Skip to content

Instantly share code, notes, and snippets.

@GeneralistDev

GeneralistDev/kms-play.yml

Created July 10, 2017 17:12
Show Gist options
  • Save GeneralistDev/a25ade53c294e9cb4925f2312e1c088b to your computer and use it in GitHub Desktop.
Save GeneralistDev/a25ade53c294e9cb4925f2312e1c088b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kms-play.yml
---
- name: Bootstrapping KMS stack
cloudformation:
stack_name: "acloudguru-kms-{{ STAGE }}-ansible"
state: "present"
region: "{{ REGION }}"
profile: "acloudguru-{{ STAGE }}"
template: "../kms/bootstrap.yaml"
template_parameters:
Stage: "{{ STAGE }}"
IAMUserName: "{{ IAM_USER_NAME }}"
tags:
Name: "kms_stack"
Stack: "{{ STAGE }}_school_stack"
register: kms_bootstrap
# Other tasks here
# ...
- name: Updating KMS stack policies
cloudformation:
stack_name: "acloudguru-kms-{{ STAGE }}-ansible"
state: "present"
region: "{{ REGION }}"
profile: "acloudguru-{{ STAGE }}"
template: "../kms/cf.yaml"
template_parameters:
Stage: "{{ STAGE }}"
IAMUserName: "{{ IAM_USER_NAME }}"
tags:
Name: "kms_stack"
Stack: "{{ STAGE }}_school_stack"
register: kms_full_deploy
...
Raw
task1 output
TASK [Bootstrapping KMS stack] *****************************************************************************************************************************************************************************
task path: /Users/daniel/Documents/Programming/school/infrastructure/ansible/tasks/bootstrap-kms-stack.yml:2
Using module file /Users/daniel/Documents/Programming/ansible-rlgod/lib/ansible/modules/cloud/amazon/cloudformation.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: daniel
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449 `" && echo ansible-tmp-1499706513.854845-33934389647449="` echo /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449 `" ) && sleep 0'
<127.0.0.1> PUT /var/folders/_2/fcw_kflx3wgch8yb0qyp7ll40000gn/T/tmp74idqiht TO /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449/cloudformation.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449/ /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449/cloudformation.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/Users/daniel/.pyenv/versions/3.6.1/bin/python /Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449/cloudformation.py; rm -rf "/Users/daniel/.ansible/tmp/ansible-tmp-1499706513.854845-33934389647449/" > /dev/null 2>&1 && sleep 0'
[WARNING]: Created changeset named Ansible-acloudguru-kms-ansible-ansible-c11c6abab03c5a997f6f9108c895d143f6401a97 for stack acloudguru-kms-ansible-ansible
[WARNING]: You can execute it using: aws cloudformation execute-change-set --change-set-name arn:aws:cloudformation:us-east-1:905356704697:changeSet/Ansible-acloudguru-kms-ansible-
ansible-c11c6abab03c5a997f6f9108c895d143f6401a97/2915daf7-5782-4b01-913a-7b531477d59b
[WARNING]: NOTE that dependencies on this stack might fail due to pending changes!
changed: [localhost] => {
"changed": true,
"events": [
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible CREATE_COMPLETE",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_COMPLETE",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible CREATE_IN_PROGRESS"
],
"failed": false,
"invocation": {
"module_args": {
"aws_access_key": null,
"aws_secret_key": null,
"changeset_name": null,
"create_changeset": false,
"disable_rollback": false,
"ec2_url": null,
"notification_arns": null,
"profile": "acloudguru-ansible",
"region": "us-east-1",
"role_arn": null,
"security_token": null,
"stack_name": "acloudguru-kms-ansible-ansible",
"stack_policy": null,
"state": "present",
"tags": {
"Name": "kms_stack",
"Stack": "ansible_school_stack"
},
"template": "../kms/bootstrap.yaml",
"template_format": null,
"template_parameters": {
"IAMUserName": "cli-user-dan",
"Stage": "ansible"
},
"template_url": null,
"validate_certs": true
}
},
"log": [],
"output": "Stack UPDATE complete",
"stack_outputs": {
"EnvVarKeyArn": "arn:aws:kms:us-east-1:905356704697:key/4e91df3e-9edd-427c-ba48-52b368b28c16"
},
"stack_resources": [
{
"last_updated_time": "2017-07-05T22:16:10.280000+00:00",
"logical_resource_id": "EnvVarKey",
"physical_resource_id": "4e91df3e-9edd-427c-ba48-52b368b28c16",
"resource_type": "AWS::KMS::Key",
"status": "UPDATE_COMPLETE",
"status_reason": null
},
{
"last_updated_time": "2017-06-23T17:44:31.903000+00:00",
"logical_resource_id": "EnvVarKeyAlias",
"physical_resource_id": "alias/school-env-vars-ansible-ansible",
"resource_type": "AWS::KMS::Alias",
"status": "CREATE_COMPLETE",
"status_reason": null
}
]
}
Raw
task2 output
TASK [Updating KMS stack policies] *************************************************************************************************************************************************************************
task path: /Users/daniel/Documents/Programming/school/infrastructure/ansible/tasks/update-kms-stack.yml:2
Using module file /Users/daniel/Documents/Programming/ansible-rlgod/lib/ansible/modules/cloud/amazon/cloudformation.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: daniel
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078 `" && echo ansible-tmp-1499706702.305057-263971778507078="` echo /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078 `" ) && sleep 0'
<127.0.0.1> PUT /var/folders/_2/fcw_kflx3wgch8yb0qyp7ll40000gn/T/tmpljop6jcj TO /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078/cloudformation.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078/ /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078/cloudformation.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/Users/daniel/.pyenv/versions/3.6.1/bin/python /Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078/cloudformation.py; rm -rf "/Users/daniel/.ansible/tmp/ansible-tmp-1499706702.305057-263971778507078/" > /dev/null 2>&1 && sleep 0'
[WARNING]: Created changeset named Ansible-acloudguru-kms-ansible-ansible-7df414c37f48a8c4fa42a97f12a1927b19d82f53 for stack acloudguru-kms-ansible-ansible
[WARNING]: You can execute it using: aws cloudformation execute-change-set --change-set-name arn:aws:cloudformation:us-east-1:905356704697:changeSet/Ansible-acloudguru-kms-ansible-
ansible-7df414c37f48a8c4fa42a97f12a1927b19d82f53/a4238fb8-929c-4ee5-9dd8-b6534e4c1149
[WARNING]: NOTE that dependencies on this stack might fail due to pending changes!
changed: [localhost] => {
"changed": true,
"events": [
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible UPDATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible CREATE_COMPLETE",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_COMPLETE",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Alias EnvVarKeyAlias CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_COMPLETE",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_IN_PROGRESS",
"StackEvent AWS::KMS::Key EnvVarKey CREATE_IN_PROGRESS",
"StackEvent AWS::CloudFormation::Stack acloudguru-kms-ansible-ansible CREATE_IN_PROGRESS"
],
"failed": false,
"invocation": {
"module_args": {
"aws_access_key": null,
"aws_secret_key": null,
"changeset_name": null,
"create_changeset": false,
"disable_rollback": false,
"ec2_url": null,
"notification_arns": null,
"profile": "acloudguru-ansible",
"region": "us-east-1",
"role_arn": null,
"security_token": null,
"stack_name": "acloudguru-kms-ansible-ansible",
"stack_policy": null,
"state": "present",
"tags": {
"Name": "kms_stack",
"Stack": "ansible_school_stack"
},
"template": "../kms/cf.yaml",
"template_format": null,
"template_parameters": {
"IAMUserName": "cli-user-dan",
"Stage": "ansible"
},
"template_url": null,
"validate_certs": true
}
},
"log": [],
"output": "Stack UPDATE complete",
"stack_outputs": {
"EnvVarKeyArn": "arn:aws:kms:us-east-1:905356704697:key/4e91df3e-9edd-427c-ba48-52b368b28c16"
},
"stack_resources": [
{
"last_updated_time": "2017-07-05T22:16:10.280000+00:00",
"logical_resource_id": "EnvVarKey",
"physical_resource_id": "4e91df3e-9edd-427c-ba48-52b368b28c16",
"resource_type": "AWS::KMS::Key",
"status": "UPDATE_COMPLETE",
"status_reason": null
},
{
"last_updated_time": "2017-06-23T17:44:31.903000+00:00",
"logical_resource_id": "EnvVarKeyAlias",
"physical_resource_id": "alias/school-env-vars-ansible-ansible",
"resource_type": "AWS::KMS::Alias",
"status": "CREATE_COMPLETE",
"status_reason": null
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment