From fa4b06405c0ed3f086b38b0b3e97b66369fc718e Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 18 Nov 2024 15:47:15 -0800 Subject: [PATCH 01/39] add initial functionality to create instance from basic parameters --- roles/ec2_create_instance/README.md | 72 +++++++++++++++++++ roles/ec2_create_instance/defaults/main.yml | 1 + .../meta/argument_specs.yml | 51 +++++++++++++ roles/ec2_create_instance/meta/main.yml | 3 + roles/ec2_create_instance/tasks/main.yml | 24 +++++++ 5 files changed, 151 insertions(+) create mode 100644 roles/ec2_create_instance/README.md create mode 100644 roles/ec2_create_instance/defaults/main.yml create mode 100644 roles/ec2_create_instance/meta/argument_specs.yml create mode 100644 roles/ec2_create_instance/meta/main.yml create mode 100644 roles/ec2_create_instance/tasks/main.yml diff --git a/roles/ec2_create_instance/README.md b/roles/ec2_create_instance/README.md new file mode 100644 index 00000000..ae591471 --- /dev/null +++ b/roles/ec2_create_instance/README.md @@ -0,0 +1,72 @@ +# ec2_create_instance + +A role to create an EC2 instance in AWS. + +Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. + +This role also supports the creation of optional networking resources, such as a VPC, subnet, security group, and Elastic IP. You can choose to wait for the EC2 instance to finish booting before continuing. + +## Specify the following values in role vars + +### Role Variables +-------------- + +* **ec2_create_instance_aws_region**: (Required) + The AWS region in which to create the EC2 instance. + +* **ec2_create_instance_instance_name**: (Required) + The name of the EC2 instance to be created. + +* **ec2_create_instance_instance_type**: (Required) + The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). + +* **ec2_create_instance_ami_id**: (Required) + The AMI ID for the EC2 instance. + +* **ec2_create_instance_key_name**: (Required) + The name of the key pair to use for SSH access to the EC2 instance. + +* **ec2_create_instance_vpc_subnet_id**: (Required) + The ID of the VPC subnet in which the instance will be launched. + +* **ec2_create_instance_tags**: (Required) + A dictionary of tags to assign to the EC2 instance. Default is an empty dictionary (`{}`). + +* **ec2_create_instance_wait_for_boot**: (Optional) + Whether to wait for the EC2 instance to be in the "running" state before continuing. Default is `true`. + +Dependencies +------------ + +- role: [aws_setup_credentials](../aws_setup_credentials/README.md) + +## Example: +``` +--- +- name: Playbook for creating ec2 instances using cloud.aws_ops.ec2_create_instance role + hosts: localhost + gather_facts: false + roles: + - role: cloud.aws_ops.ec2_create_instance + vars: + ec2_create_instance_aws_region: us-west-2 + ec2_create_instance_instance_name: my-test-instance + ec2_create_instance_instance_type: t2.micro + ec2_create_instance_ami_id: ami-066a7fbaa12345678 + ec2_create_instance_vpc_subnet_id: subnet-071443aa123456789 + ec2_create_instance_tags: + Environment: Testing + ec2_create_instance_wait_for_boot: true +``` + +License +------- + +GNU General Public License v3.0 or later + +See [LICENSE](../../LICENSE) to see the full text. + +Author Information +------------------ + +- Ansible Cloud Content Team diff --git a/roles/ec2_create_instance/defaults/main.yml b/roles/ec2_create_instance/defaults/main.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/ec2_create_instance/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/ec2_create_instance/meta/argument_specs.yml b/roles/ec2_create_instance/meta/argument_specs.yml new file mode 100644 index 00000000..d1e8d4b4 --- /dev/null +++ b/roles/ec2_create_instance/meta/argument_specs.yml @@ -0,0 +1,51 @@ +--- +argument_specs: + main: + short_description: A role to create an EC2 instance with optional networking resources. + description: + - A role to create an EC2 instance. + - Optionally can create a VPC, subnet, security group, and Elastic IP. + - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, etc. + options: + ec2_create_instance_aws_region: + description: + - The AWS region in which to create the EC2 instance. + required: true + type: str + ec2_create_instance_instance_name: + description: + - The name of the EC2 instance to be created. + required: true + type: str + ec2_create_instance_instance_type: + description: + - The instance type for the EC2 instance. + required: true + type: str + ec2_create_instance_ami_id: + description: + - The AMI ID for the EC2 instance. + required: true + type: str + ec2_create_instance_key_name: + description: + - The name of the key pair to use for SSH access to the EC2 instance. + required: true + type: str + ec2_create_instance_vpc_subnet_id: + description: + - The ID of the VPC subnet in which the instance will be launched. + required: true + type: str + ec2_create_instance_tags: + description: + - A dictionary of tags to assign to the EC2 instance. + required: true + default: {} + type: dict + ec2_create_instance_wait_for_boot: + description: + - Whether to wait for the instance to be in the running state before continuing. + required: false + default: true + type: bool \ No newline at end of file diff --git a/roles/ec2_create_instance/meta/main.yml b/roles/ec2_create_instance/meta/main.yml new file mode 100644 index 00000000..e8b3ab42 --- /dev/null +++ b/roles/ec2_create_instance/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: cloud.aws_ops.aws_setup_credentials diff --git a/roles/ec2_create_instance/tasks/main.yml b/roles/ec2_create_instance/tasks/main.yml new file mode 100644 index 00000000..53c6fa60 --- /dev/null +++ b/roles/ec2_create_instance/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Run 'ec2_create_instance' role + module_defaults: + group/aws: "{{ aws_setup_credentials__output }}" + + block: + - name: Ensure the EC2 instance is created + amazon.aws.ec2_instance: + region: "{{ ec2_create_instance_aws_region }}" + name: "{{ ec2_create_instance_instance_name }}" + instance_type: "{{ ec2_create_instance_instance_type }}" + image_id: "{{ ec2_create_instance_ami_id }}" + key_name: "{{ ec2_create_instance_key_name }}" + vpc_subnet_id: "{{ ec2_create_instance_vpc_subnet_id }}" + tags: "{{ ec2_create_instance_tags }}" + wait: "{{ ec2_create_instance_wait_for_boot }}" + register: ec2_instance + + - name: Print EC2 instance details + debug: + msg: + - "EC2 Instance {{ ec2_instance.instances[0].instance_id }} created successfully" + - "Instance Details: " + - "{{ ec2_instance.instances[0] }}" \ No newline at end of file From 207bde0333e0dc390a4fac2273d9cb0c092bb086 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 18 Nov 2024 16:23:14 -0800 Subject: [PATCH 02/39] add functionality to associate EIP to instance --- roles/ec2_create_instance/README.md | 8 +++++-- roles/ec2_create_instance/defaults/main.yml | 1 + .../meta/argument_specs.yml | 3 +-- roles/ec2_create_instance/tasks/main.yml | 24 +++++++++++++++---- 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/roles/ec2_create_instance/README.md b/roles/ec2_create_instance/README.md index ae591471..3da356bf 100644 --- a/roles/ec2_create_instance/README.md +++ b/roles/ec2_create_instance/README.md @@ -29,12 +29,16 @@ This role also supports the creation of optional networking resources, such as a * **ec2_create_instance_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. -* **ec2_create_instance_tags**: (Required) - A dictionary of tags to assign to the EC2 instance. Default is an empty dictionary (`{}`). +* **ec2_create_instance_tags**: (Optional) + A dictionary of tags to assign to the EC2 instance. * **ec2_create_instance_wait_for_boot**: (Optional) Whether to wait for the EC2 instance to be in the "running" state before continuing. Default is `true`. +* **ec2_create_instance_associate_eip**: (Optional) + Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. + + Dependencies ------------ diff --git a/roles/ec2_create_instance/defaults/main.yml b/roles/ec2_create_instance/defaults/main.yml index ed97d539..45c036cc 100644 --- a/roles/ec2_create_instance/defaults/main.yml +++ b/roles/ec2_create_instance/defaults/main.yml @@ -1 +1,2 @@ --- +ec2_create_instance_associate_eip: false diff --git a/roles/ec2_create_instance/meta/argument_specs.yml b/roles/ec2_create_instance/meta/argument_specs.yml index d1e8d4b4..49a59cab 100644 --- a/roles/ec2_create_instance/meta/argument_specs.yml +++ b/roles/ec2_create_instance/meta/argument_specs.yml @@ -40,8 +40,7 @@ argument_specs: ec2_create_instance_tags: description: - A dictionary of tags to assign to the EC2 instance. - required: true - default: {} + required: false type: dict ec2_create_instance_wait_for_boot: description: diff --git a/roles/ec2_create_instance/tasks/main.yml b/roles/ec2_create_instance/tasks/main.yml index 53c6fa60..6ced5c59 100644 --- a/roles/ec2_create_instance/tasks/main.yml +++ b/roles/ec2_create_instance/tasks/main.yml @@ -12,13 +12,29 @@ image_id: "{{ ec2_create_instance_ami_id }}" key_name: "{{ ec2_create_instance_key_name }}" vpc_subnet_id: "{{ ec2_create_instance_vpc_subnet_id }}" - tags: "{{ ec2_create_instance_tags }}" + tags: "{{ ec2_create_instance_tags | default(omit) }}" wait: "{{ ec2_create_instance_wait_for_boot }}" register: ec2_instance + - name: Create and associate Elastic IP to instance + when: ec2_create_instance_associate_eip is true + block: + - name: Attach EIP to an EC2 instance + amazon.aws.ec2_eip: + device_id: "{{ ec2_instance.instance_ids[0] }}" + state: present + release_on_disassociation: true + tags: "{{ ec2_create_instance_tags | default(omit) }}" + register: instance_eip + + - name: Print EIP details + debug: + msg: + - "Elastic IP {{instance_eip.public_ip}} created and associated with the EC2 instance {{ ec2_instance.instance_ids[0] }}" + - "Details: {{ instance_eip }}" + - name: Print EC2 instance details debug: msg: - - "EC2 Instance {{ ec2_instance.instances[0].instance_id }} created successfully" - - "Instance Details: " - - "{{ ec2_instance.instances[0] }}" \ No newline at end of file + - "EC2 Instance {{ ec2_instance.instance_ids[0] }} created successfully" + - "Instance Details: {{ ec2_instance.instances[0] }}" From 683bcb9e7cd14fcc77d9942780d952c167bd64e0 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 18 Nov 2024 16:29:20 -0800 Subject: [PATCH 03/39] rename role, ansible-lint fixes --- roles/ec2_create_instance/defaults/main.yml | 2 - roles/ec2_create_instance/tasks/main.yml | 40 ------------------- .../README.md | 38 +++++++++--------- roles/ec2_instance_create/defaults/main.yml | 2 + .../meta/argument_specs.yml | 18 ++++----- .../meta/main.yml | 0 roles/ec2_instance_create/tasks/main.yml | 40 +++++++++++++++++++ 7 files changed, 70 insertions(+), 70 deletions(-) delete mode 100644 roles/ec2_create_instance/defaults/main.yml delete mode 100644 roles/ec2_create_instance/tasks/main.yml rename roles/{ec2_create_instance => ec2_instance_create}/README.md (62%) create mode 100644 roles/ec2_instance_create/defaults/main.yml rename roles/{ec2_create_instance => ec2_instance_create}/meta/argument_specs.yml (81%) rename roles/{ec2_create_instance => ec2_instance_create}/meta/main.yml (100%) create mode 100644 roles/ec2_instance_create/tasks/main.yml diff --git a/roles/ec2_create_instance/defaults/main.yml b/roles/ec2_create_instance/defaults/main.yml deleted file mode 100644 index 45c036cc..00000000 --- a/roles/ec2_create_instance/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ec2_create_instance_associate_eip: false diff --git a/roles/ec2_create_instance/tasks/main.yml b/roles/ec2_create_instance/tasks/main.yml deleted file mode 100644 index 6ced5c59..00000000 --- a/roles/ec2_create_instance/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Run 'ec2_create_instance' role - module_defaults: - group/aws: "{{ aws_setup_credentials__output }}" - - block: - - name: Ensure the EC2 instance is created - amazon.aws.ec2_instance: - region: "{{ ec2_create_instance_aws_region }}" - name: "{{ ec2_create_instance_instance_name }}" - instance_type: "{{ ec2_create_instance_instance_type }}" - image_id: "{{ ec2_create_instance_ami_id }}" - key_name: "{{ ec2_create_instance_key_name }}" - vpc_subnet_id: "{{ ec2_create_instance_vpc_subnet_id }}" - tags: "{{ ec2_create_instance_tags | default(omit) }}" - wait: "{{ ec2_create_instance_wait_for_boot }}" - register: ec2_instance - - - name: Create and associate Elastic IP to instance - when: ec2_create_instance_associate_eip is true - block: - - name: Attach EIP to an EC2 instance - amazon.aws.ec2_eip: - device_id: "{{ ec2_instance.instance_ids[0] }}" - state: present - release_on_disassociation: true - tags: "{{ ec2_create_instance_tags | default(omit) }}" - register: instance_eip - - - name: Print EIP details - debug: - msg: - - "Elastic IP {{instance_eip.public_ip}} created and associated with the EC2 instance {{ ec2_instance.instance_ids[0] }}" - - "Details: {{ instance_eip }}" - - - name: Print EC2 instance details - debug: - msg: - - "EC2 Instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance Details: {{ ec2_instance.instances[0] }}" diff --git a/roles/ec2_create_instance/README.md b/roles/ec2_instance_create/README.md similarity index 62% rename from roles/ec2_create_instance/README.md rename to roles/ec2_instance_create/README.md index 3da356bf..68570946 100644 --- a/roles/ec2_create_instance/README.md +++ b/roles/ec2_instance_create/README.md @@ -1,4 +1,4 @@ -# ec2_create_instance +# ec2_instance_create A role to create an EC2 instance in AWS. @@ -11,31 +11,31 @@ This role also supports the creation of optional networking resources, such as a ### Role Variables -------------- -* **ec2_create_instance_aws_region**: (Required) +* **ec2_instance_create_aws_region**: (Required) The AWS region in which to create the EC2 instance. -* **ec2_create_instance_instance_name**: (Required) +* **ec2_instance_create_instance_name**: (Required) The name of the EC2 instance to be created. -* **ec2_create_instance_instance_type**: (Required) +* **ec2_instance_create_instance_type**: (Required) The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). -* **ec2_create_instance_ami_id**: (Required) +* **ec2_instance_create_ami_id**: (Required) The AMI ID for the EC2 instance. -* **ec2_create_instance_key_name**: (Required) +* **ec2_instance_create_key_name**: (Required) The name of the key pair to use for SSH access to the EC2 instance. -* **ec2_create_instance_vpc_subnet_id**: (Required) +* **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. -* **ec2_create_instance_tags**: (Optional) +* **ec2_instance_create_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. -* **ec2_create_instance_wait_for_boot**: (Optional) +* **ec2_instance_create_wait_for_boot**: (Optional) Whether to wait for the EC2 instance to be in the "running" state before continuing. Default is `true`. -* **ec2_create_instance_associate_eip**: (Optional) +* **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. @@ -47,20 +47,20 @@ Dependencies ## Example: ``` --- -- name: Playbook for creating ec2 instances using cloud.aws_ops.ec2_create_instance role +- name: Playbook for creating ec2 instances using cloud.aws_ops.ec2_instance_create role hosts: localhost gather_facts: false roles: - - role: cloud.aws_ops.ec2_create_instance + - role: cloud.aws_ops.ec2_instance_create vars: - ec2_create_instance_aws_region: us-west-2 - ec2_create_instance_instance_name: my-test-instance - ec2_create_instance_instance_type: t2.micro - ec2_create_instance_ami_id: ami-066a7fbaa12345678 - ec2_create_instance_vpc_subnet_id: subnet-071443aa123456789 - ec2_create_instance_tags: + ec2_instance_create_aws_region: us-west-2 + ec2_instance_create_instance_name: my-test-instance + ec2_instance_create_instance_type: t2.micro + ec2_instance_create_ami_id: ami-066a7fbaa12345678 + ec2_instance_create_vpc_subnet_id: subnet-071443aa123456789 + ec2_instance_create_tags: Environment: Testing - ec2_create_instance_wait_for_boot: true + ec2_instance_create_wait_for_boot: true ``` License diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml new file mode 100644 index 00000000..2beb3ab6 --- /dev/null +++ b/roles/ec2_instance_create/defaults/main.yml @@ -0,0 +1,2 @@ +--- +ec2_instance_create_associate_eip: false diff --git a/roles/ec2_create_instance/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml similarity index 81% rename from roles/ec2_create_instance/meta/argument_specs.yml rename to roles/ec2_instance_create/meta/argument_specs.yml index 49a59cab..6c4f59b5 100644 --- a/roles/ec2_create_instance/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -7,44 +7,44 @@ argument_specs: - Optionally can create a VPC, subnet, security group, and Elastic IP. - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, etc. options: - ec2_create_instance_aws_region: + ec2_instance_create_aws_region: description: - The AWS region in which to create the EC2 instance. required: true type: str - ec2_create_instance_instance_name: + ec2_instance_create_instance_name: description: - The name of the EC2 instance to be created. required: true type: str - ec2_create_instance_instance_type: + ec2_instance_create_instance_type: description: - The instance type for the EC2 instance. required: true type: str - ec2_create_instance_ami_id: + ec2_instance_create_ami_id: description: - The AMI ID for the EC2 instance. required: true type: str - ec2_create_instance_key_name: + ec2_instance_create_key_name: description: - The name of the key pair to use for SSH access to the EC2 instance. required: true type: str - ec2_create_instance_vpc_subnet_id: + ec2_instance_create_vpc_subnet_id: description: - The ID of the VPC subnet in which the instance will be launched. required: true type: str - ec2_create_instance_tags: + ec2_instance_create_tags: description: - A dictionary of tags to assign to the EC2 instance. required: false type: dict - ec2_create_instance_wait_for_boot: + ec2_instance_create_wait_for_boot: description: - Whether to wait for the instance to be in the running state before continuing. required: false default: true - type: bool \ No newline at end of file + type: bool diff --git a/roles/ec2_create_instance/meta/main.yml b/roles/ec2_instance_create/meta/main.yml similarity index 100% rename from roles/ec2_create_instance/meta/main.yml rename to roles/ec2_instance_create/meta/main.yml diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml new file mode 100644 index 00000000..25aae2f4 --- /dev/null +++ b/roles/ec2_instance_create/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Run 'ec2_instance_create' role + module_defaults: + group/aws: "{{ aws_setup_credentials__output }}" + + block: + - name: Ensure the EC2 instance is created + amazon.aws.ec2_instance: + region: "{{ ec2_instance_create_aws_region }}" + name: "{{ ec2_instance_create_instance_name }}" + instance_type: "{{ ec2_instance_create_instance_type }}" + image_id: "{{ ec2_instance_create_ami_id }}" + key_name: "{{ ec2_instance_create_key_name }}" + vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + tags: "{{ ec2_instance_create_tags | default(omit) }}" + wait: "{{ ec2_instance_create_wait_for_boot }}" + register: ec2_instance + + - name: Create and associate Elastic IP to instance + when: ec2_instance_create_associate_eip is true + block: + - name: Attach EIP to an EC2 instance + amazon.aws.ec2_eip: + device_id: "{{ ec2_instance.instance_ids[0] }}" + state: present + release_on_disassociation: true + tags: "{{ ec2_instance_create_tags | default(omit) }}" + register: instance_eip + + - name: Print EIP details + ansible.builtin.debug: + msg: + - "Elastic IP {{ instance_eip.public_ip }} created and associated with the EC2 instance {{ ec2_instance.instance_ids[0] }}" + - "Details: {{ instance_eip }}" + + - name: Print EC2 instance details + ansible.builtin.debug: + msg: + - "EC2 Instance {{ ec2_instance.instance_ids[0] }} created successfully" + - "Instance Details: {{ ec2_instance.instances[0] }}" From 700a3d5d013093d371b8582e078aebcafb5bf3d6 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Tue, 19 Nov 2024 16:03:22 -0800 Subject: [PATCH 04/39] add functionality to create and associate sg --- roles/ec2_instance_create/README.md | 60 +++++++++++++++---- .../meta/argument_specs.yml | 53 +++++++++++++++- roles/ec2_instance_create/tasks/main.yml | 47 ++++++++++++--- 3 files changed, 138 insertions(+), 22 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 68570946..b816604e 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -4,12 +4,13 @@ A role to create an EC2 instance in AWS. Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. -This role also supports the creation of optional networking resources, such as a VPC, subnet, security group, and Elastic IP. You can choose to wait for the EC2 instance to finish booting before continuing. +This role also supports the creation of optional networking resources, such as a security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. -## Specify the following values in role vars +## Role Variables -### Role Variables --------------- +The following variables can be set in the role to customize EC2 instance creation and networking configurations: + +### EC2 Instance Configuration * **ec2_instance_create_aws_region**: (Required) The AWS region in which to create the EC2 instance. @@ -35,19 +36,40 @@ This role also supports the creation of optional networking resources, such as a * **ec2_instance_create_wait_for_boot**: (Optional) Whether to wait for the EC2 instance to be in the "running" state before continuing. Default is `true`. +### Optional Networking Resources + * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. +* **ec2_instance_create_associate_sg**: (Optional) + Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. + If set to `true`, a security group will be created or associated with the instance. + +* **ec2_instance_create_sg_name**: (Optional) + The name of the security group to create. Default is `default-external-sg`. + +* **ec2_instance_create_sg_description**: (Optional) + A description for the security group. Default is `Security group for external access`. + +* **ec2_instance_create_sg_ssh_port**: (Optional) + The SSH port to open in the security group. Default is `22`. -Dependencies ------------- +* **ec2_instance_create_sg_http_port**: (Optional) + The HTTP port to open in the security group. Default is `80`. -- role: [aws_setup_credentials](../aws_setup_credentials/README.md) +* **ec2_instance_create_sg_https_port**: (Optional) + The HTTPS port to open in the security group. Default is `443`. -## Example: -``` +* **ec2_instance_create_sg_tags**: (Optional) + Tags to assign to the security group. + +### Example: + +Here’s an example of how to use the role in a playbook. + +```yaml --- -- name: Playbook for creating ec2 instances using cloud.aws_ops.ec2_instance_create role +- name: Playbook for creating EC2 instance using cloud.aws_ops.ec2_instance_create role hosts: localhost gather_facts: false roles: @@ -59,9 +81,25 @@ Dependencies ec2_instance_create_ami_id: ami-066a7fbaa12345678 ec2_instance_create_vpc_subnet_id: subnet-071443aa123456789 ec2_instance_create_tags: + Component: my-test-instance Environment: Testing ec2_instance_create_wait_for_boot: true -``` + # Optionally, enable security group creation + ec2_instance_create_associate_sg: true + ec2_instance_create_sg_name: my-custom-sg + ec2_instance_create_sg_description: Security group for my custom access + ec2_instance_create_sg_ssh_port: 22 + ec2_instance_create_sg_http_port: 80 + ec2_instance_create_sg_https_port: 443 + ec2_instance_create_sg_tags: + Component: my-custom-sg + Environment: Testing + # Optionally, enable Elastic IP association + ec2_instance_create_associate_eip: true + ec2_instance_create_eip_release_on_disassociation: true + ec2_instance_create_eip_tags: + Component: my-test-eip + Environment: Testing License ------- diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 6c4f59b5..fedb7690 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -4,8 +4,8 @@ argument_specs: short_description: A role to create an EC2 instance with optional networking resources. description: - A role to create an EC2 instance. - - Optionally can create a VPC, subnet, security group, and Elastic IP. - - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, etc. + - Optionally can create a security group and associate an Elastic IP with the instance. + - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. options: ec2_instance_create_aws_region: description: @@ -44,7 +44,54 @@ argument_specs: type: dict ec2_instance_create_wait_for_boot: description: - - Whether to wait for the instance to be in the running state before continuing. + - Whether to wait for the EC2 instance to be in the running state before continuing. required: false default: true type: bool + ec2_instance_create_associate_eip: + description: + - Whether to create and associate an Elastic IP (EIP) with the EC2 instance. + required: false + default: false + type: bool + ec2_instance_create_associate_sg: + description: + - Whether to create and associate a security group for external access. + required: false + default: false + type: bool + ec2_instance_create_sg_name: + description: + - The name of the security group to create. + required: false + default: "default-external-sg" + type: str + ec2_instance_create_sg_description: + description: + - A description of the security group. + required: false + default: "Security group for external access" + type: str + ec2_instance_create_sg_ssh_port: + description: + - The SSH port to open in the security group. + required: false + default: 22 + type: int + ec2_instance_create_sg_http_port: + description: + - The HTTP port to open in the security group. + required: false + default: 80 + type: int + ec2_instance_create_sg_https_port: + description: + - The HTTPS port to open in the security group. + required: false + default: 443 + type: int + ec2_instance_create_sg_tags: + description: + - Tags to assign to the security group. + required: false + type: dict diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 25aae2f4..db79967e 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -4,7 +4,7 @@ group/aws: "{{ aws_setup_credentials__output }}" block: - - name: Ensure the EC2 instance is created + - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: region: "{{ ec2_instance_create_aws_region }}" name: "{{ ec2_instance_create_instance_name }}" @@ -16,10 +16,41 @@ wait: "{{ ec2_instance_create_wait_for_boot }}" register: ec2_instance - - name: Create and associate Elastic IP to instance + - name: Create security group if enabled + when: ec2_instance_create_associate_sg is true + block: + - name: Define security group with access rules + amazon.aws.ec2_group: + name: "{{ ec2_instance_create_sg_name | default('default-external-sg') }}" + description: "{{ ec2_instance_create_sg_description | default('Security group for external access') }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + rules: + - proto: tcp + ports: + - "{{ ec2_instance_create_sg_ssh_port | default(22) }}" + cidr_ip: "0.0.0.0/0" + - proto: tcp + ports: + - "{{ ec2_instance_create_sg_http_port | default(80) }}" + cidr_ip: "0.0.0.0/0" + - proto: tcp + ports: + - "{{ ec2_instance_create_sg_https_port | default(443) }}" + cidr_ip: "0.0.0.0/0" + tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" + + - name: Associate security group with EC2 instance + amazon.aws.ec2_instance: + instance_ids: + - "{{ ec2_instance.instance_ids[0] }}" + security_groups: + - "{{ ec2_instance_create_sg_name | default('default-external-sg') }}" + register: ec2_instance_associate_sg + + - name: Create and associate Elastic IP if enabled when: ec2_instance_create_associate_eip is true block: - - name: Attach EIP to an EC2 instance + - name: Allocate and associate Elastic IP amazon.aws.ec2_eip: device_id: "{{ ec2_instance.instance_ids[0] }}" state: present @@ -27,14 +58,14 @@ tags: "{{ ec2_instance_create_tags | default(omit) }}" register: instance_eip - - name: Print EIP details + - name: Output details of associated Elastic IP ansible.builtin.debug: msg: - - "Elastic IP {{ instance_eip.public_ip }} created and associated with the EC2 instance {{ ec2_instance.instance_ids[0] }}" + - "Elastic IP {{ instance_eip.public_ip }} created and associated with EC2 instance {{ ec2_instance.instance_ids[0] }}" - "Details: {{ instance_eip }}" - - name: Print EC2 instance details + - name: Output details of the created EC2 instance ansible.builtin.debug: msg: - - "EC2 Instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance Details: {{ ec2_instance.instances[0] }}" + - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" + - "Instance details: {{ ec2_instance.instances[0] }}" From 1089e6cf10b1835ffe81dc60dbc136d8f08ac456 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Tue, 19 Nov 2024 16:19:26 -0800 Subject: [PATCH 05/39] add functionality to create attach igw --- roles/ec2_instance_create/tasks/main.yml | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index db79967e..da4a97e8 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -64,6 +64,32 @@ - "Elastic IP {{ instance_eip.public_ip }} created and associated with EC2 instance {{ ec2_instance.instance_ids[0] }}" - "Details: {{ instance_eip }}" + - name: Create and Attach Internet Gateway if required + when: ec2_instance_create_associate_igw is true + block: + - name: Create an Internet Gateway + amazon.aws.ec2_internet_gateway: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + state: present + register: internet_gateway + + - name: Attach Internet Gateway to VPC + amazon.aws.ec2_internet_gateway: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + internet_gateway_id: "{{ internet_gateway.id }}" + state: attached + + - name: Modify the route table to route internet traffic to Internet Gateway + amazon.aws.ec2_vpc_route_table: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + routes: + - dest: "0.0.0.0/0" + gateway_id: "{{ internet_gateway.id }}" + state: present + - name: Output details of the created EC2 instance ansible.builtin.debug: msg: From ff7ae4c57fc1bf8333ed7b462006c03c80fa0368 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Tue, 19 Nov 2024 16:24:11 -0800 Subject: [PATCH 06/39] update readme and arg spec --- roles/ec2_instance_create/README.md | 4 ++++ roles/ec2_instance_create/meta/argument_specs.yml | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index b816604e..a483411b 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -41,6 +41,10 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. +* **ec2_instance_create_associate_igw**: (Optional) + Whether to create and associate a internet gateway with the EC2 instance. Default is `false`. + If set to `true`, a internet gateway will be created or associated with the instance. + * **ec2_instance_create_associate_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. If set to `true`, a security group will be created or associated with the instance. diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index fedb7690..9d60752d 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -95,3 +95,9 @@ argument_specs: - Tags to assign to the security group. required: false type: dict + ec2_instance_create_associate_igw: + description: + - Whether to create and associate a internal gateway. + required: false + default: false + type: bool From 0ac2b465aea4f44f92d0f46e8dfada997b3983eb Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 15:32:18 -0800 Subject: [PATCH 07/39] modified based on feedback --- roles/ec2_instance_create/README.md | 27 +++++++------------ roles/ec2_instance_create/defaults/main.yml | 6 +++++ .../meta/argument_specs.yml | 20 +++----------- roles/ec2_instance_create/tasks/main.yml | 20 +++++--------- 4 files changed, 25 insertions(+), 48 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index a483411b..f77acb6b 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -45,24 +45,18 @@ The following variables can be set in the role to customize EC2 instance creatio Whether to create and associate a internet gateway with the EC2 instance. Default is `false`. If set to `true`, a internet gateway will be created or associated with the instance. -* **ec2_instance_create_associate_sg**: (Optional) +* **ec2_instance_create_associate_external_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. If set to `true`, a security group will be created or associated with the instance. -* **ec2_instance_create_sg_name**: (Optional) +* **ec2_instance_create_external_sg_name**: (Optional) The name of the security group to create. Default is `default-external-sg`. -* **ec2_instance_create_sg_description**: (Optional) +* **ec2_instance_create_external_sg_description**: (Optional) A description for the security group. Default is `Security group for external access`. -* **ec2_instance_create_sg_ssh_port**: (Optional) - The SSH port to open in the security group. Default is `22`. - -* **ec2_instance_create_sg_http_port**: (Optional) - The HTTP port to open in the security group. Default is `80`. - -* **ec2_instance_create_sg_https_port**: (Optional) - The HTTPS port to open in the security group. Default is `443`. +* **ec2_instance_create_external_sg_port**: (Optional) + The port to open in the security group. Default is `22`. * **ec2_instance_create_sg_tags**: (Optional) Tags to assign to the security group. @@ -89,18 +83,15 @@ Here’s an example of how to use the role in a playbook. Environment: Testing ec2_instance_create_wait_for_boot: true # Optionally, enable security group creation - ec2_instance_create_associate_sg: true - ec2_instance_create_sg_name: my-custom-sg - ec2_instance_create_sg_description: Security group for my custom access - ec2_instance_create_sg_ssh_port: 22 - ec2_instance_create_sg_http_port: 80 - ec2_instance_create_sg_https_port: 443 + ec2_instance_create_associate_external_sg: true + ec2_instance_create_external_sg_name: my-custom-sg + ec2_instance_create_external_sg_description: Security group for my custom access + ec2_instance_create_external_sg_port: 22 ec2_instance_create_sg_tags: Component: my-custom-sg Environment: Testing # Optionally, enable Elastic IP association ec2_instance_create_associate_eip: true - ec2_instance_create_eip_release_on_disassociation: true ec2_instance_create_eip_tags: Component: my-test-eip Environment: Testing diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml index 2beb3ab6..07911919 100644 --- a/roles/ec2_instance_create/defaults/main.yml +++ b/roles/ec2_instance_create/defaults/main.yml @@ -1,2 +1,8 @@ --- ec2_instance_create_associate_eip: false +ec2_instance_create_associate_external_sg: false +ec2_instance_create_associate_igw: false +ec2_instance_create_external_sg_description: "Security group for external access" +ec2_instance_create_external_sg_name: "default-external-sg" +ec2_instance_create_external_sg_port: 22 +ec2_instance_create_wait_for_boot: true diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 9d60752d..cda19672 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -54,42 +54,30 @@ argument_specs: required: false default: false type: bool - ec2_instance_create_associate_sg: + ec2_instance_create_associate_external_sg: description: - Whether to create and associate a security group for external access. required: false default: false type: bool - ec2_instance_create_sg_name: + ec2_instance_create_external_sg_name: description: - The name of the security group to create. required: false default: "default-external-sg" type: str - ec2_instance_create_sg_description: + ec2_instance_create_external_sg_description: description: - A description of the security group. required: false default: "Security group for external access" type: str - ec2_instance_create_sg_ssh_port: + ec2_instance_create_external_sg_port: description: - The SSH port to open in the security group. required: false default: 22 type: int - ec2_instance_create_sg_http_port: - description: - - The HTTP port to open in the security group. - required: false - default: 80 - type: int - ec2_instance_create_sg_https_port: - description: - - The HTTPS port to open in the security group. - required: false - default: 443 - type: int ec2_instance_create_sg_tags: description: - Tags to assign to the security group. diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index da4a97e8..644ccc36 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -17,25 +17,17 @@ register: ec2_instance - name: Create security group if enabled - when: ec2_instance_create_associate_sg is true + when: ec2_instance_create_associate_external_sg is true block: - name: Define security group with access rules amazon.aws.ec2_group: - name: "{{ ec2_instance_create_sg_name | default('default-external-sg') }}" - description: "{{ ec2_instance_create_sg_description | default('Security group for external access') }}" + name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" + description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" rules: - proto: tcp ports: - - "{{ ec2_instance_create_sg_ssh_port | default(22) }}" - cidr_ip: "0.0.0.0/0" - - proto: tcp - ports: - - "{{ ec2_instance_create_sg_http_port | default(80) }}" - cidr_ip: "0.0.0.0/0" - - proto: tcp - ports: - - "{{ ec2_instance_create_sg_https_port | default(443) }}" + - "{{ ec2_instance_create_external_sg_port | default(22) }}" cidr_ip: "0.0.0.0/0" tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" @@ -44,8 +36,8 @@ instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_sg_name | default('default-external-sg') }}" - register: ec2_instance_associate_sg + - "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" + register: ec2_instance_associate_external_sg - name: Create and associate Elastic IP if enabled when: ec2_instance_create_associate_eip is true From 7de1d20f7c0bc958064a4141d3c347d15a76a73d Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 15:49:16 -0800 Subject: [PATCH 08/39] change ec2_instance_create_external_sg_rules to list of dicts --- roles/ec2_instance_create/README.md | 18 +++++++++++++----- roles/ec2_instance_create/defaults/main.yml | 4 ++++ roles/ec2_instance_create/tasks/main.yml | 10 +++------- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index f77acb6b..94c6bf07 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -42,8 +42,8 @@ The following variables can be set in the role to customize EC2 instance creatio Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. * **ec2_instance_create_associate_igw**: (Optional) - Whether to create and associate a internet gateway with the EC2 instance. Default is `false`. - If set to `true`, a internet gateway will be created or associated with the instance. + Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. + If set to `true`, an internet gateway will be created or associated with the instance. * **ec2_instance_create_associate_external_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. @@ -58,6 +58,9 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_external_sg_port**: (Optional) The port to open in the security group. Default is `22`. +* **ec2_instance_create_external_sg_rules**: (Optional) + A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. + * **ec2_instance_create_sg_tags**: (Optional) Tags to assign to the security group. @@ -87,14 +90,19 @@ Here’s an example of how to use the role in a playbook. ec2_instance_create_external_sg_name: my-custom-sg ec2_instance_create_external_sg_description: Security group for my custom access ec2_instance_create_external_sg_port: 22 + ec2_instance_create_external_sg_rules: + - proto: tcp + ports: + - 80 + cidr_ip: "0.0.0.0/0" ec2_instance_create_sg_tags: Component: my-custom-sg Environment: Testing # Optionally, enable Elastic IP association ec2_instance_create_associate_eip: true - ec2_instance_create_eip_tags: - Component: my-test-eip - Environment: Testing + ec2_instance_create_eip_tags: + Component: my-test-eip + Environment: Testing License ------- diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml index 07911919..cb23f949 100644 --- a/roles/ec2_instance_create/defaults/main.yml +++ b/roles/ec2_instance_create/defaults/main.yml @@ -6,3 +6,7 @@ ec2_instance_create_external_sg_description: "Security group for external access ec2_instance_create_external_sg_name: "default-external-sg" ec2_instance_create_external_sg_port: 22 ec2_instance_create_wait_for_boot: true +ec2_instance_create_external_sg_rules: + - proto: tcp + ports: 22 + cidr_ip: "0.0.0.0/0" diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 644ccc36..78556751 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -19,17 +19,13 @@ - name: Create security group if enabled when: ec2_instance_create_associate_external_sg is true block: - - name: Define security group with access rules + - name: Define security group with default SSH access rule amazon.aws.ec2_group: name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" - rules: - - proto: tcp - ports: - - "{{ ec2_instance_create_external_sg_port | default(22) }}" - cidr_ip: "0.0.0.0/0" - tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" + rules: "{{ ec2_instance_create_external_sg_rules }}" + register: ec2_group_creation - name: Associate security group with EC2 instance amazon.aws.ec2_instance: From 8ec3319d0df6c0ec7f89443da693b2b46796ea88 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 15:52:52 -0800 Subject: [PATCH 09/39] minor fixes --- roles/ec2_instance_create/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 78556751..780f3388 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -20,7 +20,7 @@ when: ec2_instance_create_associate_external_sg is true block: - name: Define security group with default SSH access rule - amazon.aws.ec2_group: + amazon.aws.ec2_security_group: name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" @@ -56,14 +56,14 @@ when: ec2_instance_create_associate_igw is true block: - name: Create an Internet Gateway - amazon.aws.ec2_internet_gateway: + amazon.aws.ec2_vpc_igw: region: "{{ ec2_instance_create_aws_region }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" state: present register: internet_gateway - name: Attach Internet Gateway to VPC - amazon.aws.ec2_internet_gateway: + amazon.aws.ec2_vpc_igw: region: "{{ ec2_instance_create_aws_region }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" internet_gateway_id: "{{ internet_gateway.id }}" From 75ce1dac7cd12660e604daddd2f323d46b305a05 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 18:21:00 -0800 Subject: [PATCH 10/39] add integration tests --- roles/ec2_instance_create/README.md | 9 +- roles/ec2_instance_create/tasks/main.yml | 53 ++++----- .../targets/test_ec2_instance_create/aliases | 2 + .../defaults/main.yml | 17 +++ .../test_ec2_instance_create/tasks/main.yml | 21 ++++ .../test_ec2_instance_create/tasks/setup.yml | 49 ++++++++ .../tasks/teardown.yml | 25 ++++ .../tasks/test_ec2_only.yml | 44 +++++++ .../tasks/test_ec2_with_igw_sg_eip.yml | 107 ++++++++++++++++++ 9 files changed, 297 insertions(+), 30 deletions(-) create mode 100644 tests/integration/targets/test_ec2_instance_create/aliases create mode 100644 tests/integration/targets/test_ec2_instance_create/defaults/main.yml create mode 100644 tests/integration/targets/test_ec2_instance_create/tasks/main.yml create mode 100644 tests/integration/targets/test_ec2_instance_create/tasks/setup.yml create mode 100644 tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml create mode 100644 tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml create mode 100644 tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 94c6bf07..05f22b7e 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -40,11 +40,18 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. + If set to `true` and provided VPC doesn't have an Internet Gateway (IGW) attached, please set `ec2_instance_create_associate_igw` to true to avoid failure due to VPC not having IGW attached. + +* **ec2_instance_create_eip_tags**: (Optional) + Tags to assign to the elastic IP. * **ec2_instance_create_associate_igw**: (Optional) Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. If set to `true`, an internet gateway will be created or associated with the instance. +* **ec2_instance_create_igw_tags**: (Optional) + Tags to assign to the internet gateway. + * **ec2_instance_create_associate_external_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. If set to `true`, a security group will be created or associated with the instance. @@ -101,7 +108,7 @@ Here’s an example of how to use the role in a playbook. # Optionally, enable Elastic IP association ec2_instance_create_associate_eip: true ec2_instance_create_eip_tags: - Component: my-test-eip + Component: my-custom-eip Environment: Testing License diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 780f3388..713e5cb3 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -2,7 +2,6 @@ - name: Run 'ec2_instance_create' role module_defaults: group/aws: "{{ aws_setup_credentials__output }}" - block: - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: @@ -19,12 +18,13 @@ - name: Create security group if enabled when: ec2_instance_create_associate_external_sg is true block: - - name: Define security group with default SSH access rule + - name: Define security group amazon.aws.ec2_security_group: name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" rules: "{{ ec2_instance_create_external_sg_rules }}" + tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" register: ec2_group_creation - name: Associate security group with EC2 instance @@ -33,26 +33,10 @@ - "{{ ec2_instance.instance_ids[0] }}" security_groups: - "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" + vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" register: ec2_instance_associate_external_sg - - name: Create and associate Elastic IP if enabled - when: ec2_instance_create_associate_eip is true - block: - - name: Allocate and associate Elastic IP - amazon.aws.ec2_eip: - device_id: "{{ ec2_instance.instance_ids[0] }}" - state: present - release_on_disassociation: true - tags: "{{ ec2_instance_create_tags | default(omit) }}" - register: instance_eip - - - name: Output details of associated Elastic IP - ansible.builtin.debug: - msg: - - "Elastic IP {{ instance_eip.public_ip }} created and associated with EC2 instance {{ ec2_instance.instance_ids[0] }}" - - "Details: {{ instance_eip }}" - - - name: Create and Attach Internet Gateway if required + - name: Create and Attach Internet Gateway if enabled when: ec2_instance_create_associate_igw is true block: - name: Create an Internet Gateway @@ -60,26 +44,37 @@ region: "{{ ec2_instance_create_aws_region }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" state: present + tags: "{{ ec2_instance_create_igw_tags | default(omit) }}" register: internet_gateway - - name: Attach Internet Gateway to VPC - amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - internet_gateway_id: "{{ internet_gateway.id }}" - state: attached - - name: Modify the route table to route internet traffic to Internet Gateway amazon.aws.ec2_vpc_route_table: region: "{{ ec2_instance_create_aws_region }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" routes: - dest: "0.0.0.0/0" - gateway_id: "{{ internet_gateway.id }}" + gateway_id: "{{ internet_gateway.gateway_id }}" + state: present + + - name: Create and associate Elastic IP if enabled + when: ec2_instance_create_associate_eip is true + block: + - name: Allocate and associate Elastic IP + amazon.aws.ec2_eip: + device_id: "{{ ec2_instance.instance_ids[0] }}" state: present + release_on_disassociation: true + tags: "{{ ec2_instance_create_eip_tags | default(omit) }}" + register: instance_eip + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + instance_ids: "{{ ec2_instance.instance_ids[0] }}" + region: "{{ ec2_instance_create_aws_region }}" + register: _ec2_instance - name: Output details of the created EC2 instance ansible.builtin.debug: msg: - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance details: {{ ec2_instance.instances[0] }}" + - "Instance details: {{ _ec2_instance.instances[0] }}" diff --git a/tests/integration/targets/test_ec2_instance_create/aliases b/tests/integration/targets/test_ec2_instance_create/aliases new file mode 100644 index 00000000..5f4238a0 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/aliases @@ -0,0 +1,2 @@ +cloud/aws +role/ec2_instance_create diff --git a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml new file mode 100644 index 00000000..0f87eb10 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml @@ -0,0 +1,17 @@ +--- +aws_security_token: "{{ security_token | default(omit) }}" +resource_prefix: mandkulkt1 + +# VPC and Subnet Configuration +vpc_name: "{{ resource_prefix }}-vpc" +test_vpc_name: 'vpc-{{ resource_prefix }}' +test_vpc_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/16' +test_subnet_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/24' + +# EC2 Instance Configuration +ec2_instance_type: t2.micro +ec2_key_name: "{{ resource_prefix }}-ec2-key" # SSH key name for EC2 instances + +# External Security Group Configuration +external_sg_name: "{{ resource_prefix }}-external-sg" +external_sg_description: "External Security Group for EC2" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml new file mode 100644 index 00000000..21dde032 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Integration tests for ec2_networking_resources role + module_defaults: + group/aws: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + block: + - name: Create resources required for test + include_tasks: setup.yml + + - name: Run tests for case 1 - EC2 with no external sg, igw, eip + include_tasks: tasks/test_ec2_only.yml + + - name: Run tests for case 2 - EC2 with external sg, igw, eip + include_tasks: tasks/test_ec2_with_igw_sg_eip.yml + + always: + - name: Delete resources required for test + ansible.builtin.include_tasks: teardown.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml new file mode 100644 index 00000000..1ec44460 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml @@ -0,0 +1,49 @@ +--- +- name: Setup + block: + - name: Get AMI image ID using filters + amazon.aws.ec2_ami_info: + region: "{{ aws_region }}" + filters: + architecture: x86_64 + # CentOS Community Platform Engineering (CPE) + owner-id: "125523088429" + virtualization-type: hvm + root-device-type: ebs + name: Fedora-Cloud-Base-* + register: images + # very spammy + no_log: true + + - name: Create vpc to work in + amazon.aws.ec2_vpc_net: + cidr_block: "{{ test_vpc_cidr }}" + name: "{{ test_vpc_name }}" + state: present + region: "{{ aws_region }}" + register: vpc + + - name: Define VPC id + ansible.builtin.set_fact: + test_vpc_id: "{{ vpc.vpc.id }}" + + - name: Create EC2 subnet + amazon.aws.ec2_vpc_subnet: + vpc_id: "{{ test_vpc_id }}" + cidr: "{{ test_subnet_cidr }}" + az: "{{ aws_region }}a" + region: "{{ aws_region }}" + register: subnet + + - name: Create a key + amazon.aws.ec2_key: + name: "{{ ec2_key_name }}" + state: present + region: "{{ aws_region }}" + register: ec2_key_result + + - name: Set facts for test resources + ansible.builtin.set_fact: + image_id: "ami-0bcda2433f3dabc41" #"{{ images.images.0.image_id }}" + subnet_id: "{{ subnet.subnet.id }}" + vpc_id: "{{ vpc.vpc.id }}" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml new file mode 100644 index 00000000..f1c60a95 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml @@ -0,0 +1,25 @@ +--- +- name: Teardown + block: + - name: Delete Subnets + amazon.aws.ec2_vpc_subnet: + vpc_id: "{{ test_vpc_id }}" + cidr: "{{ test_subnet_cidr }}" + region: "{{ aws_region }}" + state: absent + ignore_errors: true + + - name: Delete a VPC + amazon.aws.ec2_vpc_net: + cidr_block: "{{ test_vpc_cidr }}" + vpc_id: "{{ test_vpc_id }}" + region: "{{ aws_region }}" + state: absent + ignore_errors: true + + - name: Delete a key + amazon.aws.ec2_key: + name: "{{ resource_prefix }}-ec2-key" + region: "{{ aws_region }}" + state: absent + ignore_errors: true \ No newline at end of file diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml new file mode 100644 index 00000000..54f419ec --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml @@ -0,0 +1,44 @@ +--- +- block: + - name: Create EC2 instance with no external SG, no IGW, no EIP + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create + vars: + ec2_instance_create_aws_region: "{{ aws_region }}" + ec2_instance_create_instance_name: "only-ec2-{{ resource_prefix }}" + ec2_instance_create_instance_type: "{{ ec2_instance_type }}" + ec2_instance_create_ami_id: "{{ image_id }}" + ec2_instance_create_vpc_subnet_id: "{{ subnet_id }}" + ec2_instance_create_key_name: "{{ ec2_key_name }}" + ec2_instance_create_associate_external_sg: false + ec2_instance_create_associate_eip: false + ec2_instance_create_associate_igw: false + ec2_instance_create_tags: + Environment: Testing + Name: "{{ resource_prefix }}-instance" + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + filters: + "tag:Name": "only-ec2-{{ resource_prefix }}" + register: _ec2_instance + until: _ec2_instance.instances[0].state.name == 'running' + retries: 12 + delay: 5 + + - name: Validate EC2 creation (no SG, no IGW, no EIP) + ansible.builtin.assert: + that: + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].state.name == 'running' + - _ec2_instance.instances[0].tags.Name == "only-ec2-{{ resource_prefix }}" + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" + - _ec2_instance.instances[0].key_name == ec2_key_name + + always: + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" + wait: true + ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml new file mode 100644 index 00000000..500a9f75 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -0,0 +1,107 @@ +--- +- block: + - name: Create EC2 instance with no external SG, no IGW, no EIP + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create + vars: + ec2_instance_create_aws_region: "{{ aws_region }}" + ec2_instance_create_instance_name: "ec2-all-enabled-{{ resource_prefix }}" + ec2_instance_create_instance_type: "{{ ec2_instance_type }}" + ec2_instance_create_ami_id: "{{ image_id }}" + ec2_instance_create_vpc_subnet_id: "{{ subnet_id }}" + ec2_instance_create_key_name: "{{ ec2_key_name }}" + ec2_instance_create_vpc_id: "{{ vpc_id }}" + ec2_instance_create_tags: + Environment: Testing + Name: "{{ resource_prefix }}-instance" + + # Optional: external security group + ec2_instance_create_associate_external_sg: true + ec2_instance_create_external_sg_name: "{{ external_sg_name }}" + ec2_instance_create_external_sg_description: "{{ external_sg_description }}" + ec2_instance_create_external_sg_rules: + - proto: tcp + ports: 22 + cidr_ip: 10.0.1.0/16 + - proto: tcp + ports: 8000 + cidr_ip: 10.0.1.0/16 + ec2_instance_create_sg_tags: + Environment: Testing + Name: "{{ resource_prefix }}-sg" + + # Optional: EIP + ec2_instance_create_associate_eip: true + ec2_instance_create_eip_tags: + Environment: Testing + Name: "{{ resource_prefix }}-eip" + + # Optional: Internet Gateway + ec2_instance_create_associate_igw: true + ec2_instance_create_igw_tags: + Environment: Testing + Name: "{{ resource_prefix }}-igw" + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + filters: + "tag:Name": "ec2-all-enabled-{{ resource_prefix }}" + register: _ec2_instance + until: _ec2_instance.instances[0].state.name == 'running' + retries: 12 + delay: 5 + + - name: Gather information about Internet Gateway + amazon.aws.ec2_vpc_igw_info: + filters: + "tag:Name": "{{ resource_prefix }}-igw" + register: igw_info + + - name: Gather information about security group + amazon.aws.ec2_security_group_info: + filters: + "tag:Name": "{{ resource_prefix }}-sg" + register: sg_info + + - name: Gather information about route table + amazon.aws.ec2_vpc_route_table_info: + filters: + vpc-id: "{{ vpc_id }}" + register: rtb_info + + - name: Validate EC2 creation (SG, IGW, EIP) + ansible.builtin.assert: + that: + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].state.name == 'running' + - _ec2_instance.instances[0].tags.Name == "ec2-all-enabled-{{ resource_prefix }}" + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "{{ external_sg_name }}" + - _ec2_instance.instances[0].key_name == ec2_key_name + + always: + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" + wait: true + ignore_errors: true + + - name: Delete Internet gateway ensuring attached VPC is correct + amazon.aws.ec2_vpc_igw: + state: absent + internet_gateway_id: "{{ igw_info.internet_gateways[0].internet_gateway_id }}" + vpc_id: "{{ vpc_id }}" + ignore_errors: true + + - name: Delete security group + amazon.aws.ec2_security_group: + group_id: "{{ sg_info.security_groups[0].group_id }}" + state: absent + ignore_errors: true + + - name: Delete route table + amazon.aws.ec2_vpc_route_table: + vpc_id: "{{ vpc_id }}" + route_table_id: "{{ rtb_info.route_tables[0].id }}" + lookup: id + state: absent From 6e0574c903c32c4edd1b5a7a704eb56be4863c70 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 18:22:52 -0800 Subject: [PATCH 11/39] minor fix --- .../targets/test_ec2_instance_create/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml index 0f87eb10..958fe7fc 100644 --- a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml +++ b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml @@ -1,6 +1,5 @@ --- aws_security_token: "{{ security_token | default(omit) }}" -resource_prefix: mandkulkt1 # VPC and Subnet Configuration vpc_name: "{{ resource_prefix }}-vpc" @@ -10,7 +9,7 @@ test_subnet_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/24' # EC2 Instance Configuration ec2_instance_type: t2.micro -ec2_key_name: "{{ resource_prefix }}-ec2-key" # SSH key name for EC2 instances +ec2_key_name: "{{ resource_prefix }}-ec2-key" # External Security Group Configuration external_sg_name: "{{ resource_prefix }}-external-sg" From 4e755c60a18692fffb71060957cbd2e8fa86b089 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 19:00:09 -0800 Subject: [PATCH 12/39] minor fixes --- roles/ec2_instance_create/README.md | 2 +- .../test_ec2_instance_create/tasks/main.yml | 1 - .../test_ec2_instance_create/tasks/setup.yml | 2 +- .../tasks/teardown.yml | 2 +- .../tasks/test_ec2_only.yml | 36 +++++++--- .../tasks/test_ec2_with_igw_sg_eip.yml | 69 ++++++++++--------- 6 files changed, 63 insertions(+), 49 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 05f22b7e..ddb56af3 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -73,7 +73,7 @@ The following variables can be set in the role to customize EC2 instance creatio ### Example: -Here’s an example of how to use the role in a playbook. +Here's an example of how to use the role in a playbook. ```yaml --- diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml index 21dde032..9ee50da5 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml @@ -1,4 +1,3 @@ ---- - name: Integration tests for ec2_networking_resources role module_defaults: group/aws: diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml index 1ec44460..5af1a029 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml @@ -44,6 +44,6 @@ - name: Set facts for test resources ansible.builtin.set_fact: - image_id: "ami-0bcda2433f3dabc41" #"{{ images.images.0.image_id }}" + image_id: "{{ images.images.0.image_id }}" subnet_id: "{{ subnet.subnet.id }}" vpc_id: "{{ vpc.vpc.id }}" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml index f1c60a95..d6a1a0b6 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml @@ -22,4 +22,4 @@ name: "{{ resource_prefix }}-ec2-key" region: "{{ aws_region }}" state: absent - ignore_errors: true \ No newline at end of file + ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml index 54f419ec..b941ac23 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml @@ -26,19 +26,33 @@ retries: 12 delay: 5 + - name: Gather information about route table + amazon.aws.ec2_vpc_route_table_info: + filters: + vpc-id: "{{ vpc_id }}" + register: rtb_info + - name: Validate EC2 creation (no SG, no IGW, no EIP) ansible.builtin.assert: that: - - _ec2_instance.instances | length == 1 - - _ec2_instance.instances[0].state.name == 'running' - - _ec2_instance.instances[0].tags.Name == "only-ec2-{{ resource_prefix }}" - - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" - - _ec2_instance.instances[0].key_name == ec2_key_name + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].state.name == 'running' + - _ec2_instance.instances[0].tags.Name == "only-ec2-{{ resource_prefix }}" + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" + - _ec2_instance.instances[0].key_name == ec2_key_name always: - - name: Terminate EC2 instance - amazon.aws.ec2_instance: - state: absent - instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" - wait: true - ignore_errors: true + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" + wait: true + ignore_errors: true + + - name: Delete route table + amazon.aws.ec2_vpc_route_table: + vpc_id: "{{ vpc_id }}" + route_table_id: "{{ rtb_info.route_tables[0].id }}" + lookup: id + state: absent + ignore_errors: true \ No newline at end of file diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml index 500a9f75..a1088568 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -20,12 +20,12 @@ ec2_instance_create_external_sg_name: "{{ external_sg_name }}" ec2_instance_create_external_sg_description: "{{ external_sg_description }}" ec2_instance_create_external_sg_rules: - - proto: tcp - ports: 22 - cidr_ip: 10.0.1.0/16 - - proto: tcp - ports: 8000 - cidr_ip: 10.0.1.0/16 + - proto: tcp + ports: 22 + cidr_ip: 10.0.1.0/16 + - proto: tcp + ports: 8000 + cidr_ip: 10.0.1.0/16 ec2_instance_create_sg_tags: Environment: Testing Name: "{{ resource_prefix }}-sg" @@ -72,36 +72,37 @@ - name: Validate EC2 creation (SG, IGW, EIP) ansible.builtin.assert: that: - - _ec2_instance.instances | length == 1 - - _ec2_instance.instances[0].state.name == 'running' - - _ec2_instance.instances[0].tags.Name == "ec2-all-enabled-{{ resource_prefix }}" - - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "{{ external_sg_name }}" - - _ec2_instance.instances[0].key_name == ec2_key_name + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].state.name == 'running' + - _ec2_instance.instances[0].tags.Name == "ec2-all-enabled-{{ resource_prefix }}" + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "{{ external_sg_name }}" + - _ec2_instance.instances[0].key_name == ec2_key_name always: - - name: Terminate EC2 instance - amazon.aws.ec2_instance: - state: absent - instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" - wait: true - ignore_errors: true + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" + wait: true + ignore_errors: true - - name: Delete Internet gateway ensuring attached VPC is correct - amazon.aws.ec2_vpc_igw: - state: absent - internet_gateway_id: "{{ igw_info.internet_gateways[0].internet_gateway_id }}" - vpc_id: "{{ vpc_id }}" - ignore_errors: true + - name: Delete Internet gateway ensuring attached VPC is correct + amazon.aws.ec2_vpc_igw: + state: absent + internet_gateway_id: "{{ igw_info.internet_gateways[0].internet_gateway_id }}" + vpc_id: "{{ vpc_id }}" + ignore_errors: true - - name: Delete security group - amazon.aws.ec2_security_group: - group_id: "{{ sg_info.security_groups[0].group_id }}" - state: absent - ignore_errors: true + - name: Delete security group + amazon.aws.ec2_security_group: + group_id: "{{ sg_info.security_groups[0].group_id }}" + state: absent + ignore_errors: true - - name: Delete route table - amazon.aws.ec2_vpc_route_table: - vpc_id: "{{ vpc_id }}" - route_table_id: "{{ rtb_info.route_tables[0].id }}" - lookup: id - state: absent + - name: Delete route table + amazon.aws.ec2_vpc_route_table: + vpc_id: "{{ vpc_id }}" + route_table_id: "{{ rtb_info.route_tables[0].id }}" + lookup: id + state: absent + ignore_errors: true From 2a237551098ed26f18aa3c879b93ed1ac33d46aa Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Wed, 20 Nov 2024 20:38:48 -0800 Subject: [PATCH 13/39] minor update --- roles/ec2_instance_create/README.md | 6 ++++++ .../test_ec2_instance_create/tasks/test_ec2_only.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index ddb56af3..aa830b92 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -38,6 +38,8 @@ The following variables can be set in the role to customize EC2 instance creatio ### Optional Networking Resources +#### Elastic IP + * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. If set to `true` and provided VPC doesn't have an Internet Gateway (IGW) attached, please set `ec2_instance_create_associate_igw` to true to avoid failure due to VPC not having IGW attached. @@ -45,6 +47,8 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_eip_tags**: (Optional) Tags to assign to the elastic IP. +#### Internet Gateway + * **ec2_instance_create_associate_igw**: (Optional) Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. If set to `true`, an internet gateway will be created or associated with the instance. @@ -52,6 +56,8 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_igw_tags**: (Optional) Tags to assign to the internet gateway. +#### External Security Group + * **ec2_instance_create_associate_external_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. If set to `true`, a security group will be created or associated with the instance. diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml index b941ac23..08c6448e 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml @@ -55,4 +55,4 @@ route_table_id: "{{ rtb_info.route_tables[0].id }}" lookup: id state: absent - ignore_errors: true \ No newline at end of file + ignore_errors: true From dfe5a4abc65d01dbe048f5bfbdf25411bcafc4c1 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Thu, 21 Nov 2024 12:34:06 -0800 Subject: [PATCH 14/39] minor fixes --- roles/ec2_instance_create/README.md | 9 ++------- roles/ec2_instance_create/defaults/main.yml | 3 +-- roles/ec2_instance_create/meta/argument_specs.yml | 6 ------ 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index aa830b92..facef867 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -4,7 +4,7 @@ A role to create an EC2 instance in AWS. Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. -This role also supports the creation of optional networking resources, such as a security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. +This role also supports the creation of optional networking resources, such as an external security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. ## Role Variables @@ -68,9 +68,6 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_external_sg_description**: (Optional) A description for the security group. Default is `Security group for external access`. -* **ec2_instance_create_external_sg_port**: (Optional) - The port to open in the security group. Default is `22`. - * **ec2_instance_create_external_sg_rules**: (Optional) A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. @@ -102,11 +99,9 @@ Here's an example of how to use the role in a playbook. ec2_instance_create_associate_external_sg: true ec2_instance_create_external_sg_name: my-custom-sg ec2_instance_create_external_sg_description: Security group for my custom access - ec2_instance_create_external_sg_port: 22 ec2_instance_create_external_sg_rules: - proto: tcp - ports: - - 80 + ports: "80" cidr_ip: "0.0.0.0/0" ec2_instance_create_sg_tags: Component: my-custom-sg diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml index cb23f949..7f32c306 100644 --- a/roles/ec2_instance_create/defaults/main.yml +++ b/roles/ec2_instance_create/defaults/main.yml @@ -4,9 +4,8 @@ ec2_instance_create_associate_external_sg: false ec2_instance_create_associate_igw: false ec2_instance_create_external_sg_description: "Security group for external access" ec2_instance_create_external_sg_name: "default-external-sg" -ec2_instance_create_external_sg_port: 22 ec2_instance_create_wait_for_boot: true ec2_instance_create_external_sg_rules: - proto: tcp - ports: 22 + ports: "22" cidr_ip: "0.0.0.0/0" diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index cda19672..2790daca 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -72,12 +72,6 @@ argument_specs: required: false default: "Security group for external access" type: str - ec2_instance_create_external_sg_port: - description: - - The SSH port to open in the security group. - required: false - default: 22 - type: int ec2_instance_create_sg_tags: description: - Tags to assign to the security group. From 40c4fd21c47a7a8f84356e51edea8f72d432aa32 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Thu, 21 Nov 2024 12:48:54 -0800 Subject: [PATCH 15/39] add functionality to associate existing sg with instane during creation --- roles/ec2_instance_create/README.md | 5 ++++- roles/ec2_instance_create/defaults/main.yml | 2 +- roles/ec2_instance_create/meta/argument_specs.yml | 2 +- roles/ec2_instance_create/tasks/main.yml | 6 ++++-- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index facef867..2ec6144f 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -30,6 +30,9 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. +* **ec2_instance_create_external_sg**: (Optional) + The ID of the security group to be associated with EC2 instance. + * **ec2_instance_create_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. @@ -63,7 +66,7 @@ The following variables can be set in the role to customize EC2 instance creatio If set to `true`, a security group will be created or associated with the instance. * **ec2_instance_create_external_sg_name**: (Optional) - The name of the security group to create. Default is `default-external-sg`. + The name of the security group to create. Default is `ec2_instance_create-default-external-sg`. * **ec2_instance_create_external_sg_description**: (Optional) A description for the security group. Default is `Security group for external access`. diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml index 7f32c306..59aef900 100644 --- a/roles/ec2_instance_create/defaults/main.yml +++ b/roles/ec2_instance_create/defaults/main.yml @@ -3,7 +3,7 @@ ec2_instance_create_associate_eip: false ec2_instance_create_associate_external_sg: false ec2_instance_create_associate_igw: false ec2_instance_create_external_sg_description: "Security group for external access" -ec2_instance_create_external_sg_name: "default-external-sg" +ec2_instance_create_external_sg_name: "ec2_instance_create-default-external-sg" ec2_instance_create_wait_for_boot: true ec2_instance_create_external_sg_rules: - proto: tcp diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 2790daca..4bd8b609 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -64,7 +64,7 @@ argument_specs: description: - The name of the security group to create. required: false - default: "default-external-sg" + default: "ec2_instance_create-default-external-sg" type: str ec2_instance_create_external_sg_description: description: diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 713e5cb3..b7e704c8 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -11,6 +11,8 @@ image_id: "{{ ec2_instance_create_ami_id }}" key_name: "{{ ec2_instance_create_key_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + security_groups: + - "{{ ec2_instance_create_external_sg | default(omit) }}" tags: "{{ ec2_instance_create_tags | default(omit) }}" wait: "{{ ec2_instance_create_wait_for_boot }}" register: ec2_instance @@ -20,7 +22,7 @@ block: - name: Define security group amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" + name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" rules: "{{ ec2_instance_create_external_sg_rules }}" @@ -32,7 +34,7 @@ instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}" + - "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" register: ec2_instance_associate_external_sg From 5c73f9d572be45c4c3cfae7acd0874049d1475eb Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Thu, 21 Nov 2024 12:51:43 -0800 Subject: [PATCH 16/39] update param name --- roles/ec2_instance_create/README.md | 4 ++-- roles/ec2_instance_create/tasks/main.yml | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 2ec6144f..11e022a2 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -30,8 +30,8 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. -* **ec2_instance_create_external_sg**: (Optional) - The ID of the security group to be associated with EC2 instance. +* **ec2_instance_create_external_sg_id**: (Optional) + The ID or name of the security group to be associated with EC2 instance. * **ec2_instance_create_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index b7e704c8..ab77a61e 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -11,8 +11,7 @@ image_id: "{{ ec2_instance_create_ami_id }}" key_name: "{{ ec2_instance_create_key_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - security_groups: - - "{{ ec2_instance_create_external_sg | default(omit) }}" + security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" tags: "{{ ec2_instance_create_tags | default(omit) }}" wait: "{{ ec2_instance_create_wait_for_boot }}" register: ec2_instance From 99f0aaeebfa866869fab80ac052873f601845cce Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Thu, 21 Nov 2024 13:17:29 -0800 Subject: [PATCH 17/39] update arg spec and readme --- roles/ec2_instance_create/README.md | 4 +++ .../meta/argument_specs.yml | 27 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 11e022a2..0dcc3914 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -30,6 +30,10 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. + * **ec2_instance_create_vpc_id**: (Optional) + The ID of the VPC used for security group and internet gateway. + Required is `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. + * **ec2_instance_create_external_sg_id**: (Optional) The ID or name of the security group to be associated with EC2 instance. diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 4bd8b609..162068bc 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -83,3 +83,30 @@ argument_specs: required: false default: false type: bool + ec2_instance_create_vpc_id: + description: + - The ID of the VPC used for security group and internet gateway. + - This is required when `ec2_instance_create_associate_external_sg` or `ec2_instance_create_associate_igw` is `true`. + required: false + type: str + ec2_instance_create_external_sg_id: + description: + - The ID or name of the security group to be associated with EC2 instance. + required: false + type: str + ec2_instance_create_eip_tags: + description: + - Tags to assign to the Elastic IP. + required: false + type: dict + ec2_instance_create_external_sg_rules: + description: + - A list of dict containing custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. + required: false + type: list + elements: dict + ec2_instance_create_igw_tags: + description: + - Tags to assign to the internet gateway. + required: false + type: dict \ No newline at end of file From f94d90190820444267f6f27c48c0a36425e912be Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Thu, 21 Nov 2024 13:20:14 -0800 Subject: [PATCH 18/39] linter fix, newline at eof --- roles/ec2_instance_create/meta/argument_specs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 162068bc..94c5b56c 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -109,4 +109,4 @@ argument_specs: description: - Tags to assign to the internet gateway. required: false - type: dict \ No newline at end of file + type: dict From a000a37838764be557b614a3be8284a870b86d0f Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 09:10:42 -0800 Subject: [PATCH 19/39] add check for instance name --- roles/ec2_instance_create/tasks/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index ab77a61e..69369e84 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -3,6 +3,21 @@ module_defaults: group/aws: "{{ aws_setup_credentials__output }}" block: + - name: Verify that the instance and security group with same name does not exist + block: + - name: Get instane info with provided name + amazon.aws.ec2_instance_info: + region: "{{ ec2_instance_create_aws_region }}" + filters: + tag:Name: "{{ ec2_instance_create_instance_name }}" + register: ec2_info_result + + - name: Print warning and exit + ansible.builtin.fail: + msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. + Please provide different name to avoid updating instance." + when: ec2_info_result.instances | length >= 1 + - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: region: "{{ ec2_instance_create_aws_region }}" From d2fc19488e36372229abed53162d52ce164f56d5 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 10:31:08 -0800 Subject: [PATCH 20/39] add functionality to delete role resources --- roles/ec2_instance_create/README.md | 6 ++ .../meta/argument_specs.yml | 7 ++ .../tasks/ec2_instance_create_operations.yml | 93 +++++++++++++++++ .../tasks/ec2_instance_delete_operations.yml | 24 +++++ roles/ec2_instance_create/tasks/main.yml | 99 ++----------------- .../tasks/test_ec2_only.yml | 1 + .../tasks/test_ec2_with_igw_sg_eip.yml | 1 + 7 files changed, 140 insertions(+), 91 deletions(-) create mode 100644 roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml create mode 100644 roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 0dcc3914..bd8666ed 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -10,6 +10,12 @@ This role also supports the creation of optional networking resources, such as a The following variables can be set in the role to customize EC2 instance creation and networking configurations: +### Role operation + +* **ec2_instance_create_operation**: (Required) + Whether to create or delete resources using the role. Default is `create`. + Choices are `create` and `delete`. + ### EC2 Instance Configuration * **ec2_instance_create_aws_region**: (Required) diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 94c5b56c..96ec1d49 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -7,6 +7,13 @@ argument_specs: - Optionally can create a security group and associate an Elastic IP with the instance. - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. options: + ec2_instance_create_operation: + description: + - Whether to create or delete resources using the role. + required: false + type: str + default: create + choices: [create, delete] ec2_instance_create_aws_region: description: - The AWS region in which to create the EC2 instance. diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml new file mode 100644 index 00000000..1fd1f981 --- /dev/null +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -0,0 +1,93 @@ +--- +- name: Verify that the instance and security group with same name does not exist + block: + - name: Get instane info with provided name + amazon.aws.ec2_instance_info: + region: "{{ ec2_instance_create_aws_region }}" + filters: + tag:Name: "{{ ec2_instance_create_instance_name }}" + instance-state-name: ["running"] + register: ec2_info_result + + - name: Print warning and exit + ansible.builtin.fail: + msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. + Please provide different name to avoid updating instance." + when: ec2_info_result.instances | length >= 1 + +- name: Create EC2 instance with provided configuration + amazon.aws.ec2_instance: + region: "{{ ec2_instance_create_aws_region }}" + name: "{{ ec2_instance_create_instance_name }}" + instance_type: "{{ ec2_instance_create_instance_type }}" + image_id: "{{ ec2_instance_create_ami_id }}" + key_name: "{{ ec2_instance_create_key_name }}" + vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" + tags: "{{ ec2_instance_create_tags | default(omit) }}" + wait: "{{ ec2_instance_create_wait_for_boot }}" + register: ec2_instance + +- name: Create security group if enabled + when: ec2_instance_create_associate_external_sg is true + block: + - name: Define security group + amazon.aws.ec2_security_group: + name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" + description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + rules: "{{ ec2_instance_create_external_sg_rules }}" + tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" + register: ec2_group_creation + + - name: Associate security group with EC2 instance + amazon.aws.ec2_instance: + instance_ids: + - "{{ ec2_instance.instance_ids[0] }}" + security_groups: + - "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" + vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + register: ec2_instance_associate_external_sg + +- name: Create and Attach Internet Gateway if enabled + when: ec2_instance_create_associate_igw is true + block: + - name: Create an Internet Gateway + amazon.aws.ec2_vpc_igw: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + state: present + tags: "{{ ec2_instance_create_igw_tags | default(omit) }}" + register: internet_gateway + + - name: Modify the route table to route internet traffic to Internet Gateway + amazon.aws.ec2_vpc_route_table: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + routes: + - dest: "0.0.0.0/0" + gateway_id: "{{ internet_gateway.gateway_id }}" + state: present + +- name: Create and associate Elastic IP if enabled + when: ec2_instance_create_associate_eip is true + block: + - name: Allocate and associate Elastic IP + amazon.aws.ec2_eip: + device_id: "{{ ec2_instance.instance_ids[0] }}" + state: present + release_on_disassociation: true + tags: "{{ ec2_instance_create_eip_tags | default(omit) }}" + register: instance_eip + +- name: Get EC2 instance info + amazon.aws.ec2_instance_info: + instance_ids: "{{ ec2_instance.instance_ids[0] }}" + region: "{{ ec2_instance_create_aws_region }}" + register: _ec2_instance + +- name: Output details of the created EC2 instance + ansible.builtin.debug: + msg: + - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" + - "Instance details: {{ _ec2_instance.instances[0] }}" \ No newline at end of file diff --git a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml new file mode 100644 index 00000000..2892a9b4 --- /dev/null +++ b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml @@ -0,0 +1,24 @@ +--- +- name: Terminate EC2 instance + amazon.aws.ec2_instance: + region: "{{ ec2_instance_create_aws_region }}" + name: "{{ ec2_instance_create_instance_name }}" + instance_type: "{{ ec2_instance_create_instance_type }}" + image_id: "{{ ec2_instance_create_ami_id }}" + key_name: "{{ ec2_instance_create_key_name }}" + vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" + tags: "{{ ec2_instance_create_tags | default(omit) }}" + wait: "{{ ec2_instance_create_wait_for_boot }}" + state: absent + +- name: Delete security group if created + amazon.aws.ec2_security_group: + name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" + state: absent + +- name: Detach and delete Internet Gateway if created + amazon.aws.ec2_vpc_igw: + region: "{{ ec2_instance_create_aws_region }}" + vpc_id: "{{ ec2_instance_create_vpc_id }}" + state: absent diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 69369e84..5a126cff 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -1,96 +1,13 @@ --- -- name: Run 'ec2_instance_create' role +- name: EC2 Instance creation or deletion based on operation module_defaults: group/aws: "{{ aws_setup_credentials__output }}" - block: - - name: Verify that the instance and security group with same name does not exist - block: - - name: Get instane info with provided name - amazon.aws.ec2_instance_info: - region: "{{ ec2_instance_create_aws_region }}" - filters: - tag:Name: "{{ ec2_instance_create_instance_name }}" - register: ec2_info_result - - - name: Print warning and exit - ansible.builtin.fail: - msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. - Please provide different name to avoid updating instance." - when: ec2_info_result.instances | length >= 1 - - - name: Create EC2 instance with provided configuration - amazon.aws.ec2_instance: - region: "{{ ec2_instance_create_aws_region }}" - name: "{{ ec2_instance_create_instance_name }}" - instance_type: "{{ ec2_instance_create_instance_type }}" - image_id: "{{ ec2_instance_create_ami_id }}" - key_name: "{{ ec2_instance_create_key_name }}" - vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" - tags: "{{ ec2_instance_create_tags | default(omit) }}" - wait: "{{ ec2_instance_create_wait_for_boot }}" - register: ec2_instance - - - name: Create security group if enabled - when: ec2_instance_create_associate_external_sg is true - block: - - name: Define security group - amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" - description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - rules: "{{ ec2_instance_create_external_sg_rules }}" - tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" - register: ec2_group_creation - - - name: Associate security group with EC2 instance - amazon.aws.ec2_instance: - instance_ids: - - "{{ ec2_instance.instance_ids[0] }}" - security_groups: - - "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" - vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - register: ec2_instance_associate_external_sg - - name: Create and Attach Internet Gateway if enabled - when: ec2_instance_create_associate_igw is true - block: - - name: Create an Internet Gateway - amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - state: present - tags: "{{ ec2_instance_create_igw_tags | default(omit) }}" - register: internet_gateway - - - name: Modify the route table to route internet traffic to Internet Gateway - amazon.aws.ec2_vpc_route_table: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - routes: - - dest: "0.0.0.0/0" - gateway_id: "{{ internet_gateway.gateway_id }}" - state: present - - - name: Create and associate Elastic IP if enabled - when: ec2_instance_create_associate_eip is true - block: - - name: Allocate and associate Elastic IP - amazon.aws.ec2_eip: - device_id: "{{ ec2_instance.instance_ids[0] }}" - state: present - release_on_disassociation: true - tags: "{{ ec2_instance_create_eip_tags | default(omit) }}" - register: instance_eip - - - name: Get EC2 instance info - amazon.aws.ec2_instance_info: - instance_ids: "{{ ec2_instance.instance_ids[0] }}" - region: "{{ ec2_instance_create_aws_region }}" - register: _ec2_instance + block: + - name: Include create operations + include_tasks: ec2_instance_create_operations.yml + when: ec2_instance_create_operation == 'create' - - name: Output details of the created EC2 instance - ansible.builtin.debug: - msg: - - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance details: {{ _ec2_instance.instances[0] }}" + - name: Include delete operations + include_tasks: ec2_instance_delete_operations.yml + when: ec2_instance_create_operation == 'delete' diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml index 08c6448e..927594d0 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml @@ -4,6 +4,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_create vars: + ec2_instance_create_operation: create ec2_instance_create_aws_region: "{{ aws_region }}" ec2_instance_create_instance_name: "only-ec2-{{ resource_prefix }}" ec2_instance_create_instance_type: "{{ ec2_instance_type }}" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml index a1088568..fc36d446 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -4,6 +4,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_create vars: + ec2_instance_create_operation: create ec2_instance_create_aws_region: "{{ aws_region }}" ec2_instance_create_instance_name: "ec2-all-enabled-{{ resource_prefix }}" ec2_instance_create_instance_type: "{{ ec2_instance_type }}" From 01000a60f2789b6650ebe33d59f333898d86192f Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 10:31:44 -0800 Subject: [PATCH 21/39] update readme --- roles/ec2_instance_create/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index bd8666ed..86742a25 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -38,7 +38,7 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_id**: (Optional) The ID of the VPC used for security group and internet gateway. - Required is `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. + Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. * **ec2_instance_create_external_sg_id**: (Optional) The ID or name of the security group to be associated with EC2 instance. From cc30d69d7a46272eb401fd063bf78c92ef1f36bd Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 10:58:27 -0800 Subject: [PATCH 22/39] update readme --- roles/ec2_instance_create/README.md | 5 ++++- .../tasks/ec2_instance_create_operations.yml | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 86742a25..bd8cfded 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -41,7 +41,8 @@ The following variables can be set in the role to customize EC2 instance creatio Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. * **ec2_instance_create_external_sg_id**: (Optional) - The ID or name of the security group to be associated with EC2 instance. + The ID or name of the existing security group to be associated with EC2 instance. + Mutually exclusive with `ec2_instance_create_associate_external_sg`. * **ec2_instance_create_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. @@ -74,6 +75,7 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_associate_external_sg**: (Optional) Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. If set to `true`, a security group will be created or associated with the instance. + Mutually exclusive with `ec2_instance_create_external_sg_id`. * **ec2_instance_create_external_sg_name**: (Optional) The name of the security group to create. Default is `ec2_instance_create-default-external-sg`. @@ -99,6 +101,7 @@ Here's an example of how to use the role in a playbook. roles: - role: cloud.aws_ops.ec2_instance_create vars: + ec2_instance_create_operation: create ec2_instance_create_aws_region: us-west-2 ec2_instance_create_instance_name: my-test-instance ec2_instance_create_instance_type: t2.micro diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 1fd1f981..04e51730 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -1,4 +1,12 @@ --- +- name: Verify exclusive parameters + block: + - name: Check for security group ID + ansible.builtin.fail: + msg: "ec2_instance_create_external_sg_id and ec2_instance_create_associate_external_sg are mutually exlcusive. + Please provide only one to either associate existing or create new sg." + when: ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true + - name: Verify that the instance and security group with same name does not exist block: - name: Get instane info with provided name From 57006fec5613515d823d8fe62de22465168c07ca Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 12:42:22 -0800 Subject: [PATCH 23/39] minor fixes --- .../tasks/ec2_instance_create_operations.yml | 2 +- .../tasks/ec2_instance_delete_operations.yml | 3 +++ roles/ec2_instance_create/tasks/main.yml | 1 - .../test_ec2_instance_create/tasks/main.yml | 3 ++- .../tasks/teardown.yml | 20 ++++++++++++++ .../tasks/test_ec2_only.yml | 15 +---------- .../tasks/test_ec2_with_igw_sg_eip.yml | 26 +++++++++++++------ 7 files changed, 45 insertions(+), 25 deletions(-) diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 04e51730..3a58db39 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -5,7 +5,7 @@ ansible.builtin.fail: msg: "ec2_instance_create_external_sg_id and ec2_instance_create_associate_external_sg are mutually exlcusive. Please provide only one to either associate existing or create new sg." - when: ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true + when: ec2_instance_create_external_sg_id is defined and ec2_instance_create_associate_external_sg is defined and ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true - name: Verify that the instance and security group with same name does not exist block: diff --git a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml index 2892a9b4..97d5950f 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml @@ -11,14 +11,17 @@ tags: "{{ ec2_instance_create_tags | default(omit) }}" wait: "{{ ec2_instance_create_wait_for_boot }}" state: absent + when: ec2_instance_create_instance_name is defined and ec2_instance_create_instance_name | length > 0 - name: Delete security group if created amazon.aws.ec2_security_group: name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" state: absent + when: ec2_instance_create_associate_external_sg is defined and ec2_instance_create_associate_external_sg is true - name: Detach and delete Internet Gateway if created amazon.aws.ec2_vpc_igw: region: "{{ ec2_instance_create_aws_region }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" state: absent + when: ec2_instance_create_associate_igw is defined and ec2_instance_create_associate_igw is true diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index 5a126cff..acd3cac6 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -2,7 +2,6 @@ - name: EC2 Instance creation or deletion based on operation module_defaults: group/aws: "{{ aws_setup_credentials__output }}" - block: - name: Include create operations include_tasks: ec2_instance_create_operations.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml index 9ee50da5..439744eb 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Integration tests for ec2_networking_resources role module_defaults: group/aws: @@ -16,5 +17,5 @@ include_tasks: tasks/test_ec2_with_igw_sg_eip.yml always: - - name: Delete resources required for test + - name: Delete any leftover resources used in tests ansible.builtin.include_tasks: teardown.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml index d6a1a0b6..de563309 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml @@ -9,13 +9,33 @@ state: absent ignore_errors: true + - name: Get list of route tables in VPC + amazon.aws.ec2_vpc_route_table_info: + region: "{{ aws_region }}" + filters: + vpc-id: "{{ vpc_id }}" + register: route_tables + + - name: Delete route tables associated with VPC + amazon.aws.ec2_vpc_route_table: + region: "{{ region }}" + route_table_id: "{{ item.route_table_id }}" + state: absent + loop: "{{ route_tables.route_tables }}" + when: route_tables.route_tables | length > 0 + ignore_errors: true + - name: Delete a VPC amazon.aws.ec2_vpc_net: cidr_block: "{{ test_vpc_cidr }}" vpc_id: "{{ test_vpc_id }}" region: "{{ aws_region }}" state: absent + register: delete_result ignore_errors: true + retries: 5 + delay: 5 + until: delete_result.changed - name: Delete a key amazon.aws.ec2_key: diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml index 927594d0..293ad596 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml @@ -27,12 +27,6 @@ retries: 12 delay: 5 - - name: Gather information about route table - amazon.aws.ec2_vpc_route_table_info: - filters: - vpc-id: "{{ vpc_id }}" - register: rtb_info - - name: Validate EC2 creation (no SG, no IGW, no EIP) ansible.builtin.assert: that: @@ -42,6 +36,7 @@ - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" - _ec2_instance.instances[0].key_name == ec2_key_name + # cleanup leftover resources created by role always: - name: Terminate EC2 instance amazon.aws.ec2_instance: @@ -49,11 +44,3 @@ instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" wait: true ignore_errors: true - - - name: Delete route table - amazon.aws.ec2_vpc_route_table: - vpc_id: "{{ vpc_id }}" - route_table_id: "{{ rtb_info.route_tables[0].id }}" - lookup: id - state: absent - ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml index fc36d446..2bcc9f21 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -58,18 +58,30 @@ "tag:Name": "{{ resource_prefix }}-igw" register: igw_info + - name: print internet gateway info + debug: + var: igw_info + - name: Gather information about security group amazon.aws.ec2_security_group_info: filters: "tag:Name": "{{ resource_prefix }}-sg" register: sg_info + - name: print security group info + debug: + var: sg_info + - name: Gather information about route table amazon.aws.ec2_vpc_route_table_info: filters: vpc-id: "{{ vpc_id }}" register: rtb_info + - name: print route table info + debug: + var: rtb_info + - name: Validate EC2 creation (SG, IGW, EIP) ansible.builtin.assert: that: @@ -78,7 +90,13 @@ - _ec2_instance.instances[0].tags.Name == "ec2-all-enabled-{{ resource_prefix }}" - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "{{ external_sg_name }}" - _ec2_instance.instances[0].key_name == ec2_key_name + - igw_info.internet_gateways[0].attachments[0].vpc_id == "{{ vpc_id }}" + - sg_info.security_groups[0].description == "{{ external_sg_description }}" + - sg_info.security_groups[0].vpc_id == "{{ vpc_id }}" + - rtb_info.route_tables[0].vpc_id == "{{ vpc_id }}" + + # cleanup leftover resources created by role always: - name: Terminate EC2 instance amazon.aws.ec2_instance: @@ -99,11 +117,3 @@ group_id: "{{ sg_info.security_groups[0].group_id }}" state: absent ignore_errors: true - - - name: Delete route table - amazon.aws.ec2_vpc_route_table: - vpc_id: "{{ vpc_id }}" - route_table_id: "{{ rtb_info.route_tables[0].id }}" - lookup: id - state: absent - ignore_errors: true From cf5f50c2d8b37b0f0a3309a2f9f99904ce376efc Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 12:50:19 -0800 Subject: [PATCH 24/39] linter fixes --- .../tasks/ec2_instance_create_operations.yml | 4 ++-- .../targets/test_ec2_instance_create/tasks/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 3a58db39..3cd2ce18 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -19,7 +19,7 @@ - name: Print warning and exit ansible.builtin.fail: - msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. + msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. Please provide different name to avoid updating instance." when: ec2_info_result.instances | length >= 1 @@ -98,4 +98,4 @@ ansible.builtin.debug: msg: - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance details: {{ _ec2_instance.instances[0] }}" \ No newline at end of file + - "Instance details: {{ _ec2_instance.instances[0] }}" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml index 439744eb..d85867d9 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/main.yml @@ -8,13 +8,13 @@ region: "{{ aws_region }}" block: - name: Create resources required for test - include_tasks: setup.yml + ansible.builtin.include_tasks: setup.yml - name: Run tests for case 1 - EC2 with no external sg, igw, eip - include_tasks: tasks/test_ec2_only.yml + ansible.builtin.include_tasks: tasks/test_ec2_only.yml - name: Run tests for case 2 - EC2 with external sg, igw, eip - include_tasks: tasks/test_ec2_with_igw_sg_eip.yml + ansible.builtin.include_tasks: tasks/test_ec2_with_igw_sg_eip.yml always: - name: Delete any leftover resources used in tests From 1f90b4f363958ae02c1c8da7ef8a3b8d76e814f7 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 12:53:36 -0800 Subject: [PATCH 25/39] linter fixes --- roles/ec2_instance_create/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml index acd3cac6..fb90b1c7 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create/tasks/main.yml @@ -4,9 +4,9 @@ group/aws: "{{ aws_setup_credentials__output }}" block: - name: Include create operations - include_tasks: ec2_instance_create_operations.yml + ansible.builtin.include_tasks: ec2_instance_create_operations.yml when: ec2_instance_create_operation == 'create' - name: Include delete operations - include_tasks: ec2_instance_delete_operations.yml + ansible.builtin.include_tasks: ec2_instance_delete_operations.yml when: ec2_instance_create_operation == 'delete' From 561d533654ddab5ccce08b56c3622aa80fecf4bc Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 15:49:18 -0800 Subject: [PATCH 26/39] create key pair if does not exist --- roles/ec2_instance_create/README.md | 3 ++- roles/ec2_instance_create/meta/argument_specs.yml | 2 +- .../tasks/ec2_instance_create_operations.yml | 15 +++++++++++++++ .../test_ec2_instance_create/defaults/main.yml | 1 - .../tasks/test_ec2_with_igw_sg_eip.yml | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index bd8cfded..aa2b4ace 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -12,7 +12,7 @@ The following variables can be set in the role to customize EC2 instance creatio ### Role operation -* **ec2_instance_create_operation**: (Required) +* **ec2_instance_create_operation**: (Optional) Whether to create or delete resources using the role. Default is `create`. Choices are `create` and `delete`. @@ -32,6 +32,7 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_key_name**: (Required) The name of the key pair to use for SSH access to the EC2 instance. + If the key does not exist, a key pair will be created with the name. * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 96ec1d49..135a01dc 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -86,7 +86,7 @@ argument_specs: type: dict ec2_instance_create_associate_igw: description: - - Whether to create and associate a internal gateway. + - Whether to create and associate an internal gateway. required: false default: false type: bool diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 3cd2ce18..a26833b6 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -23,6 +23,21 @@ Please provide different name to avoid updating instance." when: ec2_info_result.instances | length >= 1 +- name: Create a key pair if required + block: + - name: Get key pair info + amazon.aws.ec2_key_info: + names: + - "{{ ec2_instance_create_key_name }}" + register: key_info_result + + - name: Create new key pair + amazon.aws.ec2_key: + name: "{{ ec2_instance_create_key_name }}" + state: present + region: "{{ ec2_instance_create_aws_region }}" + when: key_info_result.keypairs | length == 0 + - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: region: "{{ ec2_instance_create_aws_region }}" diff --git a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml index 958fe7fc..48e80666 100644 --- a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml +++ b/tests/integration/targets/test_ec2_instance_create/defaults/main.yml @@ -3,7 +3,6 @@ aws_security_token: "{{ security_token | default(omit) }}" # VPC and Subnet Configuration vpc_name: "{{ resource_prefix }}-vpc" -test_vpc_name: 'vpc-{{ resource_prefix }}' test_vpc_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/16' test_subnet_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/24' diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml index 2bcc9f21..30e482e8 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -1,6 +1,6 @@ --- - block: - - name: Create EC2 instance with no external SG, no IGW, no EIP + - name: Create EC2 instance with external SG, IGW, EIP ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_create vars: From e6a8db82beda1adf0654e86b1eada8c757d8ee86 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Fri, 22 Nov 2024 15:53:56 -0800 Subject: [PATCH 27/39] minor fixes --- roles/ec2_instance_create/README.md | 10 +++++----- roles/ec2_instance_create/defaults/main.yml | 1 + .../tasks/ec2_instance_create_operations.yml | 8 ++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index aa2b4ace..77515562 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -37,10 +37,6 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. - * **ec2_instance_create_vpc_id**: (Optional) - The ID of the VPC used for security group and internet gateway. - Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. - * **ec2_instance_create_external_sg_id**: (Optional) The ID or name of the existing security group to be associated with EC2 instance. Mutually exclusive with `ec2_instance_create_associate_external_sg`. @@ -49,12 +45,16 @@ The following variables can be set in the role to customize EC2 instance creatio A dictionary of tags to assign to the EC2 instance. * **ec2_instance_create_wait_for_boot**: (Optional) - Whether to wait for the EC2 instance to be in the "running" state before continuing. Default is `true`. + Whether to wait for the EC2 instance to be in the "running" or "terminated" state before continuing. Default is `true`. ### Optional Networking Resources #### Elastic IP +* **ec2_instance_create_vpc_id**: (Optional) + The ID of the VPC used for security group and internet gateway. + Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. + * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. If set to `true` and provided VPC doesn't have an Internet Gateway (IGW) attached, please set `ec2_instance_create_associate_igw` to true to avoid failure due to VPC not having IGW attached. diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml index 59aef900..1a9bad15 100644 --- a/roles/ec2_instance_create/defaults/main.yml +++ b/roles/ec2_instance_create/defaults/main.yml @@ -1,4 +1,5 @@ --- +ec2_instance_create_operation: create ec2_instance_create_associate_eip: false ec2_instance_create_associate_external_sg: false ec2_instance_create_associate_igw: false diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index a26833b6..0c6e903b 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -7,7 +7,7 @@ Please provide only one to either associate existing or create new sg." when: ec2_instance_create_external_sg_id is defined and ec2_instance_create_associate_external_sg is defined and ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true -- name: Verify that the instance and security group with same name does not exist +- name: Verify that an instance with same name does not exist block: - name: Get instane info with provided name amazon.aws.ec2_instance_info: @@ -56,8 +56,8 @@ block: - name: Define security group amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" - description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}" + name: "{{ ec2_instance_create_external_sg_name }}" + description: "{{ ec2_instance_create_external_sg_description }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" rules: "{{ ec2_instance_create_external_sg_rules }}" tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" @@ -68,7 +68,7 @@ instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" + - "{{ ec2_instance_create_external_sg_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" register: ec2_instance_associate_external_sg From 0418042d1f34442464aeeccb8266cadda3a91961 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 25 Nov 2024 11:17:15 -0800 Subject: [PATCH 28/39] fix terminate task --- roles/ec2_instance_create/README.md | 22 +++++++++++++++++++ .../tasks/ec2_instance_delete_operations.yml | 14 +++++------- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 77515562..5f72a701 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -112,6 +112,7 @@ Here's an example of how to use the role in a playbook. Component: my-test-instance Environment: Testing ec2_instance_create_wait_for_boot: true + ec2_instance_create_vpc_id: vpc-xxxx # Optionally, enable security group creation ec2_instance_create_associate_external_sg: true ec2_instance_create_external_sg_name: my-custom-sg @@ -128,6 +129,27 @@ Here's an example of how to use the role in a playbook. ec2_instance_create_eip_tags: Component: my-custom-eip Environment: Testing + # Optionally, enable Internet Gateway association + ec2_instance_create_associate_igw: true + ec2_instance_create_igw_tags: + Environment: Testing + Name: "{{ resource_prefix }}-igw" + +--- +- name: Playbook for deleting EC2 instance and other role resources using cloud.aws_ops.ec2_instance_create role + hosts: localhost + gather_facts: false + roles: + - role: cloud.aws_ops.ec2_instance_create + vars: + ec2_instance_create_operation: delete + ec2_instance_create_aws_region: us-west-2 + ec2_instance_create_instance_name: my-test-instance + ec2_instance_create_wait_for_boot: true + ec2_instance_create_associate_external_sg: true + ec2_instance_create_external_sg_name: my-custom-sg + ec2_instance_create_associate_igw: true + ec2_instance_create_vpc_id: vpc-xxxx License ------- diff --git a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml index 97d5950f..ddffbcc7 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml @@ -1,16 +1,12 @@ --- -- name: Terminate EC2 instance +- name: Terminate EC2 Instance amazon.aws.ec2_instance: region: "{{ ec2_instance_create_aws_region }}" - name: "{{ ec2_instance_create_instance_name }}" - instance_type: "{{ ec2_instance_create_instance_type }}" - image_id: "{{ ec2_instance_create_ami_id }}" - key_name: "{{ ec2_instance_create_key_name }}" - vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" - tags: "{{ ec2_instance_create_tags | default(omit) }}" - wait: "{{ ec2_instance_create_wait_for_boot }}" state: absent + wait: "{{ ec2_instance_create_wait_for_boot }}" + filters: + tag:Name: "{{ ec2_instance_create_instance_name }}" + instance-state-name: ["running"] when: ec2_instance_create_instance_name is defined and ec2_instance_create_instance_name | length > 0 - name: Delete security group if created From d48f6e2a168774490ee32273ff44d19789584c73 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 25 Nov 2024 11:56:26 -0800 Subject: [PATCH 29/39] update logic to handle security group association --- roles/ec2_instance_create/README.md | 9 ++--- .../meta/argument_specs.yml | 7 +--- .../tasks/ec2_instance_create_operations.yml | 33 +++++++++---------- 3 files changed, 19 insertions(+), 30 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 5f72a701..5714c097 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -37,10 +37,6 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_subnet_id**: (Required) The ID of the VPC subnet in which the instance will be launched. -* **ec2_instance_create_external_sg_id**: (Optional) - The ID or name of the existing security group to be associated with EC2 instance. - Mutually exclusive with `ec2_instance_create_associate_external_sg`. - * **ec2_instance_create_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. @@ -74,9 +70,8 @@ The following variables can be set in the role to customize EC2 instance creatio #### External Security Group * **ec2_instance_create_associate_external_sg**: (Optional) - Whether to create and associate a security group with the EC2 instance for external access. Default is `false`. - If set to `true`, a security group will be created or associated with the instance. - Mutually exclusive with `ec2_instance_create_external_sg_id`. + Whether to associate existing or a new security group with the EC2 instance for external access. Default is `false`. + If set to `true`, existing security group provided with `ec2_instance_create_external_sg_name` or a new security group created by role will be associated with the instance. * **ec2_instance_create_external_sg_name**: (Optional) The name of the security group to create. Default is `ec2_instance_create-default-external-sg`. diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 135a01dc..7c747b86 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -63,7 +63,7 @@ argument_specs: type: bool ec2_instance_create_associate_external_sg: description: - - Whether to create and associate a security group for external access. + - Whether to associate an existing or a new security group for external access. required: false default: false type: bool @@ -96,11 +96,6 @@ argument_specs: - This is required when `ec2_instance_create_associate_external_sg` or `ec2_instance_create_associate_igw` is `true`. required: false type: str - ec2_instance_create_external_sg_id: - description: - - The ID or name of the security group to be associated with EC2 instance. - required: false - type: str ec2_instance_create_eip_tags: description: - Tags to assign to the Elastic IP. diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 0c6e903b..50745df7 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -1,12 +1,4 @@ --- -- name: Verify exclusive parameters - block: - - name: Check for security group ID - ansible.builtin.fail: - msg: "ec2_instance_create_external_sg_id and ec2_instance_create_associate_external_sg are mutually exlcusive. - Please provide only one to either associate existing or create new sg." - when: ec2_instance_create_external_sg_id is defined and ec2_instance_create_associate_external_sg is defined and ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true - - name: Verify that an instance with same name does not exist block: - name: Get instane info with provided name @@ -46,7 +38,6 @@ image_id: "{{ ec2_instance_create_ami_id }}" key_name: "{{ ec2_instance_create_key_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - security_group: "{{ ec2_instance_create_external_sg_id | default(omit) }}" tags: "{{ ec2_instance_create_tags | default(omit) }}" wait: "{{ ec2_instance_create_wait_for_boot }}" register: ec2_instance @@ -54,23 +45,31 @@ - name: Create security group if enabled when: ec2_instance_create_associate_external_sg is true block: - - name: Define security group + - name: Get SG info + amazon.aws.ec2_security_group_info: + region: "{{ ec2_instance_create_aws_region }}" + filters: + group-name: "{{ ec2_instance_create_sg_name }}" + register: sg_info_result + + - name: Create a new SG if it does not exist amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name }}" - description: "{{ ec2_instance_create_external_sg_description }}" + name: "{{ ec2_instance_create_sg_name }}" + description: "{{ ec2_instance_create_sg_description }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" - rules: "{{ ec2_instance_create_external_sg_rules }}" + rules: "{{ ec2_instance_create_sg_rules }}" tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" - register: ec2_group_creation + when: sg_info_result.security_groups | length == 0 + register: sg_creation - - name: Associate security group with EC2 instance + - name: Associate the SG to EC2 Instance(existing or newly created) amazon.aws.ec2_instance: instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_external_sg_name }}" + - "{{ ec2_instance_create_sg_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - register: ec2_instance_associate_external_sg + register: ec2_instance_associate_sg - name: Create and Attach Internet Gateway if enabled when: ec2_instance_create_associate_igw is true From 63fd294c7fcd88a793b880a26229b35066b0e591 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 25 Nov 2024 12:03:18 -0800 Subject: [PATCH 30/39] update readme --- roles/ec2_instance_create/README.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index 5714c097..f25a3401 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -10,7 +10,7 @@ This role also supports the creation of optional networking resources, such as a The following variables can be set in the role to customize EC2 instance creation and networking configurations: -### Role operation +### Role Operation * **ec2_instance_create_operation**: (Optional) Whether to create or delete resources using the role. Default is `create`. @@ -49,11 +49,11 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_vpc_id**: (Optional) The ID of the VPC used for security group and internet gateway. - Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`. + Required if `ec2_instance_create_associate_igw` or `ec2_instance_create_associate_eip` is `true`. * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. - If set to `true` and provided VPC doesn't have an Internet Gateway (IGW) attached, please set `ec2_instance_create_associate_igw` to true to avoid failure due to VPC not having IGW attached. + If set to `true` and the provided VPC doesn’t have an Internet Gateway (IGW) attached, set `ec2_instance_create_associate_igw` to `true` to avoid failure. * **ec2_instance_create_eip_tags**: (Optional) Tags to assign to the elastic IP. @@ -69,12 +69,10 @@ The following variables can be set in the role to customize EC2 instance creatio #### External Security Group -* **ec2_instance_create_associate_external_sg**: (Optional) - Whether to associate existing or a new security group with the EC2 instance for external access. Default is `false`. - If set to `true`, existing security group provided with `ec2_instance_create_external_sg_name` or a new security group created by role will be associated with the instance. - -* **ec2_instance_create_external_sg_name**: (Optional) - The name of the security group to create. Default is `ec2_instance_create-default-external-sg`. +* **ec2_instance_create_external_sg_name**: (Required) + The name of the security group to use for the EC2 instance. + The role will check if an SG with this name exists. If not, it will create a new one. + Default is `ec2_instance_create-default-external-sg`. * **ec2_instance_create_external_sg_description**: (Optional) A description for the security group. Default is `Security group for external access`. From 873229358236a8f767acffe07fa7be9e6936df65 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 25 Nov 2024 12:45:57 -0800 Subject: [PATCH 31/39] minor updates --- roles/ec2_instance_create/README.md | 4 ++-- roles/ec2_instance_create/meta/argument_specs.yml | 2 +- .../tasks/ec2_instance_create_operations.yml | 12 ++++++------ .../targets/test_ec2_instance_create/tasks/setup.yml | 2 +- .../tasks/test_ec2_with_igw_sg_eip.yml | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index f25a3401..f510c452 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -80,7 +80,7 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_external_sg_rules**: (Optional) A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. -* **ec2_instance_create_sg_tags**: (Optional) +* **ec2_instance_create_external_sg_tags**: (Optional) Tags to assign to the security group. ### Example: @@ -114,7 +114,7 @@ Here's an example of how to use the role in a playbook. - proto: tcp ports: "80" cidr_ip: "0.0.0.0/0" - ec2_instance_create_sg_tags: + ec2_instance_create_external_sg_tags: Component: my-custom-sg Environment: Testing # Optionally, enable Elastic IP association diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml index 7c747b86..10cdbb42 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create/meta/argument_specs.yml @@ -79,7 +79,7 @@ argument_specs: required: false default: "Security group for external access" type: str - ec2_instance_create_sg_tags: + ec2_instance_create_external_sg_tags: description: - Tags to assign to the security group. required: false diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml index 50745df7..13022d30 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml @@ -49,16 +49,16 @@ amazon.aws.ec2_security_group_info: region: "{{ ec2_instance_create_aws_region }}" filters: - group-name: "{{ ec2_instance_create_sg_name }}" + group-name: "{{ ec2_instance_create_external_sg_name }}" register: sg_info_result - name: Create a new SG if it does not exist amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_sg_name }}" - description: "{{ ec2_instance_create_sg_description }}" + name: "{{ ec2_instance_create_external_sg_name }}" + description: "{{ ec2_instance_create_external_sg_description }}" vpc_id: "{{ ec2_instance_create_vpc_id }}" - rules: "{{ ec2_instance_create_sg_rules }}" - tags: "{{ ec2_instance_create_sg_tags | default(omit) }}" + rules: "{{ ec2_instance_create_external_sg_rules }}" + tags: "{{ ec2_instance_create_external_sg_tags | default(omit) }}" when: sg_info_result.security_groups | length == 0 register: sg_creation @@ -67,7 +67,7 @@ instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_sg_name }}" + - "{{ ec2_instance_create_external_sg_name }}" vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" register: ec2_instance_associate_sg diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml index 5af1a029..cfb29c2d 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml @@ -18,7 +18,7 @@ - name: Create vpc to work in amazon.aws.ec2_vpc_net: cidr_block: "{{ test_vpc_cidr }}" - name: "{{ test_vpc_name }}" + name: "{{ vpc_name }}" state: present region: "{{ aws_region }}" register: vpc diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml index 30e482e8..37c3d6a0 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml @@ -27,7 +27,7 @@ - proto: tcp ports: 8000 cidr_ip: 10.0.1.0/16 - ec2_instance_create_sg_tags: + ec2_instance_create_external_sg_tags: Environment: Testing Name: "{{ resource_prefix }}-sg" From c975b9173c4b1d0432d834bb3f3239b57250197b Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 25 Nov 2024 13:34:43 -0800 Subject: [PATCH 32/39] sanity fix --- roles/ec2_instance_create/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md index f510c452..133cd0d5 100644 --- a/roles/ec2_instance_create/README.md +++ b/roles/ec2_instance_create/README.md @@ -53,7 +53,7 @@ The following variables can be set in the role to customize EC2 instance creatio * **ec2_instance_create_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. - If set to `true` and the provided VPC doesn’t have an Internet Gateway (IGW) attached, set `ec2_instance_create_associate_igw` to `true` to avoid failure. + If set to `true` and the provided VPC doesn't have an Internet Gateway (IGW) attached, set `ec2_instance_create_associate_igw` to `true` to avoid failure. * **ec2_instance_create_eip_tags**: (Optional) Tags to assign to the elastic IP. From 7324fd67bcf62fb66f679365ca36155aae4de9c5 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Sun, 1 Dec 2024 11:05:19 -0800 Subject: [PATCH 33/39] modified based on feedback --- roles/ec2_instance_create/README.md | 157 ---------------- roles/ec2_instance_create/defaults/main.yml | 12 -- .../tasks/ec2_instance_delete_operations.yml | 23 --- roles/ec2_instance_create_delete/README.md | 171 ++++++++++++++++++ .../defaults/main.yml | 12 ++ .../meta/argument_specs.yml | 44 ++--- .../meta/main.yml | 0 .../tasks/ec2_instance_create_operations.yml | 68 +++---- .../tasks/ec2_instance_delete_operations.yml | 23 +++ .../tasks/main.yml | 6 +- .../aliases | 0 .../defaults/main.yml | 0 .../tasks/main.yml | 0 .../tasks/setup.yml | 0 .../tasks/teardown.yml | 0 .../tasks/test_ec2_only.yml | 22 +-- .../tasks/test_ec2_with_igw_sg_eip.yml | 36 ++-- 17 files changed, 294 insertions(+), 280 deletions(-) delete mode 100644 roles/ec2_instance_create/README.md delete mode 100644 roles/ec2_instance_create/defaults/main.yml delete mode 100644 roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml create mode 100644 roles/ec2_instance_create_delete/README.md create mode 100644 roles/ec2_instance_create_delete/defaults/main.yml rename roles/{ec2_instance_create => ec2_instance_create_delete}/meta/argument_specs.yml (74%) rename roles/{ec2_instance_create => ec2_instance_create_delete}/meta/main.yml (100%) rename roles/{ec2_instance_create => ec2_instance_create_delete}/tasks/ec2_instance_create_operations.yml (51%) create mode 100644 roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml rename roles/{ec2_instance_create => ec2_instance_create_delete}/tasks/main.yml (59%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/aliases (100%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/defaults/main.yml (100%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/tasks/main.yml (100%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/tasks/setup.yml (100%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/tasks/teardown.yml (100%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/tasks/test_ec2_only.yml (63%) rename tests/integration/targets/{test_ec2_instance_create => test_ec2_instance_create_delete}/tasks/test_ec2_with_igw_sg_eip.yml (73%) diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md deleted file mode 100644 index 133cd0d5..00000000 --- a/roles/ec2_instance_create/README.md +++ /dev/null @@ -1,157 +0,0 @@ -# ec2_instance_create - -A role to create an EC2 instance in AWS. - -Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. - -This role also supports the creation of optional networking resources, such as an external security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. - -## Role Variables - -The following variables can be set in the role to customize EC2 instance creation and networking configurations: - -### Role Operation - -* **ec2_instance_create_operation**: (Optional) - Whether to create or delete resources using the role. Default is `create`. - Choices are `create` and `delete`. - -### EC2 Instance Configuration - -* **ec2_instance_create_aws_region**: (Required) - The AWS region in which to create the EC2 instance. - -* **ec2_instance_create_instance_name**: (Required) - The name of the EC2 instance to be created. - -* **ec2_instance_create_instance_type**: (Required) - The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). - -* **ec2_instance_create_ami_id**: (Required) - The AMI ID for the EC2 instance. - -* **ec2_instance_create_key_name**: (Required) - The name of the key pair to use for SSH access to the EC2 instance. - If the key does not exist, a key pair will be created with the name. - -* **ec2_instance_create_vpc_subnet_id**: (Required) - The ID of the VPC subnet in which the instance will be launched. - -* **ec2_instance_create_tags**: (Optional) - A dictionary of tags to assign to the EC2 instance. - -* **ec2_instance_create_wait_for_boot**: (Optional) - Whether to wait for the EC2 instance to be in the "running" or "terminated" state before continuing. Default is `true`. - -### Optional Networking Resources - -#### Elastic IP - -* **ec2_instance_create_vpc_id**: (Optional) - The ID of the VPC used for security group and internet gateway. - Required if `ec2_instance_create_associate_igw` or `ec2_instance_create_associate_eip` is `true`. - -* **ec2_instance_create_associate_eip**: (Optional) - Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. - If set to `true` and the provided VPC doesn't have an Internet Gateway (IGW) attached, set `ec2_instance_create_associate_igw` to `true` to avoid failure. - -* **ec2_instance_create_eip_tags**: (Optional) - Tags to assign to the elastic IP. - -#### Internet Gateway - -* **ec2_instance_create_associate_igw**: (Optional) - Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. - If set to `true`, an internet gateway will be created or associated with the instance. - -* **ec2_instance_create_igw_tags**: (Optional) - Tags to assign to the internet gateway. - -#### External Security Group - -* **ec2_instance_create_external_sg_name**: (Required) - The name of the security group to use for the EC2 instance. - The role will check if an SG with this name exists. If not, it will create a new one. - Default is `ec2_instance_create-default-external-sg`. - -* **ec2_instance_create_external_sg_description**: (Optional) - A description for the security group. Default is `Security group for external access`. - -* **ec2_instance_create_external_sg_rules**: (Optional) - A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. - -* **ec2_instance_create_external_sg_tags**: (Optional) - Tags to assign to the security group. - -### Example: - -Here's an example of how to use the role in a playbook. - -```yaml ---- -- name: Playbook for creating EC2 instance using cloud.aws_ops.ec2_instance_create role - hosts: localhost - gather_facts: false - roles: - - role: cloud.aws_ops.ec2_instance_create - vars: - ec2_instance_create_operation: create - ec2_instance_create_aws_region: us-west-2 - ec2_instance_create_instance_name: my-test-instance - ec2_instance_create_instance_type: t2.micro - ec2_instance_create_ami_id: ami-066a7fbaa12345678 - ec2_instance_create_vpc_subnet_id: subnet-071443aa123456789 - ec2_instance_create_tags: - Component: my-test-instance - Environment: Testing - ec2_instance_create_wait_for_boot: true - ec2_instance_create_vpc_id: vpc-xxxx - # Optionally, enable security group creation - ec2_instance_create_associate_external_sg: true - ec2_instance_create_external_sg_name: my-custom-sg - ec2_instance_create_external_sg_description: Security group for my custom access - ec2_instance_create_external_sg_rules: - - proto: tcp - ports: "80" - cidr_ip: "0.0.0.0/0" - ec2_instance_create_external_sg_tags: - Component: my-custom-sg - Environment: Testing - # Optionally, enable Elastic IP association - ec2_instance_create_associate_eip: true - ec2_instance_create_eip_tags: - Component: my-custom-eip - Environment: Testing - # Optionally, enable Internet Gateway association - ec2_instance_create_associate_igw: true - ec2_instance_create_igw_tags: - Environment: Testing - Name: "{{ resource_prefix }}-igw" - ---- -- name: Playbook for deleting EC2 instance and other role resources using cloud.aws_ops.ec2_instance_create role - hosts: localhost - gather_facts: false - roles: - - role: cloud.aws_ops.ec2_instance_create - vars: - ec2_instance_create_operation: delete - ec2_instance_create_aws_region: us-west-2 - ec2_instance_create_instance_name: my-test-instance - ec2_instance_create_wait_for_boot: true - ec2_instance_create_associate_external_sg: true - ec2_instance_create_external_sg_name: my-custom-sg - ec2_instance_create_associate_igw: true - ec2_instance_create_vpc_id: vpc-xxxx - -License -------- - -GNU General Public License v3.0 or later - -See [LICENSE](../../LICENSE) to see the full text. - -Author Information ------------------- - -- Ansible Cloud Content Team diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml deleted file mode 100644 index 1a9bad15..00000000 --- a/roles/ec2_instance_create/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -ec2_instance_create_operation: create -ec2_instance_create_associate_eip: false -ec2_instance_create_associate_external_sg: false -ec2_instance_create_associate_igw: false -ec2_instance_create_external_sg_description: "Security group for external access" -ec2_instance_create_external_sg_name: "ec2_instance_create-default-external-sg" -ec2_instance_create_wait_for_boot: true -ec2_instance_create_external_sg_rules: - - proto: tcp - ports: "22" - cidr_ip: "0.0.0.0/0" diff --git a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml deleted file mode 100644 index ddffbcc7..00000000 --- a/roles/ec2_instance_create/tasks/ec2_instance_delete_operations.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Terminate EC2 Instance - amazon.aws.ec2_instance: - region: "{{ ec2_instance_create_aws_region }}" - state: absent - wait: "{{ ec2_instance_create_wait_for_boot }}" - filters: - tag:Name: "{{ ec2_instance_create_instance_name }}" - instance-state-name: ["running"] - when: ec2_instance_create_instance_name is defined and ec2_instance_create_instance_name | length > 0 - -- name: Delete security group if created - amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name | default('ec2_instance_create-default-external-sg') }}" - state: absent - when: ec2_instance_create_associate_external_sg is defined and ec2_instance_create_associate_external_sg is true - -- name: Detach and delete Internet Gateway if created - amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - state: absent - when: ec2_instance_create_associate_igw is defined and ec2_instance_create_associate_igw is true diff --git a/roles/ec2_instance_create_delete/README.md b/roles/ec2_instance_create_delete/README.md new file mode 100644 index 00000000..79e7242f --- /dev/null +++ b/roles/ec2_instance_create_delete/README.md @@ -0,0 +1,171 @@ +# ec2_instance_create + +A role to create an EC2 instance in AWS. + +Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. + +This role also supports the creation of optional networking resources, such as an external security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. + +## Role Variables + +The following variables can be set in the role to customize EC2 instance creation and networking configurations: + +### Role Operation + +* **ec2_instance_create_delete_operation**: (Optional) + - Goal state for the instances. + - "O(state=present): ensures instances exist, but does not guarantee any state (e.g. running). Newly-launched instances will be run by EC2." + - "O(state=running): O(state=present) + ensures the instances are running." + - "O(state=started): O(state=running) + waits for EC2 status checks to report OK if O(wait=true)." + - "O(state=stopped): ensures an existing instance is stopped." + - "O(state=rebooted): convenience alias for O(state=stopped) immediately followed by O(state=running)." + - "O(state=restarted): convenience alias for O(state=stopped) immediately followed by O(state=started)." + - "O(state=terminated): ensures an existing instance is terminated." + - "O(state=absent): alias for O(state=terminated)." + choices are [present, terminated, running, started, stopped, restarted, rebooted, absent] + Default is `present`. + +### EC2 Instance Configuration + +* **ec2_instance_create_delete_aws_region**: (Required) + The AWS region in which to create the EC2 instance. + +* **ec2_instance_create_delete_instance_name**: (Required) + The name of the EC2 instance to be created. + +* **ec2_instance_create_delete_instance_type**: (Required) + The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). + +* **ec2_instance_create_delete_ami_id**: (Required) + The AMI ID for the EC2 instance. + +* **ec2_instance_create_delete_key_name**: (Optional) + The name of the key pair to use for SSH access to the EC2 instance. + If the key does not exist, a key pair will be created with the name. + +* **ec2_instance_create_delete_vpc_subnet_id**: (Optional) + The ID of the VPC subnet in which the instance will be launched. + If not provided, instance might get created with `default` subnet in the AWS region if present. + +* **ec2_instance_create_delete_tags**: (Optional) + A dictionary of tags to assign to the EC2 instance. + +* **ec2_instance_create_delete_wait_for_boot**: (Optional) + Whether to wait for the EC2 instance to be in the "running" or "terminated" state before continuing. Default is `true`. + +### Optional Networking Resources + +#### Elastic IP + +* **ec2_instance_create_delete_vpc_id**: (Optional) + The ID of the VPC used for security group and internet gateway. + Required if `ec2_instance_create_delete_associate_igw` or `ec2_instance_create_delete_associate_eip` is `true`. + +* **ec2_instance_create_delete_associate_eip**: (Optional) + Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. + If set to `true` and the provided VPC doesn't have an Internet Gateway (IGW) attached, set `ec2_instance_create_delete_associate_igw` to `true` to avoid failure. + +* **ec2_instance_create_delete_eip_tags**: (Optional) + Tags to assign to the elastic IP. + +#### Internet Gateway + +* **ec2_instance_create_delete_associate_igw**: (Optional) + Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. + If set to `true`, an internet gateway will be created or associated with the instance. + +* **ec2_instance_create_delete_igw_tags**: (Optional) + Tags to assign to the internet gateway. + +#### External Security Group + +* **ec2_instance_create_delete_associate_external_sg**: (Optional) + Whether to create and associate an security group with the EC2 instance. Default is `false`. + If set to `true`, an security group will be created or associated with the instance. + +* **ec2_instance_create_delete_external_sg_name**: (Required) + The name of the security group to use for the EC2 instance. + The role will check if an SG with this name exists. If not, it will create a new one. + Default is `ec2_instance_create-default-external-sg`. + +* **ec2_instance_create_delete_external_sg_description**: (Optional) + A description for the security group. Default is `Security group for external access`. + +* **ec2_instance_create_delete_external_sg_rules**: (Optional) + A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. + +* **ec2_instance_create_delete_external_sg_tags**: (Optional) + Tags to assign to the security group. + +### Example: + +Here's an example of how to use the role in a playbook. + +```yaml +--- +- name: Playbook for creating EC2 instance using cloud.aws_ops.ec2_instance_create role + hosts: localhost + gather_facts: false + roles: + - role: cloud.aws_ops.ec2_instance_create + vars: + ec2_instance_create_delete_operation: present + ec2_instance_create_delete_aws_region: us-west-2 + ec2_instance_create_delete_instance_name: my-test-instance + ec2_instance_create_delete_instance_type: t2.micro + ec2_instance_create_delete_ami_id: ami-066a7fbaa12345678 + ec2_instance_create_delete_vpc_subnet_id: subnet-071443aa123456789 + ec2_instance_create_delete_tags: + Component: my-test-instance + Environment: Testing + ec2_instance_create_delete_wait_for_boot: true + ec2_instance_create_delete_vpc_id: vpc-xxxx + # Optionally, enable security group creation + ec2_instance_create_delete_associate_external_sg: true + ec2_instance_create_delete_external_sg_name: my-custom-sg + ec2_instance_create_delete_external_sg_description: Security group for my custom access + ec2_instance_create_delete_external_sg_rules: + - proto: tcp + ports: "80" + cidr_ip: "0.0.0.0/0" + ec2_instance_create_delete_external_sg_tags: + Component: my-custom-sg + Environment: Testing + # Optionally, enable Elastic IP association + ec2_instance_create_delete_associate_eip: true + ec2_instance_create_delete_eip_tags: + Component: my-custom-eip + Environment: Testing + # Optionally, enable Internet Gateway association + ec2_instance_create_delete_associate_igw: true + ec2_instance_create_delete_igw_tags: + Environment: Testing + Name: "{{ resource_prefix }}-igw" + +--- +- name: Playbook for deleting EC2 instance and other role resources using cloud.aws_ops.ec2_instance_create role + hosts: localhost + gather_facts: false + roles: + - role: cloud.aws_ops.ec2_instance_create + vars: + ec2_instance_create_delete_operation: absent + ec2_instance_create_delete_aws_region: us-west-2 + ec2_instance_create_delete_instance_name: my-test-instance + ec2_instance_create_delete_wait_for_boot: true + ec2_instance_create_delete_associate_external_sg: true + ec2_instance_create_delete_external_sg_name: my-custom-sg + ec2_instance_create_delete_associate_igw: true + ec2_instance_create_delete_vpc_id: vpc-xxxx + +License +------- + +GNU General Public License v3.0 or later + +See [LICENSE](../../LICENSE) to see the full text. + +Author Information +------------------ + +- Ansible Cloud Content Team diff --git a/roles/ec2_instance_create_delete/defaults/main.yml b/roles/ec2_instance_create_delete/defaults/main.yml new file mode 100644 index 00000000..b08dace3 --- /dev/null +++ b/roles/ec2_instance_create_delete/defaults/main.yml @@ -0,0 +1,12 @@ +--- +ec2_instance_create_delete_operation: present +ec2_instance_create_delete_associate_eip: false +ec2_instance_create_delete_associate_external_sg: false +ec2_instance_create_delete_associate_igw: false +ec2_instance_create_delete_external_sg_description: "Security group for external access" +ec2_instance_create_delete_external_sg_name: "ec2_instance_create-default-external-sg" +ec2_instance_create_delete_wait_for_boot: true +ec2_instance_create_delete_external_sg_rules: + - proto: tcp + ports: "22" + cidr_ip: "0.0.0.0/0" diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create_delete/meta/argument_specs.yml similarity index 74% rename from roles/ec2_instance_create/meta/argument_specs.yml rename to roles/ec2_instance_create_delete/meta/argument_specs.yml index 10cdbb42..b22d21a9 100644 --- a/roles/ec2_instance_create/meta/argument_specs.yml +++ b/roles/ec2_instance_create_delete/meta/argument_specs.yml @@ -7,107 +7,107 @@ argument_specs: - Optionally can create a security group and associate an Elastic IP with the instance. - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. options: - ec2_instance_create_operation: + ec2_instance_create_delete_operation: description: - Whether to create or delete resources using the role. required: false type: str default: create choices: [create, delete] - ec2_instance_create_aws_region: + ec2_instance_create_delete_aws_region: description: - The AWS region in which to create the EC2 instance. required: true type: str - ec2_instance_create_instance_name: + ec2_instance_create_delete_instance_name: description: - The name of the EC2 instance to be created. required: true type: str - ec2_instance_create_instance_type: + ec2_instance_create_delete_instance_type: description: - The instance type for the EC2 instance. required: true type: str - ec2_instance_create_ami_id: + ec2_instance_create_delete_ami_id: description: - The AMI ID for the EC2 instance. required: true type: str - ec2_instance_create_key_name: + ec2_instance_create_delete_key_name: description: - The name of the key pair to use for SSH access to the EC2 instance. - required: true + required: false type: str - ec2_instance_create_vpc_subnet_id: + ec2_instance_create_delete_vpc_subnet_id: description: - The ID of the VPC subnet in which the instance will be launched. - required: true + required: false type: str - ec2_instance_create_tags: + ec2_instance_create_delete_tags: description: - A dictionary of tags to assign to the EC2 instance. required: false type: dict - ec2_instance_create_wait_for_boot: + ec2_instance_create_delete_wait_for_boot: description: - Whether to wait for the EC2 instance to be in the running state before continuing. required: false default: true type: bool - ec2_instance_create_associate_eip: + ec2_instance_create_delete_associate_eip: description: - Whether to create and associate an Elastic IP (EIP) with the EC2 instance. required: false default: false type: bool - ec2_instance_create_associate_external_sg: + ec2_instance_create_delete_associate_external_sg: description: - Whether to associate an existing or a new security group for external access. required: false default: false type: bool - ec2_instance_create_external_sg_name: + ec2_instance_create_delete_external_sg_name: description: - The name of the security group to create. required: false default: "ec2_instance_create-default-external-sg" type: str - ec2_instance_create_external_sg_description: + ec2_instance_create_delete_external_sg_description: description: - A description of the security group. required: false default: "Security group for external access" type: str - ec2_instance_create_external_sg_tags: + ec2_instance_create_delete_external_sg_tags: description: - Tags to assign to the security group. required: false type: dict - ec2_instance_create_associate_igw: + ec2_instance_create_delete_associate_igw: description: - Whether to create and associate an internal gateway. required: false default: false type: bool - ec2_instance_create_vpc_id: + ec2_instance_create_delete_vpc_id: description: - The ID of the VPC used for security group and internet gateway. - - This is required when `ec2_instance_create_associate_external_sg` or `ec2_instance_create_associate_igw` is `true`. + - This is required when `ec2_instance_create_delete_associate_external_sg` or `ec2_instance_create_delete_associate_igw` is `true`. required: false type: str - ec2_instance_create_eip_tags: + ec2_instance_create_delete_eip_tags: description: - Tags to assign to the Elastic IP. required: false type: dict - ec2_instance_create_external_sg_rules: + ec2_instance_create_delete_external_sg_rules: description: - A list of dict containing custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. required: false type: list elements: dict - ec2_instance_create_igw_tags: + ec2_instance_create_delete_igw_tags: description: - Tags to assign to the internet gateway. required: false diff --git a/roles/ec2_instance_create/meta/main.yml b/roles/ec2_instance_create_delete/meta/main.yml similarity index 100% rename from roles/ec2_instance_create/meta/main.yml rename to roles/ec2_instance_create_delete/meta/main.yml diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml similarity index 51% rename from roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml rename to roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml index 13022d30..e1b445de 100644 --- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml @@ -3,62 +3,62 @@ block: - name: Get instane info with provided name amazon.aws.ec2_instance_info: - region: "{{ ec2_instance_create_aws_region }}" + region: "{{ ec2_instance_create_delete_aws_region }}" filters: - tag:Name: "{{ ec2_instance_create_instance_name }}" - instance-state-name: ["running"] + tag:Name: "{{ ec2_instance_create_delete_instance_name }}" register: ec2_info_result - name: Print warning and exit ansible.builtin.fail: - msg: "Instance with name {{ ec2_instance_create_instance_name }} already exists in {{ ec2_instance_create_aws_region }}. + msg: "Instance with name {{ ec2_instance_create_delete_instance_name }} already exists in {{ ec2_instance_create_delete_aws_region }}. Please provide different name to avoid updating instance." when: ec2_info_result.instances | length >= 1 - name: Create a key pair if required + when: ec2_instance_create_key_name is defined and ec2_instance_create_key_name | length > 0 block: - name: Get key pair info amazon.aws.ec2_key_info: names: - - "{{ ec2_instance_create_key_name }}" + - "{{ ec2_instance_create_delete_key_name }}" register: key_info_result - name: Create new key pair amazon.aws.ec2_key: - name: "{{ ec2_instance_create_key_name }}" + name: "{{ ec2_instance_create_delete_key_name }}" state: present - region: "{{ ec2_instance_create_aws_region }}" + region: "{{ ec2_instance_create_delete_aws_region }}" when: key_info_result.keypairs | length == 0 - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: - region: "{{ ec2_instance_create_aws_region }}" - name: "{{ ec2_instance_create_instance_name }}" - instance_type: "{{ ec2_instance_create_instance_type }}" - image_id: "{{ ec2_instance_create_ami_id }}" - key_name: "{{ ec2_instance_create_key_name }}" - vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" - tags: "{{ ec2_instance_create_tags | default(omit) }}" - wait: "{{ ec2_instance_create_wait_for_boot }}" + region: "{{ ec2_instance_create_delete_aws_region }}" + name: "{{ ec2_instance_create_delete_instance_name }}" + instance_type: "{{ ec2_instance_create_delete_instance_type }}" + image_id: "{{ ec2_instance_create_delete_ami_id }}" + key_name: "{{ ec2_instance_create_delete_key_name }}" + vpc_subnet_id: "{{ ec2_instance_create_delete_vpc_subnet_id | default(omit) }}" + tags: "{{ ec2_instance_create_delete_tags | default(omit) }}" + wait: "{{ ec2_instance_create_delete_wait_for_boot }}" register: ec2_instance - name: Create security group if enabled - when: ec2_instance_create_associate_external_sg is true + when: ec2_instance_create_delete_associate_external_sg is true block: - name: Get SG info amazon.aws.ec2_security_group_info: - region: "{{ ec2_instance_create_aws_region }}" + region: "{{ ec2_instance_create_delete_aws_region }}" filters: - group-name: "{{ ec2_instance_create_external_sg_name }}" + group-name: "{{ ec2_instance_create_delete_external_sg_name }}" register: sg_info_result - name: Create a new SG if it does not exist amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_external_sg_name }}" - description: "{{ ec2_instance_create_external_sg_description }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" - rules: "{{ ec2_instance_create_external_sg_rules }}" - tags: "{{ ec2_instance_create_external_sg_tags | default(omit) }}" + name: "{{ ec2_instance_create_delete_external_sg_name }}" + description: "{{ ec2_instance_create_delete_external_sg_description }}" + vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" + rules: "{{ ec2_instance_create_delete_external_sg_rules }}" + tags: "{{ ec2_instance_create_delete_external_sg_tags | default(omit) }}" when: sg_info_result.security_groups | length == 0 register: sg_creation @@ -67,45 +67,45 @@ instance_ids: - "{{ ec2_instance.instance_ids[0] }}" security_groups: - - "{{ ec2_instance_create_external_sg_name }}" - vpc_subnet_id: "{{ ec2_instance_create_vpc_subnet_id }}" + - "{{ ec2_instance_create_delete_external_sg_name }}" + vpc_subnet_id: "{{ ec2_instance_create_delete_vpc_subnet_id }}" register: ec2_instance_associate_sg - name: Create and Attach Internet Gateway if enabled - when: ec2_instance_create_associate_igw is true + when: ec2_instance_create_delete_associate_igw is true block: - name: Create an Internet Gateway amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" + region: "{{ ec2_instance_create_delete_aws_region }}" + vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" state: present - tags: "{{ ec2_instance_create_igw_tags | default(omit) }}" + tags: "{{ ec2_instance_create_delete_igw_tags | default(omit) }}" register: internet_gateway - name: Modify the route table to route internet traffic to Internet Gateway amazon.aws.ec2_vpc_route_table: - region: "{{ ec2_instance_create_aws_region }}" - vpc_id: "{{ ec2_instance_create_vpc_id }}" + region: "{{ ec2_instance_create_delete_aws_region }}" + vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" routes: - dest: "0.0.0.0/0" gateway_id: "{{ internet_gateway.gateway_id }}" state: present - name: Create and associate Elastic IP if enabled - when: ec2_instance_create_associate_eip is true + when: ec2_instance_create_delete_associate_eip is true block: - name: Allocate and associate Elastic IP amazon.aws.ec2_eip: device_id: "{{ ec2_instance.instance_ids[0] }}" state: present release_on_disassociation: true - tags: "{{ ec2_instance_create_eip_tags | default(omit) }}" + tags: "{{ ec2_instance_create_delete_eip_tags | default(omit) }}" register: instance_eip - name: Get EC2 instance info amazon.aws.ec2_instance_info: instance_ids: "{{ ec2_instance.instance_ids[0] }}" - region: "{{ ec2_instance_create_aws_region }}" + region: "{{ ec2_instance_create_delete_aws_region }}" register: _ec2_instance - name: Output details of the created EC2 instance diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml new file mode 100644 index 00000000..ceead6e7 --- /dev/null +++ b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml @@ -0,0 +1,23 @@ +--- +- name: Terminate EC2 Instance + amazon.aws.ec2_instance: + region: "{{ ec2_instance_create_delete_aws_region }}" + state: absent + wait: "{{ ec2_instance_create_delete_wait_for_boot }}" + filters: + tag:Name: "{{ ec2_instance_create_delete_instance_name }}" + instance-state-name: ["running"] + when: ec2_instance_create_delete_instance_name is defined and ec2_instance_create_delete_instance_name | length > 0 + +- name: Delete security group if created + amazon.aws.ec2_security_group: + name: "{{ ec2_instance_create_delete_external_sg_name | default('ec2_instance_create-default-external-sg') }}" + state: absent + when: ec2_instance_create_delete_associate_external_sg is defined and ec2_instance_create_delete_associate_external_sg is true + +- name: Detach and delete Internet Gateway if created + amazon.aws.ec2_vpc_igw: + region: "{{ ec2_instance_create_delete_aws_region }}" + vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" + state: absent + when: ec2_instance_create_delete_associate_igw is defined and ec2_instance_create_delete_associate_igw is true diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create_delete/tasks/main.yml similarity index 59% rename from roles/ec2_instance_create/tasks/main.yml rename to roles/ec2_instance_create_delete/tasks/main.yml index fb90b1c7..d94f8cd5 100644 --- a/roles/ec2_instance_create/tasks/main.yml +++ b/roles/ec2_instance_create_delete/tasks/main.yml @@ -4,9 +4,9 @@ group/aws: "{{ aws_setup_credentials__output }}" block: - name: Include create operations - ansible.builtin.include_tasks: ec2_instance_create_operations.yml - when: ec2_instance_create_operation == 'create' + ansible.builtin.include_tasks: ec2_instance_create_delete_operations.yml + when: ec2_instance_create_delete_operation == 'create' - name: Include delete operations ansible.builtin.include_tasks: ec2_instance_delete_operations.yml - when: ec2_instance_create_operation == 'delete' + when: ec2_instance_create_delete_operation == 'delete' diff --git a/tests/integration/targets/test_ec2_instance_create/aliases b/tests/integration/targets/test_ec2_instance_create_delete/aliases similarity index 100% rename from tests/integration/targets/test_ec2_instance_create/aliases rename to tests/integration/targets/test_ec2_instance_create_delete/aliases diff --git a/tests/integration/targets/test_ec2_instance_create/defaults/main.yml b/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create/defaults/main.yml rename to tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create/tasks/main.yml rename to tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/setup.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create/tasks/setup.yml rename to tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create/tasks/teardown.yml rename to tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml similarity index 63% rename from tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml rename to tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml index 293ad596..79d75604 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_only.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml @@ -4,17 +4,17 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_create vars: - ec2_instance_create_operation: create - ec2_instance_create_aws_region: "{{ aws_region }}" - ec2_instance_create_instance_name: "only-ec2-{{ resource_prefix }}" - ec2_instance_create_instance_type: "{{ ec2_instance_type }}" - ec2_instance_create_ami_id: "{{ image_id }}" - ec2_instance_create_vpc_subnet_id: "{{ subnet_id }}" - ec2_instance_create_key_name: "{{ ec2_key_name }}" - ec2_instance_create_associate_external_sg: false - ec2_instance_create_associate_eip: false - ec2_instance_create_associate_igw: false - ec2_instance_create_tags: + ec2_instance_create_delete_operation: present + ec2_instance_create_delete_aws_region: "{{ aws_region }}" + ec2_instance_create_delete_instance_name: "only-ec2-{{ resource_prefix }}" + ec2_instance_create_delete_instance_type: "{{ ec2_instance_type }}" + ec2_instance_create_delete_ami_id: "{{ image_id }}" + ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" + ec2_instance_create_delete_key_name: "{{ ec2_key_name }}" + ec2_instance_create_delete_associate_external_sg: false + ec2_instance_create_delete_associate_eip: false + ec2_instance_create_delete_associate_igw: false + ec2_instance_create_delete_tags: Environment: Testing Name: "{{ resource_prefix }}-instance" diff --git a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml similarity index 73% rename from tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml rename to tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml index 37c3d6a0..0691bbc5 100644 --- a/tests/integration/targets/test_ec2_instance_create/tasks/test_ec2_with_igw_sg_eip.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml @@ -4,42 +4,42 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_create vars: - ec2_instance_create_operation: create - ec2_instance_create_aws_region: "{{ aws_region }}" - ec2_instance_create_instance_name: "ec2-all-enabled-{{ resource_prefix }}" - ec2_instance_create_instance_type: "{{ ec2_instance_type }}" - ec2_instance_create_ami_id: "{{ image_id }}" - ec2_instance_create_vpc_subnet_id: "{{ subnet_id }}" - ec2_instance_create_key_name: "{{ ec2_key_name }}" - ec2_instance_create_vpc_id: "{{ vpc_id }}" - ec2_instance_create_tags: + ec2_instance_create_delete_operation: present + ec2_instance_create_delete_aws_region: "{{ aws_region }}" + ec2_instance_create_delete_instance_name: "ec2-all-enabled-{{ resource_prefix }}" + ec2_instance_create_delete_instance_type: "{{ ec2_instance_type }}" + ec2_instance_create_delete_ami_id: "{{ image_id }}" + ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" + ec2_instance_create_delete_key_name: "{{ ec2_key_name }}" + ec2_instance_create_delete_vpc_id: "{{ vpc_id }}" + ec2_instance_create_delete_tags: Environment: Testing Name: "{{ resource_prefix }}-instance" # Optional: external security group - ec2_instance_create_associate_external_sg: true - ec2_instance_create_external_sg_name: "{{ external_sg_name }}" - ec2_instance_create_external_sg_description: "{{ external_sg_description }}" - ec2_instance_create_external_sg_rules: + ec2_instance_create_delete_associate_external_sg: true + ec2_instance_create_delete_external_sg_name: "{{ external_sg_name }}" + ec2_instance_create_delete_external_sg_description: "{{ external_sg_description }}" + ec2_instance_create_delete_external_sg_rules: - proto: tcp ports: 22 cidr_ip: 10.0.1.0/16 - proto: tcp ports: 8000 cidr_ip: 10.0.1.0/16 - ec2_instance_create_external_sg_tags: + ec2_instance_create_delete_external_sg_tags: Environment: Testing Name: "{{ resource_prefix }}-sg" # Optional: EIP - ec2_instance_create_associate_eip: true - ec2_instance_create_eip_tags: + ec2_instance_create_delete_associate_eip: true + ec2_instance_create_delete_eip_tags: Environment: Testing Name: "{{ resource_prefix }}-eip" # Optional: Internet Gateway - ec2_instance_create_associate_igw: true - ec2_instance_create_igw_tags: + ec2_instance_create_delete_associate_igw: true + ec2_instance_create_delete_igw_tags: Environment: Testing Name: "{{ resource_prefix }}-igw" From 076eade8d79a5a4808495cba44042d1cd4893d1a Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Thu, 5 Dec 2024 14:44:32 -0500 Subject: [PATCH 34/39] Updates to ec2_instance_create_delete role --- roles/ec2_instance_create_delete/README.md | 183 ++++++++---------- .../defaults/main.yml | 12 +- .../meta/argument_specs.yml | 77 ++------ .../tasks/ec2_instance_create_operations.yml | 92 +++------ .../tasks/ec2_instance_delete_operations.yml | 34 ++-- .../ec2_instance_create_delete/tasks/main.yml | 2 +- .../defaults/main.yml | 14 +- .../tasks/main.yml | 8 +- .../tasks/setup.yml | 26 +-- .../tasks/teardown.yml | 64 ++++-- .../tasks/test_ec2_all_options.yml | 76 ++++++++ .../tasks/test_ec2_only.yml | 46 ----- .../tasks/test_ec2_required_options.yml | 55 ++++++ .../tasks/test_ec2_with_igw_sg_eip.yml | 119 ------------ 14 files changed, 339 insertions(+), 469 deletions(-) create mode 100644 tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml delete mode 100644 tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml create mode 100644 tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml delete mode 100644 tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml diff --git a/roles/ec2_instance_create_delete/README.md b/roles/ec2_instance_create_delete/README.md index 79e7242f..bcca382c 100644 --- a/roles/ec2_instance_create_delete/README.md +++ b/roles/ec2_instance_create_delete/README.md @@ -2,108 +2,84 @@ A role to create an EC2 instance in AWS. -Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, and VPC/subnet configuration. - -This role also supports the creation of optional networking resources, such as an external security group and an Elastic IP (EIP). You can choose to wait for the EC2 instance to finish booting before continuing. +Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, VPC/subnet configuration, and whether to associate an EIP. You can choose to wait for the EC2 instance to finish booting before continuing. + +This role can be combined with the [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create networking resources for the instance, see [examples](#examples). + +## Requirements + +An AWS account with the following permissions: + +* ec2:AllocateAddress +* ec2:AssociateAddress +* ec2:CreateKeyPair +* ec2:DeleteKeyPair +* ec2:DescribeAddresses +* ec2:DescribeInstanceAttribute +* ec2:DescribeInstances +* ec2:DescribeInstanceStatus +* ec2:DescribeKeyPairs +* ec2:DescribeSecurityGroups +* ec2:DescribeSubnets +* ec2:DescribeVpcs +* ec2:DisassociateAddress +* ec2:ModifyInstanceAttribute +* ec2:ReleaseAddress +* ec2:RunInstances +* ec2:TerminateInstances ## Role Variables The following variables can be set in the role to customize EC2 instance creation and networking configurations: -### Role Operation - * **ec2_instance_create_delete_operation**: (Optional) - - Goal state for the instances. - - "O(state=present): ensures instances exist, but does not guarantee any state (e.g. running). Newly-launched instances will be run by EC2." - - "O(state=running): O(state=present) + ensures the instances are running." - - "O(state=started): O(state=running) + waits for EC2 status checks to report OK if O(wait=true)." - - "O(state=stopped): ensures an existing instance is stopped." - - "O(state=rebooted): convenience alias for O(state=stopped) immediately followed by O(state=running)." - - "O(state=restarted): convenience alias for O(state=stopped) immediately followed by O(state=started)." - - "O(state=terminated): ensures an existing instance is terminated." - - "O(state=absent): alias for O(state=terminated)." - choices are [present, terminated, running, started, stopped, restarted, rebooted, absent] - Default is `present`. - -### EC2 Instance Configuration - -* **ec2_instance_create_delete_aws_region**: (Required) - The AWS region in which to create the EC2 instance. + Target operation for the ec2 instance role. Choices are ["create", "delete"]. Defaults to "create". * **ec2_instance_create_delete_instance_name**: (Required) The name of the EC2 instance to be created. -* **ec2_instance_create_delete_instance_type**: (Required) - The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). +* **ec2_instance_create_delete_instance_type**: (Optional) + The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). Required when `ec2_instance_create_delete_operation` is `true` -* **ec2_instance_create_delete_ami_id**: (Required) - The AMI ID for the EC2 instance. +* **ec2_instance_create_delete_ami_id**: (Optional) + The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true` * **ec2_instance_create_delete_key_name**: (Optional) The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. + If not provided, instance will not be accessible via SSH. * **ec2_instance_create_delete_vpc_subnet_id**: (Optional) The ID of the VPC subnet in which the instance will be launched. - If not provided, instance might get created with `default` subnet in the AWS region if present. + If not provided, instance will be created in the default subnet for the default VPC in the AWS region if present. * **ec2_instance_create_delete_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. -* **ec2_instance_create_delete_wait_for_boot**: (Optional) - Whether to wait for the EC2 instance to be in the "running" or "terminated" state before continuing. Default is `true`. - -### Optional Networking Resources - -#### Elastic IP +* **ec2_instance_create_delete_wait_for_state**: (Optional) + Whether to wait for the EC2 instance to be in the "running" (if creating an instance) or "terminated" (if deleting an instance) state before continuing. Default is `true`. -* **ec2_instance_create_delete_vpc_id**: (Optional) - The ID of the VPC used for security group and internet gateway. - Required if `ec2_instance_create_delete_associate_igw` or `ec2_instance_create_delete_associate_eip` is `true`. +* **ec2_instance_create_delete_associate_security_groups**: (Optional) + List of security group IDs to associate with the EC2 instance. * **ec2_instance_create_delete_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. - If set to `true` and the provided VPC doesn't have an Internet Gateway (IGW) attached, set `ec2_instance_create_delete_associate_igw` to `true` to avoid failure. + If true, EC2 instance must be launched in a VPC with an Internet Gateway (IGW) attached, otherwise this will fail. Use [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create the necessary networking resources. * **ec2_instance_create_delete_eip_tags**: (Optional) Tags to assign to the elastic IP. -#### Internet Gateway - -* **ec2_instance_create_delete_associate_igw**: (Optional) - Whether to create and associate an internet gateway with the EC2 instance. Default is `false`. - If set to `true`, an internet gateway will be created or associated with the instance. - -* **ec2_instance_create_delete_igw_tags**: (Optional) - Tags to assign to the internet gateway. - -#### External Security Group +## Dependencies -* **ec2_instance_create_delete_associate_external_sg**: (Optional) - Whether to create and associate an security group with the EC2 instance. Default is `false`. - If set to `true`, an security group will be created or associated with the instance. +- role: [aws_setup_credentials](../aws_setup_credentials/README.md) -* **ec2_instance_create_delete_external_sg_name**: (Required) - The name of the security group to use for the EC2 instance. - The role will check if an SG with this name exists. If not, it will create a new one. - Default is `ec2_instance_create-default-external-sg`. +## Examples -* **ec2_instance_create_delete_external_sg_description**: (Optional) - A description for the security group. Default is `Security group for external access`. - -* **ec2_instance_create_delete_external_sg_rules**: (Optional) - A list of custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. - -* **ec2_instance_create_delete_external_sg_tags**: (Optional) - Tags to assign to the security group. - -### Example: - -Here's an example of how to use the role in a playbook. +Using the role on its own in a playbook: ```yaml --- -- name: Playbook for creating EC2 instance using cloud.aws_ops.ec2_instance_create role +- name: Create EC2 instance hosts: localhost gather_facts: false roles: @@ -118,54 +94,59 @@ Here's an example of how to use the role in a playbook. ec2_instance_create_delete_tags: Component: my-test-instance Environment: Testing - ec2_instance_create_delete_wait_for_boot: true - ec2_instance_create_delete_vpc_id: vpc-xxxx - # Optionally, enable security group creation - ec2_instance_create_delete_associate_external_sg: true - ec2_instance_create_delete_external_sg_name: my-custom-sg - ec2_instance_create_delete_external_sg_description: Security group for my custom access - ec2_instance_create_delete_external_sg_rules: - - proto: tcp - ports: "80" - cidr_ip: "0.0.0.0/0" - ec2_instance_create_delete_external_sg_tags: - Component: my-custom-sg - Environment: Testing - # Optionally, enable Elastic IP association - ec2_instance_create_delete_associate_eip: true - ec2_instance_create_delete_eip_tags: - Component: my-custom-eip - Environment: Testing - # Optionally, enable Internet Gateway association - ec2_instance_create_delete_associate_igw: true - ec2_instance_create_delete_igw_tags: - Environment: Testing - Name: "{{ resource_prefix }}-igw" + ec2_instance_create_delete_wait_for_state: true +``` + +Combining the role with [cloud.aws_ops.ec2_networking_resources](../ec2_networking_resources/README.md): +```yaml --- -- name: Playbook for deleting EC2 instance and other role resources using cloud.aws_ops.ec2_instance_create role +- name: Create EC2 networking resources and EC2 instance hosts: localhost gather_facts: false roles: + - role: cloud.aws_ops.ec2_networking_resources: + vars: + ec2_networking_resources_vpc_name: my-vpc + ec2_networking_resources_vpc_cidr_block: 10.0.0.0/24 + ec2_networking_resources_subnet_cidr_block: 10.0.0.0/25 + ec2_networking_resources_sg_internal_name: my-internal-sg + ec2_networking_resources_sg_external_name: my-external-sg + ec2_networking_resources_create_igw: true - role: cloud.aws_ops.ec2_instance_create vars: - ec2_instance_create_delete_operation: absent - ec2_instance_create_delete_aws_region: us-west-2 + ec2_instance_create_delete_operation: present + ec2_instance_create_delete_instance_name: my-test-instance + ec2_instance_create_delete_instance_type: t2.micro + ec2_instance_create_delete_ami_id: ami-066a7fbaa12345678 + ec2_instance_create_delete_vpc_subnet_id: "{{ ec2_networking_resources_subnet_result.subnet.id }}" + ec2_instance_create_delete_associate_security_groups: + - my-internal-sg + - my-external-sg + ec2_instance_create_delete_associate_eip: true +``` + +Deleting an EC2 instance: + +```yaml +--- +- name: Delete EC2 instance + hosts: localhost + gather_facts: false + roles: + - role: cloud.aws_ops.ec2_instance_create_delete + vars: + ec2_instance_create_delete_operation: delete ec2_instance_create_delete_instance_name: my-test-instance - ec2_instance_create_delete_wait_for_boot: true - ec2_instance_create_delete_associate_external_sg: true - ec2_instance_create_delete_external_sg_name: my-custom-sg - ec2_instance_create_delete_associate_igw: true - ec2_instance_create_delete_vpc_id: vpc-xxxx + ec2_instance_create_delete_wait_for_state: true +``` -License -------- +## License GNU General Public License v3.0 or later See [LICENSE](../../LICENSE) to see the full text. -Author Information ------------------- +## Author Information - Ansible Cloud Content Team diff --git a/roles/ec2_instance_create_delete/defaults/main.yml b/roles/ec2_instance_create_delete/defaults/main.yml index b08dace3..5b7cab08 100644 --- a/roles/ec2_instance_create_delete/defaults/main.yml +++ b/roles/ec2_instance_create_delete/defaults/main.yml @@ -1,12 +1,4 @@ --- -ec2_instance_create_delete_operation: present +ec2_instance_create_delete_operation: create +ec2_instance_create_delete_wait_for_state: true ec2_instance_create_delete_associate_eip: false -ec2_instance_create_delete_associate_external_sg: false -ec2_instance_create_delete_associate_igw: false -ec2_instance_create_delete_external_sg_description: "Security group for external access" -ec2_instance_create_delete_external_sg_name: "ec2_instance_create-default-external-sg" -ec2_instance_create_delete_wait_for_boot: true -ec2_instance_create_delete_external_sg_rules: - - proto: tcp - ports: "22" - cidr_ip: "0.0.0.0/0" diff --git a/roles/ec2_instance_create_delete/meta/argument_specs.yml b/roles/ec2_instance_create_delete/meta/argument_specs.yml index b22d21a9..fc49e8a3 100644 --- a/roles/ec2_instance_create_delete/meta/argument_specs.yml +++ b/roles/ec2_instance_create_delete/meta/argument_specs.yml @@ -4,8 +4,8 @@ argument_specs: short_description: A role to create an EC2 instance with optional networking resources. description: - A role to create an EC2 instance. - - Optionally can create a security group and associate an Elastic IP with the instance. - - Supports custom configurations for instance settings, including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. + - Can optionally attach security groups and associate an Elastic IP with the instance. + - Supports custom configurations for instance settings including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. options: ec2_instance_create_delete_operation: description: @@ -14,11 +14,6 @@ argument_specs: type: str default: create choices: [create, delete] - ec2_instance_create_delete_aws_region: - description: - - The AWS region in which to create the EC2 instance. - required: true - type: str ec2_instance_create_delete_instance_name: description: - The name of the EC2 instance to be created. @@ -26,22 +21,22 @@ argument_specs: type: str ec2_instance_create_delete_instance_type: description: - - The instance type for the EC2 instance. - required: true + - The instance type for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true`. + required: false type: str ec2_instance_create_delete_ami_id: description: - - The AMI ID for the EC2 instance. - required: true + - The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true`. + required: false type: str ec2_instance_create_delete_key_name: description: - - The name of the key pair to use for SSH access to the EC2 instance. + - The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. required: false type: str ec2_instance_create_delete_vpc_subnet_id: description: - - The ID of the VPC subnet in which the instance will be launched. + - The ID of the VPC subnet in which the instance will be launched. If not provided, instance will be created in the default subnet for the default VPC in the AWS region, if present. required: false type: str ec2_instance_create_delete_tags: @@ -49,66 +44,26 @@ argument_specs: - A dictionary of tags to assign to the EC2 instance. required: false type: dict - ec2_instance_create_delete_wait_for_boot: + ec2_instance_create_delete_wait_for_state: description: - - Whether to wait for the EC2 instance to be in the running state before continuing. + - Whether to wait for the EC2 instance to be in the running/terminated state before continuing. required: false default: true type: bool - ec2_instance_create_delete_associate_eip: - description: - - Whether to create and associate an Elastic IP (EIP) with the EC2 instance. - required: false - default: false - type: bool - ec2_instance_create_delete_associate_external_sg: - description: - - Whether to associate an existing or a new security group for external access. - required: false - default: false - type: bool - ec2_instance_create_delete_external_sg_name: - description: - - The name of the security group to create. - required: false - default: "ec2_instance_create-default-external-sg" - type: str - ec2_instance_create_delete_external_sg_description: - description: - - A description of the security group. - required: false - default: "Security group for external access" - type: str - ec2_instance_create_delete_external_sg_tags: + ec2_instance_create_delete_associate_security_groups: description: - - Tags to assign to the security group. + - List of security group names or IDs to associate with the EC2 instance. required: false - type: dict - ec2_instance_create_delete_associate_igw: + type: list + elements: str + ec2_instance_create_delete_associate_eip: description: - - Whether to create and associate an internal gateway. + - Whether to create and associate an Elastic IP (EIP) with the EC2 instance. required: false default: false type: bool - ec2_instance_create_delete_vpc_id: - description: - - The ID of the VPC used for security group and internet gateway. - - This is required when `ec2_instance_create_delete_associate_external_sg` or `ec2_instance_create_delete_associate_igw` is `true`. - required: false - type: str ec2_instance_create_delete_eip_tags: description: - Tags to assign to the Elastic IP. required: false type: dict - ec2_instance_create_delete_external_sg_rules: - description: - - A list of dict containing custom rules to add to the security group. Each rule is a dictionary with `proto`, `ports`, and `cidr_ip` keys. Default is to allow SSH (port 22) from `0.0.0.0/0`. - required: false - type: list - elements: dict - ec2_instance_create_delete_igw_tags: - description: - - Tags to assign to the internet gateway. - required: false - type: dict diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml index e1b445de..66f84999 100644 --- a/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml +++ b/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml @@ -1,21 +1,20 @@ --- - name: Verify that an instance with same name does not exist block: - - name: Get instane info with provided name + - name: Get instance info with provided name amazon.aws.ec2_instance_info: - region: "{{ ec2_instance_create_delete_aws_region }}" filters: tag:Name: "{{ ec2_instance_create_delete_instance_name }}" + instance-state-name: ["pending", "running", "stopping", "stopped"] register: ec2_info_result - - name: Print warning and exit + - name: Print warning and exit if instance exists ansible.builtin.fail: - msg: "Instance with name {{ ec2_instance_create_delete_instance_name }} already exists in {{ ec2_instance_create_delete_aws_region }}. - Please provide different name to avoid updating instance." - when: ec2_info_result.instances | length >= 1 + msg: "Instance with name {{ ec2_instance_create_delete_instance_name }} already exists in {{ aws_region }}. Please provide a different name to avoid updating the existing instance." + when: ec2_info_result.instances | length > 0 - name: Create a key pair if required - when: ec2_instance_create_key_name is defined and ec2_instance_create_key_name | length > 0 + when: ec2_instance_create_delete_key_name is defined and ec2_instance_create_delete_key_name | length > 0 block: - name: Get key pair info amazon.aws.ec2_key_info: @@ -27,85 +26,33 @@ amazon.aws.ec2_key: name: "{{ ec2_instance_create_delete_key_name }}" state: present - region: "{{ ec2_instance_create_delete_aws_region }}" when: key_info_result.keypairs | length == 0 + register: new_key_pair_result - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: - region: "{{ ec2_instance_create_delete_aws_region }}" + state: running name: "{{ ec2_instance_create_delete_instance_name }}" instance_type: "{{ ec2_instance_create_delete_instance_type }}" image_id: "{{ ec2_instance_create_delete_ami_id }}" - key_name: "{{ ec2_instance_create_delete_key_name }}" + key_name: "{{ ec2_instance_create_delete_key_name | default(omit) }}" + security_groups: "{{ ec2_instance_create_delete_associate_security_groups | default(omit, true) }}" vpc_subnet_id: "{{ ec2_instance_create_delete_vpc_subnet_id | default(omit) }}" tags: "{{ ec2_instance_create_delete_tags | default(omit) }}" - wait: "{{ ec2_instance_create_delete_wait_for_boot }}" + wait: "{{ ec2_instance_create_delete_wait_for_state }}" register: ec2_instance -- name: Create security group if enabled - when: ec2_instance_create_delete_associate_external_sg is true - block: - - name: Get SG info - amazon.aws.ec2_security_group_info: - region: "{{ ec2_instance_create_delete_aws_region }}" - filters: - group-name: "{{ ec2_instance_create_delete_external_sg_name }}" - register: sg_info_result - - - name: Create a new SG if it does not exist - amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_delete_external_sg_name }}" - description: "{{ ec2_instance_create_delete_external_sg_description }}" - vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" - rules: "{{ ec2_instance_create_delete_external_sg_rules }}" - tags: "{{ ec2_instance_create_delete_external_sg_tags | default(omit) }}" - when: sg_info_result.security_groups | length == 0 - register: sg_creation - - - name: Associate the SG to EC2 Instance(existing or newly created) - amazon.aws.ec2_instance: - instance_ids: - - "{{ ec2_instance.instance_ids[0] }}" - security_groups: - - "{{ ec2_instance_create_delete_external_sg_name }}" - vpc_subnet_id: "{{ ec2_instance_create_delete_vpc_subnet_id }}" - register: ec2_instance_associate_sg - -- name: Create and Attach Internet Gateway if enabled - when: ec2_instance_create_delete_associate_igw is true - block: - - name: Create an Internet Gateway - amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_delete_aws_region }}" - vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" - state: present - tags: "{{ ec2_instance_create_delete_igw_tags | default(omit) }}" - register: internet_gateway - - - name: Modify the route table to route internet traffic to Internet Gateway - amazon.aws.ec2_vpc_route_table: - region: "{{ ec2_instance_create_delete_aws_region }}" - vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" - routes: - - dest: "0.0.0.0/0" - gateway_id: "{{ internet_gateway.gateway_id }}" - state: present - -- name: Create and associate Elastic IP if enabled +- name: Allocate and associate Elastic IP if enabled when: ec2_instance_create_delete_associate_eip is true - block: - - name: Allocate and associate Elastic IP - amazon.aws.ec2_eip: - device_id: "{{ ec2_instance.instance_ids[0] }}" - state: present - release_on_disassociation: true - tags: "{{ ec2_instance_create_delete_eip_tags | default(omit) }}" - register: instance_eip + amazon.aws.ec2_eip: + device_id: "{{ ec2_instance.instance_ids[0] }}" + state: present + release_on_disassociation: true + register: instance_eip - name: Get EC2 instance info amazon.aws.ec2_instance_info: instance_ids: "{{ ec2_instance.instance_ids[0] }}" - region: "{{ ec2_instance_create_delete_aws_region }}" register: _ec2_instance - name: Output details of the created EC2 instance @@ -113,3 +60,8 @@ msg: - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" - "Instance details: {{ _ec2_instance.instances[0] }}" + +- name: Output private key if a new keypair was created + when: new_key_pair_result.key is defined + ansible.builtin.debug: + msg: "A new key pair was created for ssh access to the instance. Please save this private key for reference, it will not be accessible again: {{ new_key_pair_result.key.private_key }}" diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml index ceead6e7..f00b3e37 100644 --- a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml +++ b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml @@ -1,23 +1,23 @@ --- -- name: Terminate EC2 Instance - amazon.aws.ec2_instance: - region: "{{ ec2_instance_create_delete_aws_region }}" - state: absent - wait: "{{ ec2_instance_create_delete_wait_for_boot }}" +- name: Get instance info with provided name + amazon.aws.ec2_instance_info: filters: tag:Name: "{{ ec2_instance_create_delete_instance_name }}" - instance-state-name: ["running"] - when: ec2_instance_create_delete_instance_name is defined and ec2_instance_create_delete_instance_name | length > 0 + instance-state-name: ["pending", "running", "stopping", "stopped"] + register: ec2_info_result -- name: Delete security group if created - amazon.aws.ec2_security_group: - name: "{{ ec2_instance_create_delete_external_sg_name | default('ec2_instance_create-default-external-sg') }}" +- name: Disassociate and release EIP if present + when: ec2_info_result.instances | length > 0 + # and ec2_info_result.instances[0].network_interfaces.association.public_ip is defined + amazon.aws.ec2_eip: + device_id: "{{ ec2_info_result.instances[0].instance_id }}" state: absent - when: ec2_instance_create_delete_associate_external_sg is defined and ec2_instance_create_delete_associate_external_sg is true + release_on_disassociation: true -- name: Detach and delete Internet Gateway if created - amazon.aws.ec2_vpc_igw: - region: "{{ ec2_instance_create_delete_aws_region }}" - vpc_id: "{{ ec2_instance_create_delete_vpc_id }}" - state: absent - when: ec2_instance_create_delete_associate_igw is defined and ec2_instance_create_delete_associate_igw is true +- name: Terminate EC2 Instance if present + when: ec2_info_result.instances | length > 0 + amazon.aws.ec2_instance: + state: terminated + wait: "{{ ec2_instance_create_delete_wait_for_state }}" + instance_ids: + - "{{ ec2_info_result.instances[0].instance_id }}" diff --git a/roles/ec2_instance_create_delete/tasks/main.yml b/roles/ec2_instance_create_delete/tasks/main.yml index d94f8cd5..d386dd3f 100644 --- a/roles/ec2_instance_create_delete/tasks/main.yml +++ b/roles/ec2_instance_create_delete/tasks/main.yml @@ -4,7 +4,7 @@ group/aws: "{{ aws_setup_credentials__output }}" block: - name: Include create operations - ansible.builtin.include_tasks: ec2_instance_create_delete_operations.yml + ansible.builtin.include_tasks: ec2_instance_create_operations.yml when: ec2_instance_create_delete_operation == 'create' - name: Include delete operations diff --git a/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml b/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml index 48e80666..34557c47 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml @@ -1,15 +1,13 @@ --- aws_security_token: "{{ security_token | default(omit) }}" -# VPC and Subnet Configuration -vpc_name: "{{ resource_prefix }}-vpc" +# Network Configuration +test_vpc_name: "{{ resource_prefix }}-vpc" test_vpc_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/16' test_subnet_cidr: '101.{{ 255 | random(seed=resource_prefix) }}.0.0/24' +test_security_group_name: "{{ resource_prefix }}-sg" # EC2 Instance Configuration -ec2_instance_type: t2.micro -ec2_key_name: "{{ resource_prefix }}-ec2-key" - -# External Security Group Configuration -external_sg_name: "{{ resource_prefix }}-external-sg" -external_sg_description: "External Security Group for EC2" +test_ec2_instance_name: "{{ resource_prefix }}-ec2-instance" +test_ec2_instance_type: t2.micro +test_ec2_key_name: "{{ resource_prefix }}-ec2-key" diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml index d85867d9..9e3f4daf 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml @@ -10,11 +10,11 @@ - name: Create resources required for test ansible.builtin.include_tasks: setup.yml - - name: Run tests for case 1 - EC2 with no external sg, igw, eip - ansible.builtin.include_tasks: tasks/test_ec2_only.yml + - name: Run tests for case 1 - EC2 instance with required options only + ansible.builtin.include_tasks: tasks/test_ec2_required_options.yml - - name: Run tests for case 2 - EC2 with external sg, igw, eip - ansible.builtin.include_tasks: tasks/test_ec2_with_igw_sg_eip.yml + - name: Run tests for case 2 - EC2 instance with all options + ansible.builtin.include_tasks: tasks/test_ec2_all_options.yml always: - name: Delete any leftover resources used in tests diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml index cfb29c2d..311a5711 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml @@ -3,7 +3,6 @@ block: - name: Get AMI image ID using filters amazon.aws.ec2_ami_info: - region: "{{ aws_region }}" filters: architecture: x86_64 # CentOS Community Platform Engineering (CPE) @@ -18,32 +17,33 @@ - name: Create vpc to work in amazon.aws.ec2_vpc_net: cidr_block: "{{ test_vpc_cidr }}" - name: "{{ vpc_name }}" + name: "{{ test_vpc_name }}" state: present - region: "{{ aws_region }}" register: vpc - - name: Define VPC id - ansible.builtin.set_fact: - test_vpc_id: "{{ vpc.vpc.id }}" - - name: Create EC2 subnet amazon.aws.ec2_vpc_subnet: - vpc_id: "{{ test_vpc_id }}" + vpc_id: "{{ vpc.vpc.id }}" cidr: "{{ test_subnet_cidr }}" az: "{{ aws_region }}a" region: "{{ aws_region }}" register: subnet - - name: Create a key - amazon.aws.ec2_key: - name: "{{ ec2_key_name }}" + - name: Create security group + amazon.aws.ec2_security_group: + vpc_id: "{{ vpc.vpc.id }}" + name: "{{ test_security_group_name }}" + description: "Test security group for cloud.aws_ops.ec2_instance_create_delete role" + + - name: Create internet gateway + amazon.aws.ec2_vpc_igw: + vpc_id: "{{ vpc.vpc.id }}" state: present - region: "{{ aws_region }}" - register: ec2_key_result + register: gateway - name: Set facts for test resources ansible.builtin.set_fact: + gateway_id: "{{ gateway.gateway_id }}" image_id: "{{ images.images.0.image_id }}" subnet_id: "{{ subnet.subnet.id }}" vpc_id: "{{ vpc.vpc.id }}" diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml index de563309..6f3b7c99 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml @@ -1,45 +1,71 @@ --- - name: Teardown block: - - name: Delete Subnets + - name: Get instance info with provided name + amazon.aws.ec2_instance_info: + filters: + tag:Name: "{{ test_ec2_instance_name }}" + instance-state-name: ["pending", "running", "stopping", "stopped"] + register: ec2_info_result + + - name: Disassociate and release EIP if present + when: ec2_info_result.instances | length > 0 + amazon.aws.ec2_eip: + device_id: "{{ ec2_info_result.instances[0].instance_id }}" + state: absent + release_on_disassociation: true + + - name: Delete ec2 instance + amazon.aws.ec2_instance: + state: absent + filters: + "tag:Name": "{{ test_ec2_instance_name }}" + ignore_errors: true + + - name: Delete keypair + amazon.aws.ec2_key: + name: "{{ test_ec2_key_name }}" + state: absent + ignore_errors: true + + - name: Delete security group + amazon.aws.ec2_security_group: + name: "{{ test_security_group_name }}" + state: absent + ignore_errors: true + + - name: Delete subnet amazon.aws.ec2_vpc_subnet: - vpc_id: "{{ test_vpc_id }}" + vpc_id: "{{ vpc_id }}" cidr: "{{ test_subnet_cidr }}" - region: "{{ aws_region }}" + state: absent + ignore_errors: true + + - name: Delete internet gateway + amazon.aws.ec2_vpc_igw: + internet_gateway_id: "{{ gateway_id }}" + vpc_id: "{{ vpc_id }}" state: absent ignore_errors: true - name: Get list of route tables in VPC amazon.aws.ec2_vpc_route_table_info: - region: "{{ aws_region }}" filters: vpc-id: "{{ vpc_id }}" register: route_tables - name: Delete route tables associated with VPC amazon.aws.ec2_vpc_route_table: - region: "{{ region }}" + lookup: id route_table_id: "{{ item.route_table_id }}" state: absent loop: "{{ route_tables.route_tables }}" - when: route_tables.route_tables | length > 0 ignore_errors: true - - name: Delete a VPC + - name: Delete VPC amazon.aws.ec2_vpc_net: cidr_block: "{{ test_vpc_cidr }}" - vpc_id: "{{ test_vpc_id }}" - region: "{{ aws_region }}" + vpc_id: "{{ vpc_id }}" state: absent register: delete_result ignore_errors: true - retries: 5 - delay: 5 - until: delete_result.changed - - - name: Delete a key - amazon.aws.ec2_key: - name: "{{ resource_prefix }}-ec2-key" - region: "{{ aws_region }}" - state: absent - ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml new file mode 100644 index 00000000..a99c4521 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml @@ -0,0 +1,76 @@ +--- +- name: Run tests + block: + - name: Create EC2 instance with all options + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create_delete + vars: + ec2_instance_create_delete_operation: create + ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + ec2_instance_create_delete_instance_type: "{{ test_ec2_instance_type }}" + ec2_instance_create_delete_ami_id: "{{ image_id }}" + ec2_instance_create_delete_key_name: "{{ test_ec2_key_name }}" + ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" + ec2_instance_create_delete_tags: + Environment: Testing + ec2_instance_create_delete_wait_for_state: false + ec2_instance_create_delete_associate_security_groups: + - "{{ test_security_group_name }}" + ec2_instance_create_delete_associate_eip: true + ec2_instance_create_delete_eip_tags: + Environment: Testing + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + filters: + "tag:Name": "{{ test_ec2_instance_name }}" + instance-state-name: ["pending", "running"] + register: _ec2_instance + + - name: Validate EC2 creation + ansible.builtin.assert: + that: + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].instance_type == test_ec2_instance_type + - _ec2_instance.instances[0].image_id == image_id + - _ec2_instance.instances[0].key_name == test_ec2_key_name + - _ec2_instance.instances[0].subnet_id == subnet_id + - _ec2_instance.instances[0].tags.Environment == "Testing" + - _ec2_instance.instances[0].state.name in ["running", "pending"] + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == test_security_group_name + - _ec2_instance.instances[0].network_interfaces[0].association.public_ip is defined + + - name: Delete created instance + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create_delete + vars: + ec2_instance_create_delete_operation: delete + ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + instance_ids: + - "{{ _ec2_instance.instances[0].instance_id }}" + register: _deleted_ec2_instance + + - name: Validate EC2 termination + ansible.builtin.assert: + that: + - _deleted_ec2_instance.instances | length == 1 + - _deleted_ec2_instance.instances[0].state.name == "terminated" + + # cleanup leftover resources created by role + always: + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + filters: + "tag:Name": "{{ test_ec2_instance_name }}" + wait: true + ignore_errors: true + + - name: Delete created key + amazon.aws.ec2_key: + name: "{{ test_ec2_key_name }}" + state: absent + ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml deleted file mode 100644 index 79d75604..00000000 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_only.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- block: - - name: Create EC2 instance with no external SG, no IGW, no EIP - ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create - vars: - ec2_instance_create_delete_operation: present - ec2_instance_create_delete_aws_region: "{{ aws_region }}" - ec2_instance_create_delete_instance_name: "only-ec2-{{ resource_prefix }}" - ec2_instance_create_delete_instance_type: "{{ ec2_instance_type }}" - ec2_instance_create_delete_ami_id: "{{ image_id }}" - ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" - ec2_instance_create_delete_key_name: "{{ ec2_key_name }}" - ec2_instance_create_delete_associate_external_sg: false - ec2_instance_create_delete_associate_eip: false - ec2_instance_create_delete_associate_igw: false - ec2_instance_create_delete_tags: - Environment: Testing - Name: "{{ resource_prefix }}-instance" - - - name: Get EC2 instance info - amazon.aws.ec2_instance_info: - filters: - "tag:Name": "only-ec2-{{ resource_prefix }}" - register: _ec2_instance - until: _ec2_instance.instances[0].state.name == 'running' - retries: 12 - delay: 5 - - - name: Validate EC2 creation (no SG, no IGW, no EIP) - ansible.builtin.assert: - that: - - _ec2_instance.instances | length == 1 - - _ec2_instance.instances[0].state.name == 'running' - - _ec2_instance.instances[0].tags.Name == "only-ec2-{{ resource_prefix }}" - - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" - - _ec2_instance.instances[0].key_name == ec2_key_name - - # cleanup leftover resources created by role - always: - - name: Terminate EC2 instance - amazon.aws.ec2_instance: - state: absent - instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" - wait: true - ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml new file mode 100644 index 00000000..d3659fd8 --- /dev/null +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml @@ -0,0 +1,55 @@ +--- +- name: Run tests + block: + - name: Create EC2 instance with required options only + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create_delete + vars: + ec2_instance_create_delete_operation: create + ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + ec2_instance_create_delete_instance_type: "{{ test_ec2_instance_type }}" + ec2_instance_create_delete_ami_id: "{{ image_id }}" + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + filters: + "tag:Name": "{{ test_ec2_instance_name }}" + register: _ec2_instance + + - name: Validate EC2 creation + ansible.builtin.assert: + that: + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].instance_type == test_ec2_instance_type + - _ec2_instance.instances[0].image_id == image_id + - _ec2_instance.instances[0].state.name == "running" + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" + + - name: Delete created instance + ansible.builtin.include_role: + name: cloud.aws_ops.ec2_instance_create_delete + vars: + ec2_instance_create_delete_operation: delete + ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + + - name: Get EC2 instance info + amazon.aws.ec2_instance_info: + instance_ids: + - "{{ _ec2_instance.instances[0].instance_id }}" + register: _deleted_ec2_instance + + - name: Validate EC2 termination + ansible.builtin.assert: + that: + - _deleted_ec2_instance.instances | length == 1 + - _deleted_ec2_instance.instances[0].state.name == "terminated" + + # cleanup leftover resources created by role + always: + - name: Terminate EC2 instance + amazon.aws.ec2_instance: + state: absent + filters: + "tag:Name": "{{ test_ec2_instance_name }}" + wait: true + ignore_errors: true diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml deleted file mode 100644 index 0691bbc5..00000000 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_with_igw_sg_eip.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -- block: - - name: Create EC2 instance with external SG, IGW, EIP - ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create - vars: - ec2_instance_create_delete_operation: present - ec2_instance_create_delete_aws_region: "{{ aws_region }}" - ec2_instance_create_delete_instance_name: "ec2-all-enabled-{{ resource_prefix }}" - ec2_instance_create_delete_instance_type: "{{ ec2_instance_type }}" - ec2_instance_create_delete_ami_id: "{{ image_id }}" - ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" - ec2_instance_create_delete_key_name: "{{ ec2_key_name }}" - ec2_instance_create_delete_vpc_id: "{{ vpc_id }}" - ec2_instance_create_delete_tags: - Environment: Testing - Name: "{{ resource_prefix }}-instance" - - # Optional: external security group - ec2_instance_create_delete_associate_external_sg: true - ec2_instance_create_delete_external_sg_name: "{{ external_sg_name }}" - ec2_instance_create_delete_external_sg_description: "{{ external_sg_description }}" - ec2_instance_create_delete_external_sg_rules: - - proto: tcp - ports: 22 - cidr_ip: 10.0.1.0/16 - - proto: tcp - ports: 8000 - cidr_ip: 10.0.1.0/16 - ec2_instance_create_delete_external_sg_tags: - Environment: Testing - Name: "{{ resource_prefix }}-sg" - - # Optional: EIP - ec2_instance_create_delete_associate_eip: true - ec2_instance_create_delete_eip_tags: - Environment: Testing - Name: "{{ resource_prefix }}-eip" - - # Optional: Internet Gateway - ec2_instance_create_delete_associate_igw: true - ec2_instance_create_delete_igw_tags: - Environment: Testing - Name: "{{ resource_prefix }}-igw" - - - name: Get EC2 instance info - amazon.aws.ec2_instance_info: - filters: - "tag:Name": "ec2-all-enabled-{{ resource_prefix }}" - register: _ec2_instance - until: _ec2_instance.instances[0].state.name == 'running' - retries: 12 - delay: 5 - - - name: Gather information about Internet Gateway - amazon.aws.ec2_vpc_igw_info: - filters: - "tag:Name": "{{ resource_prefix }}-igw" - register: igw_info - - - name: print internet gateway info - debug: - var: igw_info - - - name: Gather information about security group - amazon.aws.ec2_security_group_info: - filters: - "tag:Name": "{{ resource_prefix }}-sg" - register: sg_info - - - name: print security group info - debug: - var: sg_info - - - name: Gather information about route table - amazon.aws.ec2_vpc_route_table_info: - filters: - vpc-id: "{{ vpc_id }}" - register: rtb_info - - - name: print route table info - debug: - var: rtb_info - - - name: Validate EC2 creation (SG, IGW, EIP) - ansible.builtin.assert: - that: - - _ec2_instance.instances | length == 1 - - _ec2_instance.instances[0].state.name == 'running' - - _ec2_instance.instances[0].tags.Name == "ec2-all-enabled-{{ resource_prefix }}" - - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "{{ external_sg_name }}" - - _ec2_instance.instances[0].key_name == ec2_key_name - - igw_info.internet_gateways[0].attachments[0].vpc_id == "{{ vpc_id }}" - - sg_info.security_groups[0].description == "{{ external_sg_description }}" - - sg_info.security_groups[0].vpc_id == "{{ vpc_id }}" - - rtb_info.route_tables[0].vpc_id == "{{ vpc_id }}" - - - # cleanup leftover resources created by role - always: - - name: Terminate EC2 instance - amazon.aws.ec2_instance: - state: absent - instance_ids: "{{ _ec2_instance.instances[0].instance_id }}" - wait: true - ignore_errors: true - - - name: Delete Internet gateway ensuring attached VPC is correct - amazon.aws.ec2_vpc_igw: - state: absent - internet_gateway_id: "{{ igw_info.internet_gateways[0].internet_gateway_id }}" - vpc_id: "{{ vpc_id }}" - ignore_errors: true - - - name: Delete security group - amazon.aws.ec2_security_group: - group_id: "{{ sg_info.security_groups[0].group_id }}" - state: absent - ignore_errors: true From 6a16f82fb21134f6d4157c0c2eedf9695f754740 Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Thu, 5 Dec 2024 15:08:43 -0500 Subject: [PATCH 35/39] Fix linting error --- .../tasks/test_ec2_all_options.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml index a99c4521..6071f79b 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml @@ -30,15 +30,15 @@ - name: Validate EC2 creation ansible.builtin.assert: that: - - _ec2_instance.instances | length == 1 - - _ec2_instance.instances[0].instance_type == test_ec2_instance_type - - _ec2_instance.instances[0].image_id == image_id - - _ec2_instance.instances[0].key_name == test_ec2_key_name - - _ec2_instance.instances[0].subnet_id == subnet_id - - _ec2_instance.instances[0].tags.Environment == "Testing" - - _ec2_instance.instances[0].state.name in ["running", "pending"] - - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == test_security_group_name - - _ec2_instance.instances[0].network_interfaces[0].association.public_ip is defined + - _ec2_instance.instances | length == 1 + - _ec2_instance.instances[0].instance_type == test_ec2_instance_type + - _ec2_instance.instances[0].image_id == image_id + - _ec2_instance.instances[0].key_name == test_ec2_key_name + - _ec2_instance.instances[0].subnet_id == subnet_id + - _ec2_instance.instances[0].tags.Environment == "Testing" + - _ec2_instance.instances[0].state.name in ["running", "pending"] + - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == test_security_group_name + - _ec2_instance.instances[0].network_interfaces[0].association.public_ip is defined - name: Delete created instance ansible.builtin.include_role: From c8956bc4851f757363885ba2b76ab66eb3c39b84 Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Thu, 5 Dec 2024 16:56:12 -0500 Subject: [PATCH 36/39] Add optional deletion of key pair --- roles/ec2_instance_create_delete/README.md | 5 +++-- .../meta/argument_specs.yml | 2 +- .../tasks/ec2_instance_delete_operations.yml | 6 ++++++ .../tasks/test_ec2_all_options.yml | 15 +++++++++++++-- .../tasks/test_ec2_required_options.yml | 3 ++- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/roles/ec2_instance_create_delete/README.md b/roles/ec2_instance_create_delete/README.md index bcca382c..334577ea 100644 --- a/roles/ec2_instance_create_delete/README.md +++ b/roles/ec2_instance_create_delete/README.md @@ -39,15 +39,16 @@ The following variables can be set in the role to customize EC2 instance creatio The name of the EC2 instance to be created. * **ec2_instance_create_delete_instance_type**: (Optional) - The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). Required when `ec2_instance_create_delete_operation` is `true` + The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). Required when `ec2_instance_create_delete_operation` is `create` * **ec2_instance_create_delete_ami_id**: (Optional) - The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true` + The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `create` * **ec2_instance_create_delete_key_name**: (Optional) The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. + If provided when `ec2_instance_create_delete_operation` is `delete`, the keypair will also be deleted. * **ec2_instance_create_delete_vpc_subnet_id**: (Optional) The ID of the VPC subnet in which the instance will be launched. diff --git a/roles/ec2_instance_create_delete/meta/argument_specs.yml b/roles/ec2_instance_create_delete/meta/argument_specs.yml index fc49e8a3..7f75285e 100644 --- a/roles/ec2_instance_create_delete/meta/argument_specs.yml +++ b/roles/ec2_instance_create_delete/meta/argument_specs.yml @@ -31,7 +31,7 @@ argument_specs: type: str ec2_instance_create_delete_key_name: description: - - The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. + - The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. If provided when `ec2_instance_create_delete_operation` is `delete`, the keypair will also be deleted. required: false type: str ec2_instance_create_delete_vpc_subnet_id: diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml index f00b3e37..27e5f868 100644 --- a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml +++ b/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml @@ -21,3 +21,9 @@ wait: "{{ ec2_instance_create_delete_wait_for_state }}" instance_ids: - "{{ ec2_info_result.instances[0].instance_id }}" + +- name: Delete keypair if provided + when: ec2_instance_create_delete_key_name is defined and ec2_instance_create_delete_key_name | length > 0 + amazon.aws.ec2_key: + name: "{{ ec2_instance_create_delete_key_name }}" + state: absent diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml index 6071f79b..ad66f523 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml @@ -13,7 +13,7 @@ ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" ec2_instance_create_delete_tags: Environment: Testing - ec2_instance_create_delete_wait_for_state: false + ec2_instance_create_delete_wait_for_state: true ec2_instance_create_delete_associate_security_groups: - "{{ test_security_group_name }}" ec2_instance_create_delete_associate_eip: true @@ -36,7 +36,7 @@ - _ec2_instance.instances[0].key_name == test_ec2_key_name - _ec2_instance.instances[0].subnet_id == subnet_id - _ec2_instance.instances[0].tags.Environment == "Testing" - - _ec2_instance.instances[0].state.name in ["running", "pending"] + - _ec2_instance.instances[0].state.name == "running" - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == test_security_group_name - _ec2_instance.instances[0].network_interfaces[0].association.public_ip is defined @@ -46,6 +46,7 @@ vars: ec2_instance_create_delete_operation: delete ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + ec2_instance_create_delete_key_name: "{{ test_ec2_key_name }}" - name: Get EC2 instance info amazon.aws.ec2_instance_info: @@ -59,6 +60,16 @@ - _deleted_ec2_instance.instances | length == 1 - _deleted_ec2_instance.instances[0].state.name == "terminated" + - name: Get key info + amazon.aws.ec2_key_info: + names: + - "{{ test_ec2_key_name }}" + register: _deleted_key + + - name: Verify that key pair was deleted + ansible.builtin.assert: + that: _deleted_key.keypairs | length == 0 + # cleanup leftover resources created by role always: - name: Terminate EC2 instance diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml index d3659fd8..427fdc7a 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml +++ b/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml @@ -9,6 +9,7 @@ ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" ec2_instance_create_delete_instance_type: "{{ test_ec2_instance_type }}" ec2_instance_create_delete_ami_id: "{{ image_id }}" + ec2_instance_create_delete_wait_for_state: false - name: Get EC2 instance info amazon.aws.ec2_instance_info: @@ -22,7 +23,7 @@ - _ec2_instance.instances | length == 1 - _ec2_instance.instances[0].instance_type == test_ec2_instance_type - _ec2_instance.instances[0].image_id == image_id - - _ec2_instance.instances[0].state.name == "running" + - _ec2_instance.instances[0].state.name in ["pending", "running"] - _ec2_instance.instances[0].network_interfaces[0].groups[0].group_name == "default" - name: Delete created instance From 79e661dfaa35e1ab5b3a312e933ec5339bbd847f Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Fri, 6 Dec 2024 10:06:28 -0500 Subject: [PATCH 37/39] Rename role to manage_ec2_instance --- .../defaults/main.yml | 4 - .../README.md | 80 +++++++++---------- roles/manage_ec2_instance/defaults/main.yml | 4 + .../meta/argument_specs.yml | 32 ++++---- .../meta/main.yml | 0 .../tasks/ec2_instance_create_operations.yml | 28 +++---- .../tasks/ec2_instance_delete_operations.yml | 8 +- .../tasks/main.yml | 4 +- .../test_ec2_instance_create_delete/aliases | 2 - .../targets/test_manage_ec2_instance/aliases | 2 + .../defaults/main.yml | 0 .../tasks/main.yml | 2 +- .../tasks/setup.yml | 2 +- .../tasks/teardown.yml | 0 .../tasks/test_ec2_all_options.yml | 32 ++++---- .../tasks/test_ec2_required_options.yml | 18 ++--- 16 files changed, 109 insertions(+), 109 deletions(-) delete mode 100644 roles/ec2_instance_create_delete/defaults/main.yml rename roles/{ec2_instance_create_delete => manage_ec2_instance}/README.md (58%) create mode 100644 roles/manage_ec2_instance/defaults/main.yml rename roles/{ec2_instance_create_delete => manage_ec2_instance}/meta/argument_specs.yml (69%) rename roles/{ec2_instance_create_delete => manage_ec2_instance}/meta/main.yml (100%) rename roles/{ec2_instance_create_delete => manage_ec2_instance}/tasks/ec2_instance_create_operations.yml (61%) rename roles/{ec2_instance_create_delete => manage_ec2_instance}/tasks/ec2_instance_delete_operations.yml (73%) rename roles/{ec2_instance_create_delete => manage_ec2_instance}/tasks/main.yml (75%) delete mode 100644 tests/integration/targets/test_ec2_instance_create_delete/aliases create mode 100644 tests/integration/targets/test_manage_ec2_instance/aliases rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/defaults/main.yml (100%) rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/tasks/main.yml (92%) rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/tasks/setup.yml (93%) rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/tasks/teardown.yml (100%) rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/tasks/test_ec2_all_options.yml (70%) rename tests/integration/targets/{test_ec2_instance_create_delete => test_manage_ec2_instance}/tasks/test_ec2_required_options.yml (72%) diff --git a/roles/ec2_instance_create_delete/defaults/main.yml b/roles/ec2_instance_create_delete/defaults/main.yml deleted file mode 100644 index 5b7cab08..00000000 --- a/roles/ec2_instance_create_delete/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -ec2_instance_create_delete_operation: create -ec2_instance_create_delete_wait_for_state: true -ec2_instance_create_delete_associate_eip: false diff --git a/roles/ec2_instance_create_delete/README.md b/roles/manage_ec2_instance/README.md similarity index 58% rename from roles/ec2_instance_create_delete/README.md rename to roles/manage_ec2_instance/README.md index 334577ea..534deb30 100644 --- a/roles/ec2_instance_create_delete/README.md +++ b/roles/manage_ec2_instance/README.md @@ -1,10 +1,10 @@ -# ec2_instance_create +# manage_ec2_instance -A role to create an EC2 instance in AWS. +A role to create or delete an EC2 instance in AWS. -Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, VPC/subnet configuration, and whether to associate an EIP. You can choose to wait for the EC2 instance to finish booting before continuing. +Users can specify various parameters for instance configuration, including instance type, AMI ID, key pair, tags, VPC/subnet configuration, and whether to associate an EIP. You can choose to wait for the EC2 instance to finish booting/terminating before continuing. -This role can be combined with the [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create networking resources for the instance, see [examples](#examples). +This role can be combined with the [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create/delete networking resources for the instance, see [examples](#examples). ## Requirements @@ -32,42 +32,42 @@ An AWS account with the following permissions: The following variables can be set in the role to customize EC2 instance creation and networking configurations: -* **ec2_instance_create_delete_operation**: (Optional) +* **manage_ec2_instance_operation**: (Optional) Target operation for the ec2 instance role. Choices are ["create", "delete"]. Defaults to "create". -* **ec2_instance_create_delete_instance_name**: (Required) - The name of the EC2 instance to be created. +* **manage_ec2_instance_instance_name**: (Required) + The name of the EC2 instance to be created/deleted. -* **ec2_instance_create_delete_instance_type**: (Optional) - The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). Required when `ec2_instance_create_delete_operation` is `create` +* **manage_ec2_instance_instance_type**: (Optional) + The instance type for the EC2 instance (e.g., `t2.micro`, `m5.large`). Required when `manage_ec2_instance_operation` is `create` -* **ec2_instance_create_delete_ami_id**: (Optional) - The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `create` +* **manage_ec2_instance_ami_id**: (Optional) + The AMI ID for the EC2 instance. Required when `manage_ec2_instance_operation` is `create` -* **ec2_instance_create_delete_key_name**: (Optional) +* **manage_ec2_instance_key_name**: (Optional) The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. - If provided when `ec2_instance_create_delete_operation` is `delete`, the keypair will also be deleted. + If provided when `manage_ec2_instance_operation` is `delete`, the keypair will also be deleted. -* **ec2_instance_create_delete_vpc_subnet_id**: (Optional) +* **manage_ec2_instance_vpc_subnet_id**: (Optional) The ID of the VPC subnet in which the instance will be launched. If not provided, instance will be created in the default subnet for the default VPC in the AWS region if present. -* **ec2_instance_create_delete_tags**: (Optional) +* **manage_ec2_instance_tags**: (Optional) A dictionary of tags to assign to the EC2 instance. -* **ec2_instance_create_delete_wait_for_state**: (Optional) +* **manage_ec2_instance_wait_for_state**: (Optional) Whether to wait for the EC2 instance to be in the "running" (if creating an instance) or "terminated" (if deleting an instance) state before continuing. Default is `true`. -* **ec2_instance_create_delete_associate_security_groups**: (Optional) +* **manage_ec2_instance_associate_security_groups**: (Optional) List of security group IDs to associate with the EC2 instance. -* **ec2_instance_create_delete_associate_eip**: (Optional) +* **manage_ec2_instance_associate_eip**: (Optional) Whether to create an Elastic IP (EIP) and associate it with the EC2 instance. Default is `false`. If true, EC2 instance must be launched in a VPC with an Internet Gateway (IGW) attached, otherwise this will fail. Use [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create the necessary networking resources. -* **ec2_instance_create_delete_eip_tags**: (Optional) +* **manage_ec2_instance_eip_tags**: (Optional) Tags to assign to the elastic IP. ## Dependencies @@ -84,18 +84,18 @@ Using the role on its own in a playbook: hosts: localhost gather_facts: false roles: - - role: cloud.aws_ops.ec2_instance_create + - role: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: present - ec2_instance_create_delete_aws_region: us-west-2 - ec2_instance_create_delete_instance_name: my-test-instance - ec2_instance_create_delete_instance_type: t2.micro - ec2_instance_create_delete_ami_id: ami-066a7fbaa12345678 - ec2_instance_create_delete_vpc_subnet_id: subnet-071443aa123456789 - ec2_instance_create_delete_tags: + manage_ec2_instance_operation: create + manage_ec2_instance_aws_region: us-west-2 + manage_ec2_instance_instance_name: my-test-instance + manage_ec2_instance_instance_type: t2.micro + manage_ec2_instance_ami_id: ami-066a7fbaa12345678 + manage_ec2_instance_vpc_subnet_id: subnet-071443aa123456789 + manage_ec2_instance_tags: Component: my-test-instance Environment: Testing - ec2_instance_create_delete_wait_for_state: true + manage_ec2_instance_wait_for_state: true ``` Combining the role with [cloud.aws_ops.ec2_networking_resources](../ec2_networking_resources/README.md): @@ -114,17 +114,17 @@ Combining the role with [cloud.aws_ops.ec2_networking_resources](../ec2_networki ec2_networking_resources_sg_internal_name: my-internal-sg ec2_networking_resources_sg_external_name: my-external-sg ec2_networking_resources_create_igw: true - - role: cloud.aws_ops.ec2_instance_create + - role: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: present - ec2_instance_create_delete_instance_name: my-test-instance - ec2_instance_create_delete_instance_type: t2.micro - ec2_instance_create_delete_ami_id: ami-066a7fbaa12345678 - ec2_instance_create_delete_vpc_subnet_id: "{{ ec2_networking_resources_subnet_result.subnet.id }}" - ec2_instance_create_delete_associate_security_groups: + manage_ec2_instance_operation: present + manage_ec2_instance_instance_name: my-test-instance + manage_ec2_instance_instance_type: t2.micro + manage_ec2_instance_ami_id: ami-066a7fbaa12345678 + manage_ec2_instance_vpc_subnet_id: "{{ ec2_networking_resources_subnet_result.subnet.id }}" + manage_ec2_instance_associate_security_groups: - my-internal-sg - my-external-sg - ec2_instance_create_delete_associate_eip: true + manage_ec2_instance_associate_eip: true ``` Deleting an EC2 instance: @@ -135,11 +135,11 @@ Deleting an EC2 instance: hosts: localhost gather_facts: false roles: - - role: cloud.aws_ops.ec2_instance_create_delete + - role: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: delete - ec2_instance_create_delete_instance_name: my-test-instance - ec2_instance_create_delete_wait_for_state: true + manage_ec2_instance_operation: delete + manage_ec2_instance_instance_name: my-test-instance + manage_ec2_instance_wait_for_state: true ``` ## License diff --git a/roles/manage_ec2_instance/defaults/main.yml b/roles/manage_ec2_instance/defaults/main.yml new file mode 100644 index 00000000..b9a9ae49 --- /dev/null +++ b/roles/manage_ec2_instance/defaults/main.yml @@ -0,0 +1,4 @@ +--- +manage_ec2_instance_operation: create +manage_ec2_instance_wait_for_state: true +manage_ec2_instance_associate_eip: false diff --git a/roles/ec2_instance_create_delete/meta/argument_specs.yml b/roles/manage_ec2_instance/meta/argument_specs.yml similarity index 69% rename from roles/ec2_instance_create_delete/meta/argument_specs.yml rename to roles/manage_ec2_instance/meta/argument_specs.yml index 7f75285e..844e0135 100644 --- a/roles/ec2_instance_create_delete/meta/argument_specs.yml +++ b/roles/manage_ec2_instance/meta/argument_specs.yml @@ -1,68 +1,68 @@ --- argument_specs: main: - short_description: A role to create an EC2 instance with optional networking resources. + short_description: A role to create or delete an EC2 instance with optional networking resources. description: - - A role to create an EC2 instance. + - A role to create or delete an EC2 instance. - Can optionally attach security groups and associate an Elastic IP with the instance. - Supports custom configurations for instance settings including instance type, AMI, key pair, tags, VPC/subnet, and networking configurations. options: - ec2_instance_create_delete_operation: + manage_ec2_instance_operation: description: - Whether to create or delete resources using the role. required: false type: str default: create choices: [create, delete] - ec2_instance_create_delete_instance_name: + manage_ec2_instance_instance_name: description: - The name of the EC2 instance to be created. required: true type: str - ec2_instance_create_delete_instance_type: + manage_ec2_instance_instance_type: description: - - The instance type for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true`. + - The instance type for the EC2 instance. Required when `manage_ec2_instance_operation` is `create`. required: false type: str - ec2_instance_create_delete_ami_id: + manage_ec2_instance_ami_id: description: - - The AMI ID for the EC2 instance. Required when `ec2_instance_create_delete_operation` is `true`. + - The AMI ID for the EC2 instance. Required when `manage_ec2_instance_operation` is `create`. required: false type: str - ec2_instance_create_delete_key_name: + manage_ec2_instance_key_name: description: - - The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. If provided when `ec2_instance_create_delete_operation` is `delete`, the keypair will also be deleted. + - The name of the key pair to use for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH. If provided when `manage_ec2_instance_operation` is `delete`, the keypair will also be deleted. required: false type: str - ec2_instance_create_delete_vpc_subnet_id: + manage_ec2_instance_vpc_subnet_id: description: - The ID of the VPC subnet in which the instance will be launched. If not provided, instance will be created in the default subnet for the default VPC in the AWS region, if present. required: false type: str - ec2_instance_create_delete_tags: + manage_ec2_instance_tags: description: - A dictionary of tags to assign to the EC2 instance. required: false type: dict - ec2_instance_create_delete_wait_for_state: + manage_ec2_instance_wait_for_state: description: - Whether to wait for the EC2 instance to be in the running/terminated state before continuing. required: false default: true type: bool - ec2_instance_create_delete_associate_security_groups: + manage_ec2_instance_associate_security_groups: description: - List of security group names or IDs to associate with the EC2 instance. required: false type: list elements: str - ec2_instance_create_delete_associate_eip: + manage_ec2_instance_associate_eip: description: - Whether to create and associate an Elastic IP (EIP) with the EC2 instance. required: false default: false type: bool - ec2_instance_create_delete_eip_tags: + manage_ec2_instance_eip_tags: description: - Tags to assign to the Elastic IP. required: false diff --git a/roles/ec2_instance_create_delete/meta/main.yml b/roles/manage_ec2_instance/meta/main.yml similarity index 100% rename from roles/ec2_instance_create_delete/meta/main.yml rename to roles/manage_ec2_instance/meta/main.yml diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml similarity index 61% rename from roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml rename to roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml index 66f84999..5b796c49 100644 --- a/roles/ec2_instance_create_delete/tasks/ec2_instance_create_operations.yml +++ b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml @@ -4,27 +4,27 @@ - name: Get instance info with provided name amazon.aws.ec2_instance_info: filters: - tag:Name: "{{ ec2_instance_create_delete_instance_name }}" + tag:Name: "{{ manage_ec2_instance_instance_name }}" instance-state-name: ["pending", "running", "stopping", "stopped"] register: ec2_info_result - name: Print warning and exit if instance exists ansible.builtin.fail: - msg: "Instance with name {{ ec2_instance_create_delete_instance_name }} already exists in {{ aws_region }}. Please provide a different name to avoid updating the existing instance." + msg: "Instance with name {{ manage_ec2_instance_instance_name }} already exists in {{ aws_region }}. Please provide a different name to avoid updating the existing instance." when: ec2_info_result.instances | length > 0 - name: Create a key pair if required - when: ec2_instance_create_delete_key_name is defined and ec2_instance_create_delete_key_name | length > 0 + when: manage_ec2_instance_key_name is defined and manage_ec2_instance_key_name | length > 0 block: - name: Get key pair info amazon.aws.ec2_key_info: names: - - "{{ ec2_instance_create_delete_key_name }}" + - "{{ manage_ec2_instance_key_name }}" register: key_info_result - name: Create new key pair amazon.aws.ec2_key: - name: "{{ ec2_instance_create_delete_key_name }}" + name: "{{ manage_ec2_instance_key_name }}" state: present when: key_info_result.keypairs | length == 0 register: new_key_pair_result @@ -32,18 +32,18 @@ - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: state: running - name: "{{ ec2_instance_create_delete_instance_name }}" - instance_type: "{{ ec2_instance_create_delete_instance_type }}" - image_id: "{{ ec2_instance_create_delete_ami_id }}" - key_name: "{{ ec2_instance_create_delete_key_name | default(omit) }}" - security_groups: "{{ ec2_instance_create_delete_associate_security_groups | default(omit, true) }}" - vpc_subnet_id: "{{ ec2_instance_create_delete_vpc_subnet_id | default(omit) }}" - tags: "{{ ec2_instance_create_delete_tags | default(omit) }}" - wait: "{{ ec2_instance_create_delete_wait_for_state }}" + name: "{{ manage_ec2_instance_instance_name }}" + instance_type: "{{ manage_ec2_instance_instance_type }}" + image_id: "{{ manage_ec2_instance_ami_id }}" + key_name: "{{ manage_ec2_instance_key_name | default(omit) }}" + security_groups: "{{ manage_ec2_instance_associate_security_groups | default(omit, true) }}" + vpc_subnet_id: "{{ manage_ec2_instance_vpc_subnet_id | default(omit) }}" + tags: "{{ manage_ec2_instance_tags | default(omit) }}" + wait: "{{ manage_ec2_instance_wait_for_state }}" register: ec2_instance - name: Allocate and associate Elastic IP if enabled - when: ec2_instance_create_delete_associate_eip is true + when: manage_ec2_instance_associate_eip is true amazon.aws.ec2_eip: device_id: "{{ ec2_instance.instance_ids[0] }}" state: present diff --git a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml b/roles/manage_ec2_instance/tasks/ec2_instance_delete_operations.yml similarity index 73% rename from roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml rename to roles/manage_ec2_instance/tasks/ec2_instance_delete_operations.yml index 27e5f868..4e8685b7 100644 --- a/roles/ec2_instance_create_delete/tasks/ec2_instance_delete_operations.yml +++ b/roles/manage_ec2_instance/tasks/ec2_instance_delete_operations.yml @@ -2,7 +2,7 @@ - name: Get instance info with provided name amazon.aws.ec2_instance_info: filters: - tag:Name: "{{ ec2_instance_create_delete_instance_name }}" + tag:Name: "{{ manage_ec2_instance_instance_name }}" instance-state-name: ["pending", "running", "stopping", "stopped"] register: ec2_info_result @@ -18,12 +18,12 @@ when: ec2_info_result.instances | length > 0 amazon.aws.ec2_instance: state: terminated - wait: "{{ ec2_instance_create_delete_wait_for_state }}" + wait: "{{ manage_ec2_instance_wait_for_state }}" instance_ids: - "{{ ec2_info_result.instances[0].instance_id }}" - name: Delete keypair if provided - when: ec2_instance_create_delete_key_name is defined and ec2_instance_create_delete_key_name | length > 0 + when: manage_ec2_instance_key_name is defined and manage_ec2_instance_key_name | length > 0 amazon.aws.ec2_key: - name: "{{ ec2_instance_create_delete_key_name }}" + name: "{{ manage_ec2_instance_key_name }}" state: absent diff --git a/roles/ec2_instance_create_delete/tasks/main.yml b/roles/manage_ec2_instance/tasks/main.yml similarity index 75% rename from roles/ec2_instance_create_delete/tasks/main.yml rename to roles/manage_ec2_instance/tasks/main.yml index d386dd3f..6d5fcc03 100644 --- a/roles/ec2_instance_create_delete/tasks/main.yml +++ b/roles/manage_ec2_instance/tasks/main.yml @@ -5,8 +5,8 @@ block: - name: Include create operations ansible.builtin.include_tasks: ec2_instance_create_operations.yml - when: ec2_instance_create_delete_operation == 'create' + when: manage_ec2_instance_operation == 'create' - name: Include delete operations ansible.builtin.include_tasks: ec2_instance_delete_operations.yml - when: ec2_instance_create_delete_operation == 'delete' + when: manage_ec2_instance_operation == 'delete' diff --git a/tests/integration/targets/test_ec2_instance_create_delete/aliases b/tests/integration/targets/test_ec2_instance_create_delete/aliases deleted file mode 100644 index 5f4238a0..00000000 --- a/tests/integration/targets/test_ec2_instance_create_delete/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -role/ec2_instance_create diff --git a/tests/integration/targets/test_manage_ec2_instance/aliases b/tests/integration/targets/test_manage_ec2_instance/aliases new file mode 100644 index 00000000..c7d4ecb7 --- /dev/null +++ b/tests/integration/targets/test_manage_ec2_instance/aliases @@ -0,0 +1,2 @@ +cloud/aws +role/manage_ec2_instance diff --git a/tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml b/tests/integration/targets/test_manage_ec2_instance/defaults/main.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create_delete/defaults/main.yml rename to tests/integration/targets/test_manage_ec2_instance/defaults/main.yml diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml b/tests/integration/targets/test_manage_ec2_instance/tasks/main.yml similarity index 92% rename from tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml rename to tests/integration/targets/test_manage_ec2_instance/tasks/main.yml index 9e3f4daf..ae7840ce 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/main.yml +++ b/tests/integration/targets/test_manage_ec2_instance/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Integration tests for ec2_networking_resources role +- name: Integration tests for manage_ec2_instance role module_defaults: group/aws: aws_access_key: "{{ aws_access_key }}" diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml b/tests/integration/targets/test_manage_ec2_instance/tasks/setup.yml similarity index 93% rename from tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml rename to tests/integration/targets/test_manage_ec2_instance/tasks/setup.yml index 311a5711..03b55d86 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/setup.yml +++ b/tests/integration/targets/test_manage_ec2_instance/tasks/setup.yml @@ -33,7 +33,7 @@ amazon.aws.ec2_security_group: vpc_id: "{{ vpc.vpc.id }}" name: "{{ test_security_group_name }}" - description: "Test security group for cloud.aws_ops.ec2_instance_create_delete role" + description: "Test security group for cloud.aws_ops.manage_ec2_instance role" - name: Create internet gateway amazon.aws.ec2_vpc_igw: diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml b/tests/integration/targets/test_manage_ec2_instance/tasks/teardown.yml similarity index 100% rename from tests/integration/targets/test_ec2_instance_create_delete/tasks/teardown.yml rename to tests/integration/targets/test_manage_ec2_instance/tasks/teardown.yml diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml b/tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_all_options.yml similarity index 70% rename from tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml rename to tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_all_options.yml index ad66f523..89cb434f 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_all_options.yml +++ b/tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_all_options.yml @@ -3,21 +3,21 @@ block: - name: Create EC2 instance with all options ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create_delete + name: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: create - ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" - ec2_instance_create_delete_instance_type: "{{ test_ec2_instance_type }}" - ec2_instance_create_delete_ami_id: "{{ image_id }}" - ec2_instance_create_delete_key_name: "{{ test_ec2_key_name }}" - ec2_instance_create_delete_vpc_subnet_id: "{{ subnet_id }}" - ec2_instance_create_delete_tags: + manage_ec2_instance_operation: create + manage_ec2_instance_instance_name: "{{ test_ec2_instance_name }}" + manage_ec2_instance_instance_type: "{{ test_ec2_instance_type }}" + manage_ec2_instance_ami_id: "{{ image_id }}" + manage_ec2_instance_key_name: "{{ test_ec2_key_name }}" + manage_ec2_instance_vpc_subnet_id: "{{ subnet_id }}" + manage_ec2_instance_tags: Environment: Testing - ec2_instance_create_delete_wait_for_state: true - ec2_instance_create_delete_associate_security_groups: + manage_ec2_instance_wait_for_state: true + manage_ec2_instance_associate_security_groups: - "{{ test_security_group_name }}" - ec2_instance_create_delete_associate_eip: true - ec2_instance_create_delete_eip_tags: + manage_ec2_instance_associate_eip: true + manage_ec2_instance_eip_tags: Environment: Testing - name: Get EC2 instance info @@ -42,11 +42,11 @@ - name: Delete created instance ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create_delete + name: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: delete - ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" - ec2_instance_create_delete_key_name: "{{ test_ec2_key_name }}" + manage_ec2_instance_operation: delete + manage_ec2_instance_instance_name: "{{ test_ec2_instance_name }}" + manage_ec2_instance_key_name: "{{ test_ec2_key_name }}" - name: Get EC2 instance info amazon.aws.ec2_instance_info: diff --git a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml b/tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_required_options.yml similarity index 72% rename from tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml rename to tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_required_options.yml index 427fdc7a..8c61edf3 100644 --- a/tests/integration/targets/test_ec2_instance_create_delete/tasks/test_ec2_required_options.yml +++ b/tests/integration/targets/test_manage_ec2_instance/tasks/test_ec2_required_options.yml @@ -3,13 +3,13 @@ block: - name: Create EC2 instance with required options only ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create_delete + name: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: create - ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" - ec2_instance_create_delete_instance_type: "{{ test_ec2_instance_type }}" - ec2_instance_create_delete_ami_id: "{{ image_id }}" - ec2_instance_create_delete_wait_for_state: false + manage_ec2_instance_operation: create + manage_ec2_instance_instance_name: "{{ test_ec2_instance_name }}" + manage_ec2_instance_instance_type: "{{ test_ec2_instance_type }}" + manage_ec2_instance_ami_id: "{{ image_id }}" + manage_ec2_instance_wait_for_state: false - name: Get EC2 instance info amazon.aws.ec2_instance_info: @@ -28,10 +28,10 @@ - name: Delete created instance ansible.builtin.include_role: - name: cloud.aws_ops.ec2_instance_create_delete + name: cloud.aws_ops.manage_ec2_instance vars: - ec2_instance_create_delete_operation: delete - ec2_instance_create_delete_instance_name: "{{ test_ec2_instance_name }}" + manage_ec2_instance_operation: delete + manage_ec2_instance_instance_name: "{{ test_ec2_instance_name }}" - name: Get EC2 instance info amazon.aws.ec2_instance_info: From 9957fae282c89e88e0638179b8637698f3de6c18 Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Mon, 9 Dec 2024 09:31:10 -0500 Subject: [PATCH 38/39] Remove unneeded option --- .../manage_ec2_instance/tasks/ec2_instance_create_operations.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml index 5b796c49..f39e6159 100644 --- a/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml +++ b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml @@ -47,7 +47,6 @@ amazon.aws.ec2_eip: device_id: "{{ ec2_instance.instance_ids[0] }}" state: present - release_on_disassociation: true register: instance_eip - name: Get EC2 instance info From 5a7d83be99bc8920ccd2f59c005f51f83f8e208e Mon Sep 17 00:00:00 2001 From: Helen Bailey Date: Mon, 9 Dec 2024 10:22:21 -0500 Subject: [PATCH 39/39] Update result var names --- roles/manage_ec2_instance/README.md | 2 ++ .../tasks/ec2_instance_create_operations.yml | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/manage_ec2_instance/README.md b/roles/manage_ec2_instance/README.md index 534deb30..cc82ac2d 100644 --- a/roles/manage_ec2_instance/README.md +++ b/roles/manage_ec2_instance/README.md @@ -6,6 +6,8 @@ Users can specify various parameters for instance configuration, including insta This role can be combined with the [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create/delete networking resources for the instance, see [examples](#examples). +EC2 instance details and the private key (if a key pair is created) will be displayed as role output. The instance and key pair details are accessible via variables `ec2_instance_manage_create_result` and `ec2_instance_manage_key_pair_result`, respectively. + ## Requirements An AWS account with the following permissions: diff --git a/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml index f39e6159..079f5d88 100644 --- a/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml +++ b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml @@ -27,7 +27,7 @@ name: "{{ manage_ec2_instance_key_name }}" state: present when: key_info_result.keypairs | length == 0 - register: new_key_pair_result + register: ec2_instance_manage_key_pair_result - name: Create EC2 instance with provided configuration amazon.aws.ec2_instance: @@ -52,15 +52,15 @@ - name: Get EC2 instance info amazon.aws.ec2_instance_info: instance_ids: "{{ ec2_instance.instance_ids[0] }}" - register: _ec2_instance + register: ec2_instance_manage_create_result - name: Output details of the created EC2 instance ansible.builtin.debug: msg: - "EC2 instance {{ ec2_instance.instance_ids[0] }} created successfully" - - "Instance details: {{ _ec2_instance.instances[0] }}" + - "Instance details: {{ ec2_instance_manage_create_result.instances[0] }}" - name: Output private key if a new keypair was created - when: new_key_pair_result.key is defined + when: ec2_instance_manage_key_pair_result.key is defined ansible.builtin.debug: - msg: "A new key pair was created for ssh access to the instance. Please save this private key for reference, it will not be accessible again: {{ new_key_pair_result.key.private_key }}" + msg: "A new key pair was created for ssh access to the instance. Please save this private key for reference: {{ ec2_instance_manage_key_pair_result.key.private_key }}"