arbabnazar/secret-4.yml Secret

## secret-4.yml
---
# Environment specific variables
COMPANY: rbgeek
ENVIRONMENT: dev
SERVER_ROLE: web

# VPC specific variables
VPC_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}"
VPC_REGION: eu-west-1 # Ireland
VPC_CIDR: "10.10.0.0/16"
VPC_CLASS_DEFAULT: "10.10"

#Github username for creating EC2 KEY Pair
GITHUB_USERNAME: "arbabnazar"
EC2_KEY_NAME: "{{ GITHUB_USERNAME }}-github-key"
LOCAL_USER_SSH_KEY: no

# Ubuntu AMI specific variables
AMI_NAME: "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"
AMI_OWNER: "099720109477"

# EC2 instances specific variables
EC2_INSTANCE_TYPE: t2.nano
EC2_SECURITY_GROUP_NAME:
  - "{{ VPC_NAME }}-{{ SSH_SG_NAME }}"
  - "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"
EC2_VOLUME_SIZE: 10
EC2_COUNT: 1
EC2_SUBNET_ID:
  - "{{ PUBLIC_SUBNET_1 }}"
  - "{{ PUBLIC_SUBNET_2 }}"

# RDS specific variables
RDS_SUBNET_GROUP_NAME: "{{ VPC_NAME }}-subnet-group"
RDS_SG_DESCRIPTION: "Subnet Group for rds instances inside {{ VPC_NAME }} VPC"
RDS_SG_SUBNETS:
  - "{{ PRIVATE_SUBNET_1 }}"
  - "{{ PRIVATE_SUBNET_2 }}"
RDS_SG_NAME: "{{ VPC_NAME }}-{{ DATABASE_SG_NAME }}"
RDS_MULTI_ZONE_OPTION: no
RDS_INSTANCE_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}-rds"
RDS_DB_ENGINE: MySQL
RDS_DB_SIZE: 10
RDS_DB_NAME: "mydatabase"
RDS_INSTANCE_TYPE: "db.t2.micro"
RDS_DB_USERNAME: root
RDS_DB_PASSWORD: "verystrongpassword"
RDS_BACKUP_RETENTION_PERIOD: 1
RDS_PUBLICLY_ACCESSIBLE: no
RDS_WAIT_TIMEOUT: 1800

# Elastic Load Balancer specific variables
ELB_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}-{{ SERVER_ROLE }}-elb"
ELB_SUBNET_ID:
  - "{{ PUBLIC_SUBNET_1 }}"
  - "{{ PUBLIC_SUBNET_2 }}"
ELB_PURGE_SUBNETS: yes
ELB_CROSS_AZ_LOAD_BALANCING: yes
ELB_PING_PROTOCOL: tcp
ELB_PING_PORT: 80
ELB_RESPONSE_TIMEOUT: 5
ELB_INTERVAL: 30
ELB_UNHEALTHY_THRESHOLD: 2
ELB_HEALTHY_THRESHOLD: 10
ELB_CONNECTION_DRAINING_TIMEOUT: 60
ELB_SECURITY_GROUP_NAME: "{{ VPC_NAME }}-{{ ELB_SG_NAME }}"
ELB_LISTENERS:
  - protocol: http
    load_balancer_port: 80
    instance_protocol: http
    instance_port: 80
  - protocol: https
    load_balancer_port: 443
    instance_protocol: http
    instance_port: 80
    ssl_certificate_id: "arn:aws:iam::189142601945:server-certificate/tendo-crt"

# EC2 Security Groups specific variables
WEB_SG_NAME: "webserver-sg"
DATABASE_SG_NAME: "rds-sg"
SSH_SG_NAME: "ssh-sg"
ELB_SG_NAME: "elb-sg"

# Security Groups
EC2_SECURITY_GROUPS: "{{ SSH_SG + WEB_SG + DATABASE_SG + ELB_SG }}"

# Secrity Groups info(Name, Description and Rules) for Web, RDS and ELB
SSH_SG:
  - name: "{{ VPC_NAME }}-{{ SSH_SG_NAME }}"
    description: "This sg is for remote access to instances inside {{ VPC_NAME }} VPC"
    rules:
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: 0.0.0.0/0

WEB_SG:
  - name: "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"
    description: "This sg is for web instances inside {{ VPC_NAME }} VPC"
    rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: 0.0.0.0/0
      - proto: tcp
        from_port: 443
        to_port: 443
        cidr_ip: 0.0.0.0/0

DATABASE_SG:
  - name: "{{ VPC_NAME }}-{{ DATABASE_SG_NAME }}"
    description: "This sg is for rds instances inside {{ VPC_NAME }} VPC"
    rules:
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_name: "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"

ELB_SG:
  - name: "{{ VPC_NAME }}-{{ ELB_SG_NAME }}"
    description: "This sg is for ELB inside {{ VPC_NAME }} VPC"
    rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: 0.0.0.0/0
	---
	# Environment specific variables
	COMPANY: rbgeek
	ENVIRONMENT: dev
	SERVER_ROLE: web

	# VPC specific variables
	VPC_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}"
	VPC_REGION: eu-west-1 # Ireland
	VPC_CIDR: "10.10.0.0/16"
	VPC_CLASS_DEFAULT: "10.10"

	#Github username for creating EC2 KEY Pair
	GITHUB_USERNAME: "arbabnazar"
	EC2_KEY_NAME: "{{ GITHUB_USERNAME }}-github-key"
	LOCAL_USER_SSH_KEY: no

	# Ubuntu AMI specific variables
	AMI_NAME: "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"
	AMI_OWNER: "099720109477"

	# EC2 instances specific variables
	EC2_INSTANCE_TYPE: t2.nano
	EC2_SECURITY_GROUP_NAME:
	- "{{ VPC_NAME }}-{{ SSH_SG_NAME }}"
	- "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"
	EC2_VOLUME_SIZE: 10
	EC2_COUNT: 1
	EC2_SUBNET_ID:
	- "{{ PUBLIC_SUBNET_1 }}"
	- "{{ PUBLIC_SUBNET_2 }}"

	# RDS specific variables
	RDS_SUBNET_GROUP_NAME: "{{ VPC_NAME }}-subnet-group"
	RDS_SG_DESCRIPTION: "Subnet Group for rds instances inside {{ VPC_NAME }} VPC"
	RDS_SG_SUBNETS:
	- "{{ PRIVATE_SUBNET_1 }}"
	- "{{ PRIVATE_SUBNET_2 }}"
	RDS_SG_NAME: "{{ VPC_NAME }}-{{ DATABASE_SG_NAME }}"
	RDS_MULTI_ZONE_OPTION: no
	RDS_INSTANCE_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}-rds"
	RDS_DB_ENGINE: MySQL
	RDS_DB_SIZE: 10
	RDS_DB_NAME: "mydatabase"
	RDS_INSTANCE_TYPE: "db.t2.micro"
	RDS_DB_USERNAME: root
	RDS_DB_PASSWORD: "verystrongpassword"
	RDS_BACKUP_RETENTION_PERIOD: 1
	RDS_PUBLICLY_ACCESSIBLE: no
	RDS_WAIT_TIMEOUT: 1800

	# Elastic Load Balancer specific variables
	ELB_NAME: "{{ COMPANY }}-{{ ENVIRONMENT }}-{{ SERVER_ROLE }}-elb"
	ELB_SUBNET_ID:
	- "{{ PUBLIC_SUBNET_1 }}"
	- "{{ PUBLIC_SUBNET_2 }}"
	ELB_PURGE_SUBNETS: yes
	ELB_CROSS_AZ_LOAD_BALANCING: yes
	ELB_PING_PROTOCOL: tcp
	ELB_PING_PORT: 80
	ELB_RESPONSE_TIMEOUT: 5
	ELB_INTERVAL: 30
	ELB_UNHEALTHY_THRESHOLD: 2
	ELB_HEALTHY_THRESHOLD: 10
	ELB_CONNECTION_DRAINING_TIMEOUT: 60
	ELB_SECURITY_GROUP_NAME: "{{ VPC_NAME }}-{{ ELB_SG_NAME }}"
	ELB_LISTENERS:
	- protocol: http
	load_balancer_port: 80
	instance_protocol: http
	instance_port: 80
	- protocol: https
	load_balancer_port: 443
	instance_protocol: http
	instance_port: 80
	ssl_certificate_id: "arn:aws:iam::189142601945:server-certificate/tendo-crt"

	# EC2 Security Groups specific variables
	WEB_SG_NAME: "webserver-sg"
	DATABASE_SG_NAME: "rds-sg"
	SSH_SG_NAME: "ssh-sg"
	ELB_SG_NAME: "elb-sg"

	# Security Groups
	EC2_SECURITY_GROUPS: "{{ SSH_SG + WEB_SG + DATABASE_SG + ELB_SG }}"

	# Secrity Groups info(Name, Description and Rules) for Web, RDS and ELB
	SSH_SG:
	- name: "{{ VPC_NAME }}-{{ SSH_SG_NAME }}"
	description: "This sg is for remote access to instances inside {{ VPC_NAME }} VPC"
	rules:
	- proto: tcp
	from_port: 22
	to_port: 22
	cidr_ip: 0.0.0.0/0

	WEB_SG:
	- name: "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"
	description: "This sg is for web instances inside {{ VPC_NAME }} VPC"
	rules:
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 0.0.0.0/0

	DATABASE_SG:
	- name: "{{ VPC_NAME }}-{{ DATABASE_SG_NAME }}"
	description: "This sg is for rds instances inside {{ VPC_NAME }} VPC"
	rules:
	- proto: tcp
	from_port: 3306
	to_port: 3306
	group_name: "{{ VPC_NAME }}-{{ WEB_SG_NAME }}"

	ELB_SG:
	- name: "{{ VPC_NAME }}-{{ ELB_SG_NAME }}"
	description: "This sg is for ELB inside {{ VPC_NAME }} VPC"
	rules:
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: 0.0.0.0/0