Hello there ,
I struggle on a project I'd like to set up. After having shovelled the
entire internet, I open this post now.
Basically, I'd like to provision 2 web servers instances and 1 DB server
instance with ec2 module and assign these to 2 different security groups.
I'd like to do it without hard coding all details but instead use variables
as much as possible.
My problem is I dont know how to declare a security group depending on
either Web or DB instances.
example:
site.yml
---
tasks:
- name: "create a Web security group"
ec2_group:
name: SG_Web ## tag unique name here for web use
description: security group for web servers
region: "{{ aws_region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
#cidr_ip: "{{ my_ip.content | replace('\n', '') }}/32" #0.0.0.0/0
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
register: web_firewall
- name: "create a DB security group"
ec2_group:
name: SG_DB ##tag unique name here for DB
description: security group for DB servers
region: "{{ aws_region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
#cidr_ip: "{{ my_ip.content | replace('\n', '') }}/32" #0.0.0.0/0
- proto: tcp
from_port: 3306
to_port: 3306
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
cidr_ip: 0.0.0.0/0
register: basic_db_firewall
- name: spin up the webserver instances
ec2:
key_name: "{{ aws_key_name }}"
group: "{{ security_group }}" ## + tag web
instance_type: "{{ aws_instance_type }}"
image: "{{ aws_image }}"
region: "{{ aws_region }}"
wait: yes
instance_tags:
group: webservers
exact_count: 2
count_tag:
group: webservers
register: ec2_webservers
- name: spin up the databases server instances
ec2:
key_name: "{{ aws_key_name }}"
group: "{{ security_group }}" ## + tag db
instance_type: "{{ aws_instance_type }}"
image: "{{ aws_image }}"
region: "{{ aws_region }}"
wait: yes
instance_tags:
group: dbservers
exact_count: 1
count_tag:
group: dbservers
register: ec2_dbservers
As you can see, I'd like to distinct both {{ security_group }} .
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/86eb52d9-073f-459e-b589-f748f434ecdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
