ITBlogger · June 3, 2018 02:55 · Jun 3, 2018 · Jun 3, 2018
diff --git a/aws_playbook_sample b/aws_playbook_sample
@@ -24,13 +24,13 @@
 
   pre_tasks:
     - name: check for env
-      local_action: stat path=/{{ playbook_dir }}/group_vars/{{ env }}
+      local_action: stat path=/{{ playbook_dir }}/group_vars/aws_dev_var_sample
       become: False
       register: env_vars
 
     - name: include env vars locally
       include_vars:
-        file: '{{ playbook_dir }}/group_vars/{{ env }}'
+        file: '{{ playbook_dir }}/group_vars/aws_dev_var_sample'
       become: False
       when: env_vars.stat.exists
 

diff --git a/aws_dev_var_sample b/aws_dev_var_sample
@@ -0,0 +1,29 @@
+---
+asg_extra_tags:
+  - asg_extra:
+    - system: product1
+    - billing: Account1
+
+elb_group_rules:
+  - rules:
+      - proto: tcp
+        from_port: 80
+        to_port: 80
+        cidr_ip: 0.0.0.0/0
+
+instance_group_rules:
+  - rules:
+      - proto: tcp
+        from_port: 80
+        to_port: 80
+        cidr_ip: "0.0.0.0/0"
+      - proto: tcp
+        from_port: 22
+        to_port: 22
+        cidr_ip: "0.0.0.0/0"
+
+elb_listeners:
+  - listeners:
+    - protocol: http
+      load_balancer_port: 80
+      instance_port: 80
diff --git a/aws_playbook_sample b/aws_playbook_sample
@@ -0,0 +1,38 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  any_errors_fatal: true
+
+  vars:
+    branch: 'dev'
+    commit: 'some-random-git-commit-ref'
+    dmza_subnet_id: 'dmza_subnet_id'
+    dmzb_subnet_id: 'dmzb_subnet_id'
+    dmzc_subnet_id: 'dmzc_subnet_id'
+    env: 'dev'
+    health_check_type: 'ELB'
+    image_owner: '099720109477'
+    merged_tags: {}
+    owner: 'our-company'
+    region: 'us-west-1'
+    replace_all_instances: yes
+    scheme: 'internet-facing'
+    service: 'microservice1'
+    vpc_id: 'our-vpc-1'
+    wait_for_instances: true
+
+  pre_tasks:
+    - name: check for env
+      local_action: stat path=/{{ playbook_dir }}/group_vars/{{ env }}
+      become: False
+      register: env_vars
+
+    - name: include env vars locally
+      include_vars:
+        file: '{{ playbook_dir }}/group_vars/{{ env }}'
+      become: False
+      when: env_vars.stat.exists
+
+  roles:
+    - asg-provision
diff --git a/aws_role_sample b/aws_role_sample
@@ -0,0 +1,185 @@
+---
+  - name: stat service environment vars
+    stat: path='{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
+    register: service_vars
+
+  - name: include service vars
+    include_vars: '{{ playbook_dir }}/group_vars/tag_Name_{{ env }}_{{ ser }}'
+    when: service_vars.stat.exists == true
+
+  - name: find latest ami
+    ec2_ami_find:
+      owner: self
+      region: '{{ region }}'
+      ami_tags:
+        Service: '{{ service }}'
+        Env: '{{ env }}'
+        Branch: '{{ branch }}'
+        Commit: '{{ commit }}'
+      sort: name
+      sort_order: descending
+      sort_end: 1
+      no_result_action: fail
+    register: ami_find
+
+  - debug: var=ami_find.results
+
+  # Native tags are for all below resources that use tags
+  # Tags specific to ASGs
+  - name: create native_tags and asg_native_tags fact
+    set_fact:
+      native_tags:
+        - Name: '{{ env }}_{{ service }}'
+        - Service: '{{ service }}'
+        - Environment: '{{ env }}'
+        - Branch: '{{ branch }}'
+        - Commit: '{{ commit }}'
+      asg_native_tags:
+        - ELB: '{{ env }}-{{ service }}ELB'
+        - LC: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
+
+  - name: change native_tags list to dict
+    set_fact:
+      merged_tags: '{{ merged_tags | combine( item ) }}'
+    with_items: '{{ native_tags }}'
+
+  - name: change native_tags list to dict debug
+    debug: var=merged_tags
+
+  - name: merge non-asg and asg extra tags when extra tags are defined
+    set_fact:
+      merged_tags: '{{ merged_tags | combine( item.asg_extra ) }}'
+    with_items: '{{ asg_extra_tags }}'
+    when: asg_extra_tags is defined
+
+  - name: merge non-asg and asg extra tags when extra tags are defined debug
+    debug: var=merged_tags
+
+  - name: create asg_extra_tags fact from variable
+    set_fact:
+      asg_extra_tags: '{{ item.asg_extra }}'
+    with_items: '{{ asg_extra_tags | default([]) }}'
+
+  - name: merge non-asg and asg tag facts when extra tags are defined
+    set_fact:
+      merged_asg_tags: '{{ native_tags }} + {{ asg_native_tags }} + {{ asg_extra_tags }}'
+    when: asg_extra_tags is defined
+
+  - name: set asg_native_tags as merged asg tags when extra tags are undefined
+    set_fact:
+      merged_asg_tags: '{{ asg_native_tags }}'
+    when: asg_extra_tags is undefined
+
+  - name: find dmz subnets
+    ec2_vpc_subnet_facts:
+      filters:
+        'tag:Tier': dmz
+    register: dmz_subnets
+
+  - name: find private subnets
+    ec2_vpc_subnet_facts:
+      filters:
+        'tag:Tier': private
+    register: private_subnets
+
+  - debug: msg="{{ dmz_subnets.subnets | map(attribute='id') | list }}"
+  - debug: msg="{{ private_subnets.subnets | map(attribute='id') | list }}"
+
+  - name: create ELB security_group
+    ec2_group:
+      state: present
+      name: '{{ env }}_{{ service }}_ELBSG'
+      description: 'SG for {{ env }} {{ service }} ELB'
+      region: '{{ region }}'
+      vpc_id: '{{ vpc_id }}'
+      rules: '{{ item.rules }}'
+      rules_egress:
+        - proto: all
+          from_port: -1
+          to_port: -1
+          cidr_ip: 0.0.0.0/0
+      tags: '{{ merged_tags }}'
+    with_items: '{{ elb_group_rules }}'
+    register: elb_sg_out
+
+  - name: create instance security_group
+    ec2_group:
+      state: present
+      name: '{{ env }}_{{ service }}_SG'
+      description: 'SG for {{ env }} {{ service }} Instances'
+      region: '{{ region }}'
+      vpc_id: '{{ vpc_id }}'
+      rules: '{{ item.rules }}'
+      rules_egress:
+        - proto: all
+          from_port: -1
+          to_port: -1
+          cidr_ip: 0.0.0.0/0
+      tags: '{{ merged_tags }}'
+    with_items: '{{ instance_group_rules }}'
+    register: instance_sg_out
+
+  - name: create private ELB
+    ec2_elb_lb:
+      name: '{{ env }}-{{ service }}ELB'
+      state: present
+      security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
+      subnets: "{{ private_subnets.subnets | map(attribute='id') | list }}"
+      listeners: '{{ item.listeners }}'
+      health_check: '{{ health_check }}'
+      cross_az_load_balancing: yes
+      scheme: '{{ elb_scheme }}'
+      tags: '{{ merged_tags }}'
+    with_items: '{{ elb_listeners }}'
+    when: elb_scheme == 'internal'
+    register: elb_out
+
+  - name: create public ELB
+    ec2_elb_lb:
+      name: '{{ env }}-{{ service }}ELB'
+      state: present
+      security_group_ids: '{{ elb_sg_out.results.0.group_id }}'
+      subnets: "{{ dmz_subnets.subnets | map(attribute='id') | list }}"
+      listeners: '{{ item.listeners }}'
+      health_check: '{{ health_check }}'
+      cross_az_load_balancing: yes
+      scheme: '{{ elb_scheme }}'
+      tags: '{{ merged_tags }}'
+    with_items: '{{ elb_listeners }}'
+    when: elb_scheme == 'internet-facing'
+    register: elb_out
+
+  - name: create launch config with {{ ami_find.results[0].ami_id }}
+    ec2_lc:
+      name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
+      image_id: '{{ ami_find.results[0].ami_id }}'
+      key_name: '{{ env }}'
+      security_groups: '{{ instance_sg_out.results.0.group_id }}'
+      instance_type: '{{ instance_type }}'
+      region: '{{ region }}'
+      state: present
+      instance_monitoring: '{{ instance_monitoring }}'
+      instance_profile_name: '{{ iam_role }}'
+    register: lc_out
+    tags: '{{ service }}'
+
+  - name: Create ASG with {{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}
+    ec2_asg:
+      name: '{{ env }}_{{ service }}ASG'
+      launch_config_name: '{{ env }}_{{ service }}_{{ ami_find.results[0].ami_id }}'
+      health_check_period: '{{ health_check_period }}'
+      health_check_type: '{{ health_check_type }}'
+      min_size: '{{ min_size }}'
+      max_size: '{{ max_size }}'
+      desired_capacity: '{{ desired_capacity }}'
+      region: '{{ region }}'
+      load_balancers:
+        - '{{ env }}-{{ service }}ELB'
+      replace_all_instances: '{{ replace_all_instances }}'
+      replace_batch_size: '{{ min_size }}'
+      wait_for_instances: '{{ wait_for_instances }}'
+      wait_timeout: '{{ wait_timeout }}'
+      tags: '{{ merged_asg_tags }}'
+      vpc_zone_identifier: "{{ private_subnets.subnets | map(attribute='id') | list }}"
+    register:  asg_out
+    tags: '{{ service }}'