commit | author | age
|
ab2bef
|
1 |
AWSTemplateFormatVersion: "2010-09-09" |
S |
2 |
Mappings: |
|
3 |
RegionMapping: |
58c5bb
|
4 |
us-east-1: |
48fcf6
|
5 |
RHELAMI: ami-c998b6b2 |
10eb20
|
6 |
WIN2012R2AMI: ami-067ff23da8261d1c7 # Windows_Server-2012-R2_RTM-English-64Bit-Base- |
58c5bb
|
7 |
us-east-2: |
48fcf6
|
8 |
RHELAMI: ami-cfdafaaa |
3447d6
|
9 |
WIN2012R2AMI: ami-0f472fb9bdac629b0 # Windows_Server-2012-R2_RTM-English-64Bit-Base- |
58c5bb
|
10 |
us-west-1: |
48fcf6
|
11 |
RHELAMI: ami-66eec506 |
58c5bb
|
12 |
us-west-2: |
48fcf6
|
13 |
RHELAMI: ami-9fa343e7 |
58c5bb
|
14 |
eu-central-1: |
48fcf6
|
15 |
RHELAMI: ami-d74be5b8 |
10eb20
|
16 |
WIN2012R2AMI: ami-086486be06fe637e7 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019 |
077d6c
|
17 |
eu-west-1: |
T |
18 |
RHELAMI: ami-bb9a6bc2 |
|
19 |
eu-west-2: |
|
20 |
WIN2012R2AMI: ami-0416ae4f6060116ad # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
|
21 |
eu-west-3: |
|
22 |
WIN2012R2AMI: ami-09d8c503ec9b242e0 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
|
23 |
ca-central-1: |
|
24 |
WIN2012R2AMI: ami-067e4426b17364c26 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
58c5bb
|
25 |
ap-northeast-1: |
48fcf6
|
26 |
RHELAMI: ami-30ef0556 |
10eb20
|
27 |
WIN2012R2AMI: ami-0b2a38bdf41532387 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
58c5bb
|
28 |
ap-northeast-2: |
GC |
29 |
RHELAMI: ami-44db152a |
077d6c
|
30 |
WIN2012R2AMI: ami-033a1501143ab3c9a # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
58c5bb
|
31 |
ap-southeast-1: |
48fcf6
|
32 |
RHELAMI: ami-10bb2373 |
10eb20
|
33 |
WIN2012R2AMI: ami-0b0123f1a50d17a38 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019 |
58c5bb
|
34 |
ap-southeast-2: |
48fcf6
|
35 |
RHELAMI: ami-ccecf5af |
077d6c
|
36 |
WIN2012R2AMI: ami-01048eb9bccc4829d # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
58c5bb
|
37 |
sa-east-1: |
48fcf6
|
38 |
RHELAMI: ami-a789ffcb |
077d6c
|
39 |
WIN2012R2AMI: ami-0a0f24f427c390730 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
58c5bb
|
40 |
ap-south-1: |
GC |
41 |
RHELAMI: ami-cdbdd7a2 |
077d6c
|
42 |
WIN2012R2AMI: ami-0d46eaf1c637bc632 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.02.09 |
ab2bef
|
43 |
DNSMapping: |
S |
44 |
"us-east-1": |
|
45 |
domain: "us-east-1.compute.internal" |
|
46 |
"us-west-1": |
|
47 |
domain: "us-west-1.compute.internal" |
|
48 |
"us-west-2": |
|
49 |
domain: "us-west-2.compute.internal" |
|
50 |
"eu-west-1": |
|
51 |
domain: "eu-west-1.compute.internal" |
|
52 |
"eu-central-1": |
|
53 |
domain: "eu-central-1.compute.internal" |
|
54 |
"ap-northeast-1": |
|
55 |
domain: "ap-northeast-1.compute.internal" |
|
56 |
"ap-northeast-2": |
|
57 |
domain: "ap-northeast-2.compute.internal" |
|
58 |
"ap-southeast-1": |
|
59 |
domain: "ap-southeast-1.compute.internal" |
|
60 |
"ap-southeast-2": |
|
61 |
domain: "ap-southeast-2.compute.internal" |
|
62 |
"sa-east-1": |
|
63 |
domain: "sa-east-1.compute.internal" |
|
64 |
"ap-south-1": |
|
65 |
domain: "ap-south-1.compute.internal" |
|
66 |
Resources: |
|
67 |
Vpc: |
|
68 |
Type: "AWS::EC2::VPC" |
|
69 |
Properties: |
059d4f
|
70 |
CidrBlock: "{{vpcid_cidr_block}}" |
ab2bef
|
71 |
EnableDnsSupport: true |
S |
72 |
EnableDnsHostnames: true |
|
73 |
Tags: |
|
74 |
- Key: Name |
|
75 |
Value: "{{vpcid_name_tag}}" |
|
76 |
- Key: Hostlication |
|
77 |
Value: |
|
78 |
Ref: "AWS::StackId" |
|
79 |
VpcInternetGateway: |
|
80 |
Type: "AWS::EC2::InternetGateway" |
|
81 |
VpcGA: |
|
82 |
Type: "AWS::EC2::VPCGatewayAttachment" |
|
83 |
Properties: |
|
84 |
InternetGatewayId: |
|
85 |
Ref: VpcInternetGateway |
|
86 |
VpcId: |
|
87 |
Ref: Vpc |
|
88 |
VpcRouteTable: |
|
89 |
Type: "AWS::EC2::RouteTable" |
|
90 |
Properties: |
|
91 |
VpcId: |
|
92 |
Ref: Vpc |
|
93 |
VPCRouteInternetGateway: |
|
94 |
DependsOn: VpcGA |
|
95 |
Type: "AWS::EC2::Route" |
|
96 |
Properties: |
|
97 |
GatewayId: |
|
98 |
Ref: VpcInternetGateway |
|
99 |
DestinationCidrBlock: "0.0.0.0/0" |
|
100 |
RouteTableId: |
|
101 |
Ref: VpcRouteTable |
059d4f
|
102 |
|
PS |
103 |
{% for subnet in subnets %} |
|
104 |
{{subnet['name']}}: |
ab2bef
|
105 |
Type: "AWS::EC2::Subnet" |
S |
106 |
DependsOn: |
059d4f
|
107 |
- Vpc |
ab2bef
|
108 |
Properties: |
059d4f
|
109 |
CidrBlock: "{{subnet['cidr']}}" |
PS |
110 |
Tags: |
|
111 |
- Key: Name |
|
112 |
Value: "{{project_tag}}" |
|
113 |
MapPublicIpOnLaunch: true |
|
114 |
VpcId: |
|
115 |
Ref: Vpc |
|
116 |
{% endfor %} |
|
117 |
|
ab2bef
|
118 |
PublicSubnetRTA: |
S |
119 |
Type: "AWS::EC2::SubnetRouteTableAssociation" |
|
120 |
Properties: |
|
121 |
RouteTableId: |
|
122 |
Ref: VpcRouteTable |
|
123 |
SubnetId: |
|
124 |
Ref: PublicSubnet |
059d4f
|
125 |
{% for security_group in security_groups %} |
PS |
126 |
{{security_group['name']}}: |
ab2bef
|
127 |
Type: "AWS::EC2::SecurityGroup" |
S |
128 |
Properties: |
059d4f
|
129 |
GroupDescription: Host |
PS |
130 |
VpcId: |
|
131 |
Ref: Vpc |
|
132 |
Tags: |
|
133 |
- Key: Name |
|
134 |
Value: "{{security_group['name']}}" |
|
135 |
{% endfor %} |
|
136 |
|
|
137 |
{% for security_group in security_groups %} |
|
138 |
{% for rule in security_group['rules'] %} |
|
139 |
{{security_group['name']}}{{rule['name']}}: |
|
140 |
Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}" |
ab2bef
|
141 |
Properties: |
S |
142 |
GroupId: |
059d4f
|
143 |
Fn::GetAtt: |
PS |
144 |
- "{{security_group['name']}}" |
|
145 |
- GroupId |
|
146 |
IpProtocol: {{rule['protocol']}} |
|
147 |
FromPort: {{rule['from_port']}} |
|
148 |
ToPort: {{rule['to_port']}} |
|
149 |
{% if rule['cidr'] is defined %} |
|
150 |
CidrIp: "{{rule['cidr']}}" |
|
151 |
{% endif %} |
|
152 |
{% if rule['group'] is defined %} |
|
153 |
SourceSecurityGroupId: |
|
154 |
Fn::GetAtt: |
|
155 |
- "{{rule['group']}}" |
|
156 |
- GroupId |
|
157 |
{% endif %} |
|
158 |
{% endfor %} |
|
159 |
{% endfor %} |
|
160 |
|
ab2bef
|
161 |
zoneinternalidns: |
S |
162 |
Type: "AWS::Route53::HostedZone" |
|
163 |
Properties: |
|
164 |
Name: "{{ zone_internal_dns }}" |
|
165 |
VPCs: |
|
166 |
- VPCId: |
|
167 |
Ref: Vpc |
|
168 |
VPCRegion: |
|
169 |
Ref: "AWS::Region" |
|
170 |
HostedZoneConfig: |
|
171 |
Comment: "Created By ansible agnostic deployer" |
|
172 |
BastionDNS: |
|
173 |
Type: "AWS::Route53::RecordSetGroup" |
|
174 |
DependsOn: |
|
175 |
- BastionEIP |
|
176 |
Properties: |
|
177 |
HostedZoneId: "{{HostedZoneId}}" |
|
178 |
RecordSets: |
|
179 |
- Name: "bastion.{{subdomain_base}}." |
|
180 |
Type: A |
|
181 |
TTL: 10 |
|
182 |
ResourceRecords: |
|
183 |
- "Fn::GetAtt": |
|
184 |
- Bastion |
|
185 |
- PublicIp |
|
186 |
Bastion: |
|
187 |
Type: "AWS::EC2::Instance" |
|
188 |
Properties: |
|
189 |
ImageId: |
|
190 |
"Fn::FindInMap": |
|
191 |
- RegionMapping |
|
192 |
- Ref: "AWS::Region" |
|
193 |
- RHELAMI |
|
194 |
InstanceType: "{{bastion_instance_type}}" |
|
195 |
KeyName: "{{key_name}}" |
|
196 |
SecurityGroupIds: |
|
197 |
- "Fn::GetAtt": |
059d4f
|
198 |
- BastionSG |
ab2bef
|
199 |
- GroupId |
S |
200 |
SubnetId: |
|
201 |
Ref: PublicSubnet |
|
202 |
Tags: |
|
203 |
- Key: Name |
|
204 |
Value: bastion |
|
205 |
- Key: AnsibleGroup |
|
206 |
Value: bastions |
|
207 |
- Key: Project |
|
208 |
Value: "{{project_tag}}" |
|
209 |
- Key: "{{project_tag}}" |
|
210 |
Value: bastion |
|
211 |
- Key: internaldns |
|
212 |
Value: "bastion.{{chomped_zone_internal_dns}}" |
|
213 |
- Key: owner |
|
214 |
Value: "{{ email | default('unknown')}}" |
|
215 |
BastionEIP: |
|
216 |
Type: "AWS::EC2::EIP" |
|
217 |
DependsOn: |
|
218 |
- VpcGA |
|
219 |
Properties: |
|
220 |
InstanceId: |
|
221 |
Ref: Bastion |
|
222 |
BastionInternalDNS: |
|
223 |
Type: "AWS::Route53::RecordSetGroup" |
|
224 |
Properties: |
|
225 |
HostedZoneId: |
|
226 |
Ref: zoneinternalidns |
|
227 |
RecordSets: |
|
228 |
- Name: "bastion.{{zone_internal_dns}}" |
|
229 |
Type: A |
|
230 |
TTL: 10 |
|
231 |
ResourceRecords: |
|
232 |
- "Fn::GetAtt": |
|
233 |
- Bastion |
|
234 |
- PrivateIp |
6e5577
|
235 |
|
ab2bef
|
236 |
{% for instance in instances %} |
c72173
|
237 |
{% if instance['dns_loadbalancer']|d(false)|bool %} |
ab2bef
|
238 |
{{instance['name']}}DNSLoadBalancer: |
S |
239 |
Type: "AWS::Route53::RecordSetGroup" |
c72173
|
240 |
DependsOn: |
dd4ff3
|
241 |
{% for c in range(1,(instance['count'] |int)+1) %} |
c72173
|
242 |
- {{instance['name']}}{{c}}EIP |
GC |
243 |
{% endfor %} |
ab2bef
|
244 |
Properties: |
S |
245 |
HostedZoneId: {{HostedZoneId}} |
|
246 |
RecordSets: |
|
247 |
- Name: "{{instance['name']}}.{{subdomain_base}}." |
|
248 |
Type: A |
|
249 |
TTL: 900 |
|
250 |
ResourceRecords: |
|
251 |
{% for c in range(1,(instance['count'] |int)+1) %} |
|
252 |
{% set instancecount = loop %} |
|
253 |
- "Fn::GetAtt": |
|
254 |
- {{instance['name']}}{{loop.index}} |
|
255 |
- PublicIp |
6e5577
|
256 |
{% endfor %} |
ab2bef
|
257 |
{% endif %} |
25e039
|
258 |
|
ab2bef
|
259 |
{% for c in range(1,(instance['count'] |int)+1) %} |
S |
260 |
{% set instancecount = loop %} |
|
261 |
#this is host {{instance['name']}}{{loop.index}} |
6e5577
|
262 |
|
ab2bef
|
263 |
{{instance['name']}}{{loop.index}}: |
S |
264 |
Type: "AWS::EC2::Instance" |
|
265 |
Properties: |
|
266 |
ImageId: |
|
267 |
"Fn::FindInMap": |
|
268 |
- RegionMapping |
|
269 |
- Ref: "AWS::Region" |
c72173
|
270 |
- {{ instance['image_id'] | default('RHELAMI') }} |
6e5577
|
271 |
|
ab2bef
|
272 |
InstanceType: "{{instance['flavor'][cloud_provider]}}" |
S |
273 |
KeyName: "{{instance['key_name'] | default(key_name)}}" |
|
274 |
{% if instance['UserData'] is defined %} |
|
275 |
{{instance['UserData']}} |
|
276 |
{% endif %} |
|
277 |
SecurityGroupIds: |
|
278 |
- "Fn::GetAtt": |
059d4f
|
279 |
- {{instance['security_group']}} |
ab2bef
|
280 |
- GroupId |
S |
281 |
SubnetId: |
|
282 |
Ref: PublicSubnet |
|
283 |
Tags: |
|
284 |
- Key: Name |
|
285 |
Value: {{instance['name']}}{{instancecount.index}} |
a5e452
|
286 |
- Key: internaldns |
S |
287 |
Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}} |
e67c0e
|
288 |
- Key: "owner" |
GC |
289 |
Value: "{{ email | default('unknownuser') }}" |
c72173
|
290 |
- Key: "Project" |
GC |
291 |
Value: "{{project_tag}}" |
|
292 |
- Key: "{{project_tag}}" |
|
293 |
Value: "{{ instance['name'] }}" |
ab2bef
|
294 |
{% for tag in instance['tags'] %} |
S |
295 |
- Key: {{tag['key']}} |
|
296 |
Value: {{tag['value']}} |
|
297 |
{% endfor %} |
|
298 |
BlockDeviceMappings: |
|
299 |
- DeviceName: "/dev/sda1" |
|
300 |
Ebs: |
|
301 |
VolumeSize: 50 |
|
302 |
- DeviceName: "/dev/xvdb" |
|
303 |
Ebs: |
|
304 |
VolumeType: gp2 |
|
305 |
VolumeSize: 20 |
|
306 |
{{instance['name']}}{{loop.index}}InternalDNS: |
|
307 |
Type: "AWS::Route53::RecordSetGroup" |
|
308 |
Properties: |
|
309 |
HostedZoneId: |
|
310 |
Ref: zoneinternalidns |
|
311 |
RecordSets: |
|
312 |
- Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}" |
|
313 |
Type: A |
|
314 |
TTL: 10 |
|
315 |
ResourceRecords: |
|
316 |
- "Fn::GetAtt": |
|
317 |
- {{instance['name']}}{{loop.index}} |
|
318 |
- PrivateIp |
|
319 |
{% if instance['public_dns'] %} |
|
320 |
{{instance['name']}}{{loop.index}}EIP: |
|
321 |
Type: "AWS::EC2::EIP" |
|
322 |
DependsOn: |
|
323 |
- VpcGA |
|
324 |
Properties: |
|
325 |
InstanceId: |
|
326 |
Ref: {{instance['name']}}{{loop.index}} |
|
327 |
{{instance['name']}}{{loop.index}}PubliclDNS: |
|
328 |
Type: "AWS::Route53::RecordSetGroup" |
|
329 |
DependsOn: |
|
330 |
- {{instance['name']}}{{loop.index}}EIP |
|
331 |
Properties: |
|
332 |
HostedZoneId: {{HostedZoneId}} |
|
333 |
RecordSets: |
|
334 |
- Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
|
335 |
Type: A |
|
336 |
TTL: 10 |
|
337 |
ResourceRecords: |
|
338 |
- "Fn::GetAtt": |
|
339 |
- {{instance['name']}}{{loop.index}} |
|
340 |
- PublicIp |
|
341 |
{% endif %} |
6e5577
|
342 |
|
ab2bef
|
343 |
{% endfor %} |
S |
344 |
{% endfor %} |