- name: copy ssh public key
  amazon.aws.ec2_key:
    name: vpn_key
    key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
    region: "{{ aws_region }}"

- name: create a VPC and request an IPv6 CIDR
  amazon.aws.ec2_vpc_net:
    name: wg-aws-net
    cidr_block: 10.10.0.0/16
    ipv6_cidr: True
    region: "{{ aws_region }}"
  register: vpc_net

- name: Create subnet with IPv6 block assigned
  amazon.aws.ec2_vpc_subnet:
    state: present
    assign_instances_ipv6: true
    map_public: true
    vpc_id: "{{ vpc_net.vpc.id }}"
    cidr: 10.10.0.0/24
    ipv6_cidr: "{{ vpc_net.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('/56','/64') }}"
  register: vpc_subnet
       
- name: create an internet gateway for vpc
  ec2_vpc_igw:
    vpc_id: "{{ vpc_net.vpc.id }}"
    state: present
  register: igw

- name: Set up public subnet route table
  ec2_vpc_route_table:
    vpc_id: "{{ vpc_net.vpc.id }}"
    region: "{{ aws_region }}"
    subnets:
      - "{{ vpc_subnet.subnet.id }}"
    routes:
      - dest: 0.0.0.0/0
        gateway_id: "{{ igw.gateway_id }}"
  register: route
  
- name: network security policy that allows all traffic incoming and outgoing
  amazon.aws.ec2_group:
    region: "{{ aws_region }}"
    name: "vpn allow all"
    description: allow all traffic/protocol/ports
    vpc_id: "{{ vpc_net.vpc.id }}"
    rules:
      - proto: all
        cidr_ip: 0.0.0.0/0
      - proto: all
        group_name: "vpn allow all"
    rules_egress:
      - proto: all
        cidr_ip: 0.0.0.0/0
  register: security_group

- name: create graviton spot instance
  community.aws.ec2_instance:
    region: "{{ aws_region }}"
    key_name: vpn_key
    security_group: "{{ security_group.group_id }}"
    instance_type: "{{ aws_type }}"
    image_id: "{{ aws_ami }}"
    vpc_subnet_id:  "{{ vpc_subnet.subnet.id }}"
    network:
      assign_public_ip: yes
    wait: yes
    tags:
      Environment: Testing
  register: graviton

- name: generate route53 dns entry for the instance
  route53:
    command: create
    overwrite: yes
    zone: "{{ dns_zone_name }}"
    record: "{{ dns_name }}"
    type: CNAME
    ttl: 60
    value: "{{ item.public_dns_name }}"
  loop:  "{{ graviton.instances }}"
  when: dns_name != ""
  
- name: Wait for SSH to come up
  delegate_to: "{{ item.public_dns_name }}"
  wait_for_connection:
    delay: 60
    timeout: 320
  loop: "{{ graviton.instances }}"

- name: Add new instance to host group
  add_host:
    hostname: "{{ item.public_ip }}"
    groupname: launched
  loop: "{{ graviton.instances }}"

- name: Print public IP of this server
  debug:
     msg: Your instance has th public IP address  {{ item.public_ip }}
  loop: "{{ graviton.instances }}"