commit | author | age
|
eafb53
|
1 |
--- |
GC |
2 |
- environment: |
|
3 |
AWS_PROFILE: "{{ account_profile }}" |
|
4 |
AWS_REGION: "{{ _region }}" |
|
5 |
ignore_errors: yes |
|
6 |
block: |
|
7 |
- debug: |
|
8 |
var: _region |
|
9 |
|
|
10 |
# Security groups |
|
11 |
|
|
12 |
- name: Get all security groups |
|
13 |
register: r_all_sg |
|
14 |
ec2_group_facts: |
|
15 |
|
|
16 |
- when: r_all_sg.security_groups | length > 0 |
|
17 |
block: |
|
18 |
- name: Clean up all ingress and egress rules |
|
19 |
loop: "{{ r_all_sg.security_groups }}" |
|
20 |
loop_control: |
|
21 |
loop_var: _sg |
|
22 |
ec2_group: |
|
23 |
rules: [] |
|
24 |
rules_egress: [] |
|
25 |
name: "{{ _sg.group_name }}" |
|
26 |
description: "{{ _sg.description }}" |
|
27 |
vpc_id: "{{ _sg.vpc_id }}" |
|
28 |
|
|
29 |
- set_fact: |
|
30 |
run_aws_nuke_again: true |
|
31 |
|
|
32 |
# Instance |
|
33 |
|
|
34 |
- name: Get all instances |
|
35 |
ec2_instance_facts: |
|
36 |
register: r_all_instances |
|
37 |
|
|
38 |
- when: r_all_instances.instances | length > 0 |
|
39 |
block: |
|
40 |
- name: Disable termination protection on all instances |
|
41 |
command: >- |
|
42 |
aws ec2 --profile "{{ account_profile }}" |
|
43 |
--region "{{ _region }}" |
|
44 |
modify-instance-attribute |
|
45 |
--instance-id {{ _instance.instance_id }} |
|
46 |
--no-disable-api-termination |
|
47 |
when: |
|
48 |
- '"state" in _instance' |
|
49 |
- _instance.state.name != "terminated" |
|
50 |
loop: "{{ r_all_instances.instances }}" |
|
51 |
loop_control: |
|
52 |
loop_var: _instance |
|
53 |
|
|
54 |
- set_fact: |
|
55 |
run_aws_nuke_again: true |
|
56 |
# EIP |
|
57 |
|
|
58 |
- ec2_eip_facts: |
|
59 |
register: r_all_eips |
|
60 |
|
|
61 |
- when: r_all_eips.addresses | length > 0 |
|
62 |
block: |
|
63 |
# The following does not seem to work with aws profile |
|
64 |
# Thus use the aws CLI instead. |
|
65 |
# - name: Disassociate and release EIP |
|
66 |
# ec2_eip: |
|
67 |
# state: absent |
|
68 |
# release_on_disassociation: true |
|
69 |
# public_ip: "{{ _eip.public_ip }}" |
|
70 |
# profile: "{{ account_profile }}" |
|
71 |
# loop: "{{ r_all_eips.addresses }}" |
|
72 |
# loop_control: |
|
73 |
# loop_var: _eip |
|
74 |
|
|
75 |
- name: Disassociate EIP |
|
76 |
command: >- |
|
77 |
aws ec2 --profile "{{ account_profile }}" |
|
78 |
--region "{{ _region }}" |
|
79 |
disassociate-address |
|
80 |
--public-ip "{{ _eip.public_ip }}" |
|
81 |
loop: "{{ r_all_eips.addresses }}" |
|
82 |
loop_control: |
|
83 |
loop_var: _eip |
|
84 |
|
|
85 |
- set_fact: |
|
86 |
run_aws_nuke_again: true |
|
87 |
|