Compare commits
1 Commits
master
...
features/i
Author | SHA1 | Date | |
---|---|---|---|
|
a8887edb74 |
@ -4,11 +4,47 @@
|
||||
key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
|
||||
region: "{{ aws_region }}"
|
||||
|
||||
- name: create a VPC and request an IPv6 CIDR
|
||||
amazon.aws.ec2_vpc_net:
|
||||
name: wg-aws-net
|
||||
cidr_block: 10.10.0.0/16
|
||||
ipv6_cidr: True
|
||||
region: "{{ aws_region }}"
|
||||
register: vpc_net
|
||||
|
||||
- name: Create subnet with IPv6 block assigned
|
||||
amazon.aws.ec2_vpc_subnet:
|
||||
state: present
|
||||
assign_instances_ipv6: true
|
||||
map_public: true
|
||||
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||
cidr: 10.10.0.0/24
|
||||
ipv6_cidr: "{{ vpc_net.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('/56','/64') }}"
|
||||
register: vpc_subnet
|
||||
|
||||
- name: create an internet gateway for vpc
|
||||
ec2_vpc_igw:
|
||||
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||
state: present
|
||||
register: igw
|
||||
|
||||
- name: Set up public subnet route table
|
||||
ec2_vpc_route_table:
|
||||
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||
region: "{{ aws_region }}"
|
||||
subnets:
|
||||
- "{{ vpc_subnet.subnet.id }}"
|
||||
routes:
|
||||
- dest: 0.0.0.0/0
|
||||
gateway_id: "{{ igw.gateway_id }}"
|
||||
register: route
|
||||
|
||||
- name: network security policy that allows all traffic incoming and outgoing
|
||||
amazon.aws.ec2_group:
|
||||
region: "{{ aws_region }}"
|
||||
name: "vpn allow all"
|
||||
description: allow all traffic/protocol/ports
|
||||
vpc_id: "{{ vpc_net.vpc.id }}"
|
||||
rules:
|
||||
- proto: all
|
||||
cidr_ip: 0.0.0.0/0
|
||||
@ -20,18 +56,18 @@
|
||||
register: security_group
|
||||
|
||||
- name: create graviton spot instance
|
||||
amazon.aws.ec2:
|
||||
community.aws.ec2_instance:
|
||||
region: "{{ aws_region }}"
|
||||
spot_type: persistent
|
||||
spot_wait_timeout: 120
|
||||
key_name: vpn_key
|
||||
group_id: "{{ security_group.group_id }}"
|
||||
security_group: "{{ security_group.group_id }}"
|
||||
instance_type: "{{ aws_type }}"
|
||||
image: "{{ aws_ami }}"
|
||||
wait: yes
|
||||
instance_initiated_shutdown_behavior: terminate
|
||||
vpc_subnet_id: "subnet-3df70f5a"
|
||||
image_id: "{{ aws_ami }}"
|
||||
vpc_subnet_id: "{{ vpc_subnet.subnet.id }}"
|
||||
network:
|
||||
assign_public_ip: yes
|
||||
wait: yes
|
||||
tags:
|
||||
Environment: Testing
|
||||
register: graviton
|
||||
|
||||
- name: generate route53 dns entry for the instance
|
||||
|
@ -20,6 +20,9 @@
|
||||
name: "qrencode"
|
||||
state: present
|
||||
|
||||
- name: Reboot to make shure wireguard kernel module is loadable
|
||||
reboot:
|
||||
|
||||
- name: ensure wireguard services are stopped
|
||||
command: "systemctl stop wg-quick@wg0"
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user