| commit | author | age | ||
| eafb53 | 1 | --- |
| GC | 2 | - environment: |
| 3 | AWS_PROFILE: "{{ account_profile }}" | |
| 4 | AWS_REGION: "{{ _region }}" | |
| 5 | ignore_errors: yes | |
| 6 | block: | |
| 7 | - debug: | |
| 8 | var: _region | |
| 9 | ||
| 10 | # Security groups | |
| 11 | ||
| 12 | - name: Get all security groups | |
| 13 | register: r_all_sg | |
| 14 | ec2_group_facts: | |
| 15 | ||
| 16 | - when: r_all_sg.security_groups | length > 0 | |
| 17 | block: | |
| 18 | - name: Clean up all ingress and egress rules | |
| 19 | loop: "{{ r_all_sg.security_groups }}" | |
| 20 | loop_control: | |
| 21 | loop_var: _sg | |
| 22 | ec2_group: | |
| 23 | rules: [] | |
| 24 | rules_egress: [] | |
| 25 | name: "{{ _sg.group_name }}" | |
| 26 | description: "{{ _sg.description }}" | |
| 27 | vpc_id: "{{ _sg.vpc_id }}" | |
| 28 | ||
| 29 | - set_fact: | |
| 30 | run_aws_nuke_again: true | |
| 31 | ||
| 32 | # Instance | |
| 33 | ||
| 34 | - name: Get all instances | |
| 35 | ec2_instance_facts: | |
| 36 | register: r_all_instances | |
| 37 | ||
| 38 | - when: r_all_instances.instances | length > 0 | |
| 39 | block: | |
| 40 | - name: Disable termination protection on all instances | |
| 41 | command: >- | |
| 42 | aws ec2 --profile "{{ account_profile }}" | |
| 43 | --region "{{ _region }}" | |
| 44 | modify-instance-attribute | |
| 45 | --instance-id {{ _instance.instance_id }} | |
| 46 | --no-disable-api-termination | |
| 47 | when: | |
| 48 | - '"state" in _instance' | |
| 49 | - _instance.state.name != "terminated" | |
| 50 | loop: "{{ r_all_instances.instances }}" | |
| 51 | loop_control: | |
| 52 | loop_var: _instance | |
| 53 | ||
| 54 | - set_fact: | |
| 55 | run_aws_nuke_again: true | |
| 56 | # EIP | |
| 57 | ||
| 58 | - ec2_eip_facts: | |
| 59 | register: r_all_eips | |
| 60 | ||
| 61 | - when: r_all_eips.addresses | length > 0 | |
| 62 | block: | |
| 63 | # The following does not seem to work with aws profile | |
| 64 | # Thus use the aws CLI instead. | |
| 65 | # - name: Disassociate and release EIP | |
| 66 | # ec2_eip: | |
| 67 | # state: absent | |
| 68 | # release_on_disassociation: true | |
| 69 | # public_ip: "{{ _eip.public_ip }}" | |
| 70 | # profile: "{{ account_profile }}" | |
| 71 | # loop: "{{ r_all_eips.addresses }}" | |
| 72 | # loop_control: | |
| 73 | # loop_var: _eip | |
| 74 | ||
| 75 | - name: Disassociate EIP | |
| 76 | command: >- | |
| 77 | aws ec2 --profile "{{ account_profile }}" | |
| 78 | --region "{{ _region }}" | |
| 79 | disassociate-address | |
| 80 | --public-ip "{{ _eip.public_ip }}" | |
| 81 | loop: "{{ r_all_eips.addresses }}" | |
| 82 | loop_control: | |
| 83 | loop_var: _eip | |
| 84 | ||
| 85 | - set_fact: | |
| 86 | run_aws_nuke_again: true | |
| 87 | ||
