-
Notifications
You must be signed in to change notification settings - Fork 17
/
site.maintenance.aws-remove-all.yml
202 lines (191 loc) · 6.9 KB
/
site.maintenance.aws-remove-all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
- hosts: localhost
connection: local
pre_tasks:
- name: Get VPC data
block:
- name: Get VPC data
amazon.aws.ec2_vpc_net_info:
region: "{{ aws_region }}"
filters:
"tag:Project": "{{ mageops_project }}"
"tag:Environment": "{{ mageops_environment }}"
register: _aws_vpc
- name: Set VPC ID
set_fact:
_aws_vpc_id: "{{ _aws_vpc | json_query('vpcs[0].vpc_id')}}"
tasks:
- name: Remove Auto Scaling Groups and App servers
block:
- name: Get Auto Scaling Groups
community.aws.ec2_asg_info:
region: "{{ aws_region }}"
tags: "{{ aws_tags_base }}"
register: _aws_asgs
- name: Set list of ASG to drop
set_fact:
_aws_asgs_to_remove: "{{ _aws_asgs | json_query('results[].{ name: auto_scaling_group_name } ') }}"
- name: Remove ASGs
ec2_asg:
name: "{{ item.name }}"
region: "{{ aws_region }}"
state: absent
with_items: "{{ _aws_asgs_to_remove }}"
when: not dry_run_mode
when: remove_asg
- name: Remove other EC2 Servers
block:
- name: Get list of EC2 instances
ec2_instance_info:
region: "{{ aws_region }}"
filters:
"vpc-id": "{{ _aws_vpc_id }}"
register: _aws_ec2
- name: Set list of EC2 instances to drop
set_fact:
_aws_ec2_to_remove: "{{ _aws_ec2|json_query('instances[].instance_id')}}"
- name: Show instances to terminate
debug:
msg: "{{ _aws_ec2_to_remove }}"
- name: Terminate instances
when: (_aws_ec2_to_remove | length > 0) and not dry_run_mode
amazon.aws.ec2_instance:
instance_ids: "{{ _aws_ec2_to_remove }}"
region: "{{ aws_region }}"
state: absent
wait: yes
when: remove_ec2
- name: Remove RDS
block:
- name: Get list of RDS instances
community.aws.rds_instance_info:
region: "{{ aws_region }}"
register: _rds_instances_info
- name: Set list of rds instances
set_fact:
_aws_rds_instances: "{{ _rds_instances_info.instances }}"
- name: Filter rds instance list by tags
set_fact:
_aws_rds_instances: "{{ _aws_rds_instances | json_query(rds_instances_tag_filter_query) | default([]) }}"
vars:
rds_instances_tag_filter_query: "[?{% for k, v in aws_rds_facts_mysql_tags.items() -%}tags.{{ k }} == '{{ v }}'{% if not loop.last %} && {% endif %}{% endfor %}]"
- name: Warn when more than one instance has been found
debug:
msg: |
Warning! More than one matching rds instance found, using first one.
Found: {{ _aws_rds_instances | map(attribute='db_instance_identifier') | join(', ') }}
when: _aws_rds_instances | length > 1
- name: Set facts about project's rds instance
set_fact:
aws_rds_instance_id: "{{ (_aws_rds_instances | first).db_instance_identifier }}"
when: _aws_rds_instances | length > 0
- name: Terminate RDS instance
when: _aws_rds_instance_id == aws_rds_instance_name and not dry_run_mode
rds:
command: delete
instance_name: "{{ aws_rds_instance_name }}"
# snapshot: "{{ aws_rds_instance_name }}-snapshot"
when: remove_rds
- name: Remove Volumes
# Currently not working. There seems to be a bug in Ansible and tags are required
# We do not set tags for volumes
block:
- name: Get list of Volumes
ec2_vol_facts:
region: "{{ aws_region }}"
filters:
"status": "available"
# "tag:Environment": "{{ mageops_environment }}"
register: _aws_fact
- debug:
var: _aws_fact
when: remove_vol
- name: Remove EFS
block:
- name: Get list of EFS drives
efs_facts:
region: "{{ aws_region }}"
tags: "{{ aws_tags_base }}"
register: _aws_fact
- name: Set list of EFS instances to drop
set_fact:
_aws_efs_to_remove: "{{ _aws_fact | json_query('ansible_facts.efs[].file_system_id')}}"
- name: Remove EFS
efs:
id: "{{ item }}"
region: "{{ aws_region }}"
state: absent
with_items: "{{ _aws_efs_to_remove }}"
when: not dry_run_mode
when: remove_efs
- name: Remove Lambdas
block:
- name: Remove Lambdas
lambda:
name: "{{ item }}"
state: absent
region: "{{ aws_region }}"
with_items:
- "handleAutoscalingEvent-{{ mageops_app_name }}"
- "updateVarnishBackends-{{ mageops_app_name }}"
- "handleNodeCoordinatorAutoscalingEvent-{{ mageops_app_name }}"
- "handleVarnishAutoscalingEvent-{{ mageops_app_name }}"
when: not dry_run_mode
when: remove_lambda
- name: Remove Security Groups
block:
- name: Get list of Security Groups for VPC
amazon.aws.ec2_group_info:
region: "{{ aws_region }}"
filters:
"vpc-id": "{{ _aws_vpc_id }}"
register: _aws_fact
- name: Set list of Security Groups to drop
set_fact:
_aws_groups_to_remove: "{{ _aws_fact | json_query(query)}}"
vars:
query: "security_groups[?group_name!='default'].{id: group_id, name: group_name}"
- name: Drop rules from SG (removes circular dependencies)
ec2_group:
region: "{{ aws_region }}"
state: present
rules: []
purge_rules: yes
name: "{{ item.name }}"
description: "To be removed"
with_items: "{{ _aws_groups_to_remove }}"
when: not dry_run_mode
- name: Drop Security Groups
ec2_group:
region: "{{ aws_region }}"
state: absent
name: "{{ item.name }}"
with_items: "{{ _aws_groups_to_remove }}"
ignore_errors: true
when: not dry_run_mode
when: remove_sg
- name: Remove S3 Buckets
block:
- name: Remove S3 bucket
s3_bucket:
state: absent
region: "{{ aws_region }}"
name: "{{ item }}"
force: yes
with_items:
- "{{ aws_s3_media_bucket }}"
- "{{ aws_s3_secret_bucket }}"
when: remove_s3 and not dry_run_mode
roles:
- role: cs.aws-ec2-cleanup
aws_ec2_cleanup_lt_to_keep: 0
when: remove_asg and not dry_run_mode
vars:
remove_asg: yes
remove_ec2: yes
remove_rds: yes
remove_efs: yes
remove_lambda: yes
remove_sg: yes
remove_vol: yes
remove_s3: no
dry_run_mode : no