viper233/win-aws.yml

## win-aws.yml
- hosts: localhost
  gather_facts: no
  vars:
    target_aws_region: us-west-2
    subnet_id: "change_me"
    vpc_id: "change_me"
    allowed_ip: "0.0.0.0/0"

  vars_files:
    - secret.yml

  tasks:
  - name: find current Windows AMI in this region
    ec2_ami_find:
      region: "{{ target_aws_region }}"
      platform: windows
      virtualization_type: hvm
      owner: amazon
      name: Windows_Server-2012-R2_RTM-English-64Bit-Base-*
      no_result_action: fail
      sort: name
      sort_order: descending
    register: found_amis

  - set_fact:
      win_ami_id: "{{ (found_amis.results | first).ami_id  }}"

  - name: ensure security group is present
    ec2_group:
      name: WinRM RDP
      description: Inbound WinRM and RDP
      region: "{{ target_aws_region }}"
      vpc_id: "{{ vpc_id }}"
      rules:
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: "{{ allowed_ip }}"
      - proto: tcp
        from_port: 5986
        to_port: 5986
        cidr_ip: "{{ allowed_ip }}"
      - proto: tcp
        from_port: 3389
        to_port: 3389
        cidr_ip: "{{ allowed_ip }}"
      - proto: tcp
        from_port: 80
        to_port: 80

      rules_egress:
      - proto: -1
        cidr_ip: 0.0.0.0/0
    register: sg_out

  - name: ensure instances are running
    ec2:
      region: "{{ target_aws_region }}"
      image: "{{ win_ami_id }}"
      instance_type: t2.micro
      group_id: "{{ sg_out.group_id }}"
      vpc_subnet_id: "{{ subnet_id }}"
      assign_public_ip: yes
      wait: yes
      wait_timeout: 500
      exact_count: 1
      count_tag:
        Name: stock-win-ami-test
      instance_tags:
        Name: stock-win-ami-test
        Owner: Stephen
      user_data: "{{ lookup('template', 'userdata.txt.j2') }}"
    register: ec2_result

  - name: wait for WinRM to answer on all hosts
    wait_for:
      port: 5986
      host: "{{ item.public_ip }}"
      timeout: 300
    with_items: ec2_result.tagged_instances

  - name: add hosts to groups
    add_host:
      name: "win-temp-{{ item.id }}"
      ansible_ssh_host: "{{ item.public_ip }}"
      groups: win
    changed_when: false
    with_items: ec2_result.tagged_instances

- name: web app setup
  hosts: win
  gather_facts: no
  vars_files: [ "secret.yml" ]
  tasks:
  - name: ensure IIS and ASP.NET are installed
    win_feature:
      name: AS-Web-Support

  - name: ensure application dir exists
    win_file:
      path: c:\inetpub\foo
      state: directory

  - name: ensure default.aspx is present
    win_copy:
      src: default.aspx
      dest: c:\inetpub\foo\default.aspx

  - name: ensure that the foo web application exists
    win_iis_webapplication:
      name: foo
      physical_path: c:\inetpub\foo
      site: Default Web Site

  - name: ensure that application responds properly
    uri:
      url: "http://{{ ansible_ssh_host}}/foo"
      return_content: yes
    register: uri_out
    delegate_to: localhost
    until: uri_out.content | search("Hello from")
    retries: 3

  - debug:
      msg: "web application is available at http://{{ ansible_ssh_host}}/foo"

## win.hosts
[win]

[win:vars]
ansible_connection=winrm
ansible_ssh_port=5986
ansible_ssh_user=Administrator
ansible_ssh_pass={{ win_initial_password }}
ansible_winrm_server_cert_validation=ignore
	- hosts: localhost
	gather_facts: no
	vars:
	target_aws_region: us-west-2
	subnet_id: "change_me"
	vpc_id: "change_me"
	allowed_ip: "0.0.0.0/0"

	vars_files:
	- secret.yml

	tasks:
	- name: find current Windows AMI in this region
	ec2_ami_find:
	region: "{{ target_aws_region }}"
	platform: windows
	virtualization_type: hvm
	owner: amazon
	name: Windows_Server-2012-R2_RTM-English-64Bit-Base-*
	no_result_action: fail
	sort: name
	sort_order: descending
	register: found_amis

	- set_fact:
	win_ami_id: "{{ (found_amis.results \| first).ami_id }}"

	- name: ensure security group is present
	ec2_group:
	name: WinRM RDP
	description: Inbound WinRM and RDP
	region: "{{ target_aws_region }}"
	vpc_id: "{{ vpc_id }}"
	rules:
	- proto: tcp
	from_port: 80
	to_port: 80
	cidr_ip: "{{ allowed_ip }}"
	- proto: tcp
	from_port: 5986
	to_port: 5986
	cidr_ip: "{{ allowed_ip }}"
	- proto: tcp
	from_port: 3389
	to_port: 3389
	cidr_ip: "{{ allowed_ip }}"
	- proto: tcp
	from_port: 80
	to_port: 80

	rules_egress:
	- proto: -1
	cidr_ip: 0.0.0.0/0
	register: sg_out

	- name: ensure instances are running
	ec2:
	region: "{{ target_aws_region }}"
	image: "{{ win_ami_id }}"
	instance_type: t2.micro
	group_id: "{{ sg_out.group_id }}"
	vpc_subnet_id: "{{ subnet_id }}"
	assign_public_ip: yes
	wait: yes
	wait_timeout: 500
	exact_count: 1
	count_tag:
	Name: stock-win-ami-test
	instance_tags:
	Name: stock-win-ami-test
	Owner: Stephen
	user_data: "{{ lookup('template', 'userdata.txt.j2') }}"
	register: ec2_result

	- name: wait for WinRM to answer on all hosts
	wait_for:
	port: 5986
	host: "{{ item.public_ip }}"
	timeout: 300
	with_items: ec2_result.tagged_instances

	- name: add hosts to groups
	add_host:
	name: "win-temp-{{ item.id }}"
	ansible_ssh_host: "{{ item.public_ip }}"
	groups: win
	changed_when: false
	with_items: ec2_result.tagged_instances

	- name: web app setup
	hosts: win
	gather_facts: no
	vars_files: [ "secret.yml" ]
	tasks:
	- name: ensure IIS and ASP.NET are installed
	win_feature:
	name: AS-Web-Support

	- name: ensure application dir exists
	win_file:
	path: c:\inetpub\foo
	state: directory

	- name: ensure default.aspx is present
	win_copy:
	src: default.aspx
	dest: c:\inetpub\foo\default.aspx

	- name: ensure that the foo web application exists
	win_iis_webapplication:
	name: foo
	physical_path: c:\inetpub\foo
	site: Default Web Site

	- name: ensure that application responds properly
	uri:
	url: "http://{{ ansible_ssh_host}}/foo"
	return_content: yes
	register: uri_out
	delegate_to: localhost
	until: uri_out.content \| search("Hello from")
	retries: 3

	- debug:
	msg: "web application is available at http://{{ ansible_ssh_host}}/foo"
	[win]

	[win:vars]
	ansible_connection=winrm
	ansible_ssh_port=5986
	ansible_ssh_user=Administrator
	ansible_ssh_pass={{ win_initial_password }}
	ansible_winrm_server_cert_validation=ignore