-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetting_cluster.yml
226 lines (187 loc) · 6.56 KB
/
setting_cluster.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
---
- name: create vpc
hosts: localhost
connection: local
gather_facts: False
vars:
vpc_name: "vpc_testing"
vpc_cidr_block: "10.0.0.0/16"
aws_region: "us-east-1"
aws_access_key: "AKIAI2KJFWHZNTQRPDZA"
aws_secret_key: "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"
private_subnet_1_cidr: "10.0.0.0/24"
public_subnet_1_cidr: "10.0.0.0/24"
my_ip: "ip from ssh wants to be done"
# creating the VPC.
# We are using the variables set in the vars.yml file.
# The module gives us back its result,
# which contains information about our new VPC.
# We register it in the variable my_vpc.
tasks:
- name: Create VPC
ec2_vpc_net:
name: "{{ vpc_name }}"
cidr_block: "{{ vpc_cidr_block }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
state: "present"
register: my_vpc
- name: Set VPC ID in variable
set_fact:
vpc_id: "{{ my_vpc.vpc.id }}"
# create the subnets.
# One public, one private.
# Both subnets are located in the same AZ.
# Again, we save their ids in variables.
- name: Create Public Subnet
ec2_vpc_subnet:
state: "present"
vpc_id: "{{ vpc_id }}"
cidr: "{{ public_subnet_1_cidr }}"
az: "{{ aws_region }}a"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
resource_tags:
Name: "Public Subnet"
register: my_public_subnet
- name: Set Public Subnet ID in variable
set_fact:
public_subnet_id: "{{ my_public_subnet.subnet.id }}"
- name: Create Private Subnet
ec2_vpc_subnet:
state: "present"
vpc_id: "{{ vpc_id }}"
cidr: "{{ private_subnet_1_cidr }}"
az: "{{ aws_region }}a"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
resource_tags:
Name: "Private Subnet"
register: my_private_subnet
- name: Set Private Subnet ID in variable
set_fact:
private_subnet_id: "{{ my_private_subnet.subnet.id }}"
# Internet Gateway.
# component allows traffic between the VPC and the outside world.
- name: Create Internet Gateway for VPC
ec2_vpc_igw:
vpc_id: "{{ vpc_id }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
state: "present"
register: my_vpc_igw
- name: Set Internet Gateway ID in variable
set_fact:
igw_id: "{{ my_vpc_igw.gateway_id }}"
# AWS Elastic IP.
# This is the IP address we will attach to the NAT Gatway.
# From that moment, we will own that IP address.
# That means if later we want to use a different service for NAT,
# we will be able to use that IP. Pretty useful.
- name: Setup AWS CLI (1/3)
shell: >
aws configure set aws_access_key_id "{{ aws_access_key }}"
- name: Setup AWS CLI (2/3)
shell: >
aws configure set aws_secret_access_key "{{ aws_secret_key }}"
- name: Setup AWS CLI (3/3)
shell: >
aws configure set region {{ aws_region }}
- name: Create Elastic IP
shell: >
aws ec2 allocate-address --domain vpc --query AllocationId | tr -d '"'
register: eip
- debug: var=eip
- name: Set EIP in variable
set_fact:
my_elastic_ip: "{{ eip.stdout }}"
# create the NAT Gateway.
# As you can see, we attach a NAT Gateway to a public subnet.
# This is where the service will be located.
- name: Create NAT Gateway
shell: >
aws ec2 create-nat-gateway \
--subnet-id {{ public_subnet_id }} \
--allocation-id {{ my_elastic_ip }} \
--query NatGateway.NatGatewayId | tr -d '"'
register: my_nat_gateway
- name: Set Nat Gateway ID in variable
set_fact:
nat_gateway_id: "{{ my_nat_gateway.stdout }}"
# We pause a few seconds for the NAT Gateway to be ready.
- pause: seconds=5
# Route Tables.
# We will have one RT for the public subnet,
# and one for the private subnet.
# You can see that the Route Table for the private subnet
# will redirect default destinations to the NAT Gateway
# and the Route Table for the public subnet will use the
# Internet Gateway.
#
# We don't see it here, but the Route Tables will also contain
# a route for resources inside the VPC, so that if we need
# to reach an internal resource, we don't go to the Internet
# Gateway or the NAT Gateway.
- name: Set up public subnet route table
ec2_vpc_route_table:
vpc_id: "{{ vpc_id }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
tags:
Name: "Public"
subnets:
- "{{ public_subnet_id }}"
routes:
- dest: "0.0.0.0/0"
gateway_id: "{{ igw_id }}"
- name: Set up private subnet route table
ec2_vpc_route_table:
vpc_id: "{{ vpc_id }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
tags:
Name: "Private"
subnets:
- "{{ private_subnet_id }}"
routes:
- dest: "0.0.0.0/0"
gateway_id: "{{ nat_gateway_id }}"
# Finally, let's create the Security Groups.
# We will create two : one to attach to public instances,
# and one to attach to private instances.
- name: Create Main Security Group
ec2_group:
name: "External SSH Access"
description: "External SSH Access"
vpc_id: "{{ vpc_id }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
rules:
- proto: "tcp"
from_port: "22"
to_port: "22"
cidr_ip: "{{ my_ip }}/32"
register: my_main_sg
- name: Set Main SG ID
set_fact:
main_sg_id: "{{ my_main_sg.group_id }}"
- name: Create Private Security Group
ec2_group:
name: "Private Instances SG"
description: "Private Instances SG"
vpc_id: "{{ vpc_id }}"
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
rules:
- proto: "tcp"
from_port: "22"
to_port: "22"
group_id: "{{ main_sg_id }}"