ober/create_vpc

## create_vpc
- name: AWS VPC | Create RSD-MultiTenant VPC
  local_action:
  module: ec2_vpc
  state: present
  cidr_block: "{{ vpc_subnet }}/16"
  resource_tags: { "Environment":"Prod", "Stack":"{{ stack_name }}", "Name": "RSD-MultiTenant" }
  region: us-east-1
  subnets:
    - cidr: "{{ vpc_sub_public }}"
      resource_tags: { "Environment": "Prod", "Stack":"{{ stack_name }}", "Tier": "Public", "Name": "RSD-Mt public" }
  - cidr: "{{ vpc_sub_private }}"
    resource_tags: { "Environment": "Prod", "Stack":"{{ stack_name }}", "Tier": "Private", "Name": "RSD-Mt private" }
    internet_gateway: True
  route_tables:
    - subnets:
    - "{{ vpc_sub_public }}"
  routes:
    - dest: 0.0.0.0/0
      gw: igw
    - subnets:
    - "{{ vpc_sub_private }}"
  routes:
    - dest: 0.0.0.0/0
      gw: igw
      register: vpc


- name: AWS Security Group | Create security group for proxy access
  local_action:
  module: ec2_group
  name: RSD-Mt-Proxy-Access
  description: AWS security group for accessing proxy server
  region: us-east-1
  vpc_id: "{{ vpc.vpc_id }}"
  rules:
    - proto: tcp
      from_port: 22
      to_port: 22
      cidr_ip: 0.0.0.0/0
    - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: 0.0.0.0/0
    - proto: tcp
      from_port: 443
      to_port: 443
      cidr_ip: 0.0.0.0/0
            # Haproxy stats
    - proto: tcp
      from_port: 1872
      to_port: 1872
      cidr_ip: 0.0.0.0/0
      # HTTP/HTTPS proxy setup
    - proto: tcp
      from_port: 8888
      to_port: 8888
      cidr_ip: "{{ vpc_sub_private }}"
      # OpenLdap connections
    - proto: tcp
      from_port: 389
      to_port: 389
      cidr_ip: "{{ vpc_sub_private }}"
      # NTP server port
    - proto: udp
      from_port: 123
      to_port: 123
      cidr_ip: "{{ vpc_sub_private }}"

- name: AWS Security Group | Create security group for machine access
  local_action:
    module: ec2_group
    name: RSD-Mt-Machine-Access
    description: AWS security group for access to normal machines
    region: us-east-1
    vpc_id: "{{ vpc.vpc_id }}"
    rules:
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: 0.0.0.0/0
        # Tomcat admin
      - proto: tcp
        from_port: 8080
        to_port: 8085
        cidr_ip: 0.0.0.0/0
        # Solr admin
      - proto: tcp
        from_port: 8585
        to_port: 8585
        cidr_ip: 0.0.0.0/0
      - proto: tcp
        from_port: 3306
        to_port: 3306
        cidr_ip: 0.0.0.0/0
      - proto: tcp
        from_port: 2181
        to_port: 2181
        cidr_ip: 0.0.0.0/0

# - debug: msg="{{vpc}}"

- name: Register Private subnet id
  local_action: set_fact vpc_private_subnet_id="{{ item.id }}"
  with_items: vpc.subnets
  when: item.resource_tags.Tier == 'Private'

- name: Register Public subnet id
  local_action: set_fact vpc_private_subnet_id="{{ item.id }}"
  with_items: vpc.subnets
  when: item.resource_tags.Tier == 'Public'
  # this will create sec group and vpc subnets
  # and create fact automatically for a given subnet
	- name: AWS VPC \| Create RSD-MultiTenant VPC
	local_action:
	module: ec2_vpc
	state: present
	cidr_block: "{{ vpc_subnet }}/16"
	resource_tags: { "Environment":"Prod", "Stack":"{{ stack_name }}", "Name": "RSD-MultiTenant" }
	region: us-east-1
	subnets:
	- cidr: "{{ vpc_sub_public }}"
	resource_tags: { "Environment": "Prod", "Stack":"{{ stack_name }}", "Tier": "Public", "Name": "RSD-Mt public" }
	- cidr: "{{ vpc_sub_private }}"
	resource_tags: { "Environment": "Prod", "Stack":"{{ stack_name }}", "Tier": "Private", "Name": "RSD-Mt private" }
	internet_gateway: True
	route_tables:
	- subnets:
	- "{{ vpc_sub_public }}"
	routes:
	- dest: 0.0.0.0/0
	gw: igw
	- subnets:
	- "{{ vpc_sub_private }}"
	routes:
	- dest: 0.0.0.0/0
	gw: igw
	register: vpc


	- name: AWS Security Group \| Create security group for proxy access
	local_action:
	module: ec2_group
	name: RSD-Mt-Proxy-Access
	description: AWS security group for accessing proxy server
	region: us-east-1
	vpc_id: "{{ vpc.vpc_id }}"
	rules:
	- proto: tcp
	from_port: 22
	to_port: 22
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 0.0.0.0/0
	# Haproxy stats
	- proto: tcp
	from_port: 1872
	to_port: 1872
	cidr_ip: 0.0.0.0/0
	# HTTP/HTTPS proxy setup
	- proto: tcp
	from_port: 8888
	to_port: 8888
	cidr_ip: "{{ vpc_sub_private }}"
	# OpenLdap connections
	- proto: tcp
	from_port: 389
	to_port: 389
	cidr_ip: "{{ vpc_sub_private }}"
	# NTP server port
	- proto: udp
	from_port: 123
	to_port: 123
	cidr_ip: "{{ vpc_sub_private }}"

	- name: AWS Security Group \| Create security group for machine access
	local_action:
	module: ec2_group
	name: RSD-Mt-Machine-Access
	description: AWS security group for access to normal machines
	region: us-east-1
	vpc_id: "{{ vpc.vpc_id }}"
	rules:
	- proto: tcp
	from_port: 22
	to_port: 22
	cidr_ip: 0.0.0.0/0
	# Tomcat admin
	- proto: tcp
	from_port: 8080
	to_port: 8085
	cidr_ip: 0.0.0.0/0
	# Solr admin
	- proto: tcp
	from_port: 8585
	to_port: 8585
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 3306
	to_port: 3306
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 2181
	to_port: 2181
	cidr_ip: 0.0.0.0/0

	# - debug: msg="{{vpc}}"

	- name: Register Private subnet id
	local_action: set_fact vpc_private_subnet_id="{{ item.id }}"
	with_items: vpc.subnets
	when: item.resource_tags.Tier == 'Private'

	- name: Register Public subnet id
	local_action: set_fact vpc_private_subnet_id="{{ item.id }}"
	with_items: vpc.subnets
	when: item.resource_tags.Tier == 'Public'
	# this will create sec group and vpc subnets
	# and create fact automatically for a given subnet