-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathaws-setup.yml
More file actions
133 lines (133 loc) · 3.58 KB
/
aws-setup.yml
File metadata and controls
133 lines (133 loc) · 3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
- hosts: 127.0.0.1
connection: local
vars:
region: us-east-1
tasks:
- name: Install root synhak ssh key
action:
module: ec2_key
name: root
region: $region
state: present
key_material: "{{lookup('file', 'sysadmin-keys/root.pub')}}"
- name: Configure VPC
register: vpc
action:
module: ec2_vpc
cidr_block: 10.0.0.0/16
subnets:
- cidr: 10.0.0.0/24
az: us-east-1a
route_tables:
- subnets:
- 10.0.0.0/24
routes:
- dest: 10.0.0.0/0
gw: igw
dns_hostnames: yes
dns_support: yes
internet_gateway: yes
state: present
wait: yes
region: $region
- name: Configure public-web group
register: public_web_group
action:
module: ec2_group
name: public-web
description: Public web-facing server
vpc_id: "{{vpc.vpc_id}}"
region: $region
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
- name: Configure nginx-edge VPC group
action:
module: ec2_group
name: nginx-edge
description: nginx edge servers
vpc_id: "{{vpc.vpc_id}}"
region: $region
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
to_port: 22
from_port: 22
cidr_ip: 0.0.0.0/0
- name: Configure log-server VPC group
action:
module: ec2_group
name: log-server
description: Logging capture and analysis server
vpc_id: "{{vpc.vpc_id}}"
region: $region
rules:
- proto: udp
to_port: 557
from_port: 557
cidr_ip: 10.0.0.0/8
- name: Create ELB
register: elb
local_action:
module: ec2_elb_lb
state: present
name: www-vpc
region: $region
subnets:
- "{{vpc.subnets[0].id}}"
group:
- "{{public_web_group.group_id}}"
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
instance_protocol: http
- protocol: https
load_balancer_port: 443
instance_port: 80
instance_protocol: http
ssl_certificate_id: arn:aws:iam::227340562114:server-certificate/startssl-with-ca-synhak.org
- name: Setup DNS
local_action:
module: route53
command: create
zone: synhak.org
record: dev.synhak.org
type: A
alias_id: "{{elb.elb.hosted_zone_id}}"
alias_dns: "{{elb.elb.hosted_zone_name}}"
overwrite: true
- name: Launch www instances
register: ec2
local_action:
module: ec2
assign_public_ip: true
vpc_subnet_id: "{{vpc.subnets[0].id}}"
count_tag:
role: www
exact_count: 2
group:
- nginx-edge
instance_tags:
role: www
region: $region
image: ami-1337187a
keypair: root
instance_type: t1.micro
wait: yes
- wait_for: port=22 host={{item.public_ip}}
with_items: ec2.tagged_instances
- name: Add instances to host group
local_action: add_host hostname={{item.public_dns_name}} groupname=tag_role_www
with_items: ec2.tagged_instances
- include: main.yml