- name: copy ssh public key amazon.aws.ec2_key: region: "{{ aws_region }}" name: vpn_key key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}" region: "{{ aws_region }}" - name: network security policy that allows all traffic incoming and outgoing amazon.aws.ec2_group: region: "{{ aws_region }}" name: "vpn allow all" description: allow all traffic/protocol/ports rules: - proto: all cidr_ip: 0.0.0.0/0 - proto: all group_name: "vpn allow all" rules_egress: - proto: all cidr_ip: 0.0.0.0/0 register: security_group - name: find arm64 ami for debian amazon.aws.ec2_ami_info: region: "{{ aws_region }}" owners: amazon filters: name: "debian-11-arm64-20*" architecture: "arm64" register: amis - name: Extract the most recently created AMI from the list ansible.builtin.set_fact: aws_ami: "{{ amis.images[-1].image_id }}" - name: debug debug: var: aws_ami - name: create graviton instance amazon.aws.ec2_instance: region: "{{ aws_region }}" key_name: vpn_key name: "{{ dns_name }}" security_group: "{{ security_group.group_id }}" instance_type: "t4g.nano" image_id: "{{ aws_ami }}" instance_initiated_shutdown_behavior: terminate network: assign_public_ip: true wait: true state: running register: graviton - name: generate route53 dns entry for the instance amazon.aws.route53: command: create overwrite: yes zone: "{{ dns_zone_name }}" record: "{{ dns_name }}" type: CNAME ttl: 60 value: "{{ item.public_dns_name }}" loop: "{{ graviton.instances }}" when: dns_name != "" - name: Wait for SSH to come up delegate_to: "{{ item.public_dns_name }}" wait_for_connection: delay: 60 timeout: 320 loop: "{{ graviton.instances }}" - name: Add new instance to host group add_host: hostname: "{{ item.public_ip_address }}" groupname: launched loop: "{{ graviton.instances }}" - name: Print public IP of this server debug: msg: Your instance has th public IP address {{ item.public_ip }} loop: "{{ graviton.instances }}"