2023-05-17 20:17:32 +02:00

84 lines
2.1 KiB
YAML

- name: copy ssh public key
amazon.aws.ec2_key:
region: "{{ aws_region }}"
name: vpn_key
key_material: "{{ lookup('file', '{{ ssh_pub_key_file }}') }}"
region: "{{ aws_region }}"
- name: network security policy that allows all traffic incoming and outgoing
amazon.aws.ec2_group:
region: "{{ aws_region }}"
name: "vpn allow all"
description: allow all traffic/protocol/ports
rules:
- proto: all
cidr_ip: 0.0.0.0/0
- proto: all
group_name: "vpn allow all"
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
register: security_group
- name: find arm64 ami for debian
amazon.aws.ec2_ami_info:
region: "{{ aws_region }}"
owners: amazon
filters:
name: "debian-11-arm64-20*"
architecture: "arm64"
register: amis
- name: Extract the most recently created AMI from the list
ansible.builtin.set_fact:
aws_ami: "{{ amis.images[-1].image_id }}"
- name: debug
debug:
var: aws_ami
- name: create graviton instance
amazon.aws.ec2_instance:
region: "{{ aws_region }}"
key_name: vpn_key
name: "{{ dns_name }}"
security_group: "{{ security_group.group_id }}"
instance_type: "t4g.nano"
image_id: "{{ aws_ami }}"
instance_initiated_shutdown_behavior: terminate
network:
assign_public_ip: true
wait: true
state: running
register: graviton
- name: generate route53 dns entry for the instance
amazon.aws.route53:
command: create
overwrite: yes
zone: "{{ dns_zone_name }}"
record: "{{ dns_name }}"
type: CNAME
ttl: 60
value: "{{ item.public_dns_name }}"
loop: "{{ graviton.instances }}"
when: dns_name != ""
- name: Wait for SSH to come up
delegate_to: "{{ item.public_dns_name }}"
wait_for_connection:
delay: 60
timeout: 320
loop: "{{ graviton.instances }}"
- name: Add new instance to host group
add_host:
hostname: "{{ item.public_ip_address }}"
groupname: launched
loop: "{{ graviton.instances }}"
- name: Print public IP of this server
debug:
msg: Your instance has th public IP address {{ item.public_ip }}
loop: "{{ graviton.instances }}"