bastionのインスタンスのサンプル

main.yml

---

#################### gather fact about subnet
- name: gather a fact about subnet
  ec2_vpc_subnet_facts:
    region: '{{ vpc_region }}'
    filters:
      'tag:Name': '{{ site_name }}-{{ stage }}-bastion'
      'tag:env': '{{ stage }}'
      'tag:Tier': bastion
  register: reg_vpc_subnet_bastion

- name: get subnet.id
  set_fact:
    reg_vpc_subnet_group_id: '{{ reg_vpc_subnet_bastion.subnets[0].id }}'


#################### launch ec2 instance
- name: get bastion users
  set_fact:
    reg_bastion_users: '{{ bastion_users | join(" ") }}'

- name: launch ec2 instance
  ec2:
    region: '{{ vpc_region }}'
    instance_type: '{{ ec2_instance_type }}'
    image: '{{ ec2_image }}'
    vpc_subnet_id: '{{ reg_vpc_subnet_group_id }}'
    group:
      - bastion
    assign_public_ip: yes
    count: 1
    instance_tags:
      Name: '{{ site_name }}-{{ stage }}-bastion-{{ ansible_date_time.date | regex_replace("-", "") }}'
      env: '{{ stage }}'
      role: bastion
    user_data: |
      #!/bin/bash
      sudo apt-get install -y whois
      for u in {{ reg_bastion_users }}
      do
      useradd -m $u -s /bin/bash -p `echo {{ bastion_user_default_password }} | mkpasswd -s -m sha-512`
      chage -d 0 $u
      mkdir /home/$u/.ssh
      curl https://github.com/$u.keys > /home/$u/.ssh/authorized_keys
      chown -R $u:$u /home/$u/.ssh
      chmod 700 /home/$u/.ssh
      chmod 600 /home/$u/.ssh/authorized_keys
      gpasswd -a $u sudo
      done