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY # - EC2_REGION -> AWS_REGION # # - include: ../../setup_ec2/tasks/common.yml module_name: ec2_instance - block: # ============================================================ - name: set connection information for all tasks set_fact: aws_connection_info: &aws_connection_info aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token }}" region: "{{ aws_region }}" no_log: true - name: Create VPC for use in testing ec2_vpc_net: name: "{{ resource_prefix }}-vpc" cidr_block: 10.22.32.0/23 tags: Name: Ansible ec2_instance Testing VPC tenancy: default <<: *aws_connection_info register: testing_vpc - name: Create internet gateway for use in testing ec2_vpc_igw: vpc_id: "{{ testing_vpc.vpc.id }}" state: present <<: *aws_connection_info register: igw - name: Create default subnet in zone A ec2_vpc_subnet: state: present vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.22.32.0/24 az: "{{ aws_region }}a" resource_tags: Name: "{{ resource_prefix }}-subnet-a" <<: *aws_connection_info register: testing_subnet_a - name: Create secondary subnet in zone B ec2_vpc_subnet: state: present vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.22.33.0/24 az: "{{ aws_region }}b" resource_tags: Name: "{{ resource_prefix }}-subnet-b" <<: *aws_connection_info register: testing_subnet_b - name: create routing rules ec2_vpc_route_table: vpc_id: "{{ testing_vpc.vpc.id }}" tags: created: "{{ resource_prefix }}-route" routes: - dest: 0.0.0.0/0 gateway_id: "{{ igw.gateway_id }}" subnets: - "{{ testing_subnet_a.subnet.id }}" - "{{ testing_subnet_b.subnet.id }}" <<: *aws_connection_info - name: create a security group with the vpc ec2_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" rules: - proto: tcp from_port: 22 to_port: 22 cidr_ip: 0.0.0.0/0 - proto: tcp from_port: 80 to_port: 80 cidr_ip: 0.0.0.0/0 <<: *aws_connection_info register: sg - include_tasks: tasks/termination_protection.yml - include_tasks: tasks/tags_and_vpc_settings.yml - include_tasks: tasks/external_resource_attach.yml - include_tasks: tasks/block_devices.yml - include_tasks: tasks/default_vpc_tests.yml - include_tasks: tasks/iam_instance_role.yml # ============================================================ always: - name: remove any instances in the test VPC ec2_instance: filters: vpc_id: "{{ testing_vpc.vpc.id }}" state: absent <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove ENIs ec2_eni_facts: filters: vpc-id: "{{ testing_vpc.vpc.id }}" <<: *aws_connection_info register: enis - name: delete all ENIs ec2_eni: eni_id: "{{ item.id }}" state: absent <<: *aws_connection_info until: removed is not failed with_items: "{{ enis.network_interfaces }}" ignore_errors: yes retries: 10 - name: remove the security group ec2_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" state: absent <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove routing rules ec2_vpc_route_table: state: absent vpc_id: "{{ testing_vpc.vpc.id }}" tags: created: "{{ resource_prefix }}-route" routes: - dest: 0.0.0.0/0 gateway_id: "{{ igw.gateway_id }}" subnets: - "{{ testing_subnet_a.subnet.id }}" - "{{ testing_subnet_b.subnet.id }}" <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove internet gateway ec2_vpc_igw: vpc_id: "{{ testing_vpc.vpc.id }}" state: absent <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove subnet A ec2_vpc_subnet: state: absent vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.22.32.0/24 <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove subnet B ec2_vpc_subnet: state: absent vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.22.33.0/24 <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10 - name: remove the VPC ec2_vpc_net: name: "{{ resource_prefix }}-vpc" cidr_block: 10.22.32.0/23 state: absent tags: Name: Ansible Testing VPC tenancy: default <<: *aws_connection_info register: removed until: removed is not failed ignore_errors: yes retries: 10