---
|
- environment:
|
AWS_PROFILE: "{{ account_profile }}"
|
AWS_REGION: "{{ _region }}"
|
ignore_errors: yes
|
block:
|
- debug:
|
var: _region
|
|
# Security groups
|
|
- name: Get all security groups
|
register: r_all_sg
|
ec2_group_facts:
|
|
- when: r_all_sg.security_groups | length > 0
|
block:
|
- name: Clean up all ingress and egress rules
|
loop: "{{ r_all_sg.security_groups }}"
|
loop_control:
|
loop_var: _sg
|
ec2_group:
|
rules: []
|
rules_egress: []
|
name: "{{ _sg.group_name }}"
|
description: "{{ _sg.description }}"
|
vpc_id: "{{ _sg.vpc_id }}"
|
|
- set_fact:
|
run_aws_nuke_again: true
|
|
# Instance
|
|
- name: Get all instances
|
ec2_instance_facts:
|
register: r_all_instances
|
|
- when: r_all_instances.instances | length > 0
|
block:
|
- name: Disable termination protection on all instances
|
command: >-
|
aws ec2 --profile "{{ account_profile }}"
|
--region "{{ _region }}"
|
modify-instance-attribute
|
--instance-id {{ _instance.instance_id }}
|
--no-disable-api-termination
|
when:
|
- '"state" in _instance'
|
- _instance.state.name != "terminated"
|
loop: "{{ r_all_instances.instances }}"
|
loop_control:
|
loop_var: _instance
|
|
- set_fact:
|
run_aws_nuke_again: true
|
# EIP
|
|
- ec2_eip_facts:
|
register: r_all_eips
|
|
- when: r_all_eips.addresses | length > 0
|
block:
|
# The following does not seem to work with aws profile
|
# Thus use the aws CLI instead.
|
# - name: Disassociate and release EIP
|
# ec2_eip:
|
# state: absent
|
# release_on_disassociation: true
|
# public_ip: "{{ _eip.public_ip }}"
|
# profile: "{{ account_profile }}"
|
# loop: "{{ r_all_eips.addresses }}"
|
# loop_control:
|
# loop_var: _eip
|
|
- name: Disassociate EIP
|
command: >-
|
aws ec2 --profile "{{ account_profile }}"
|
--region "{{ _region }}"
|
disassociate-address
|
--public-ip "{{ _eip.public_ip }}"
|
loop: "{{ r_all_eips.addresses }}"
|
loop_control:
|
loop_var: _eip
|
|
- set_fact:
|
run_aws_nuke_again: true
|