diff --git a/ce-dev/ansible/vars/provision/galaxy-requirements.yml b/ce-dev/ansible/vars/provision/galaxy-requirements.yml index 94dcc9df5..8c33b95ff 100644 --- a/ce-dev/ansible/vars/provision/galaxy-requirements.yml +++ b/ce-dev/ansible/vars/provision/galaxy-requirements.yml @@ -2,8 +2,8 @@ roles: - name: geerlingguy.solr - name: geerlingguy.java - - name: cloudalchemy.process_exporter - - name: cloudalchemy.grafana + - name: prometheus.prometheus.process_exporter + - name: grafana.grafana.grafana collections: - name: community.grafana - name: prometheus.prometheus diff --git a/roles/_meta/aws_region/meta/main.yml b/roles/_meta/aws_region/meta/main.yml index 935fc8939..a11491c0e 100644 --- a/roles/_meta/aws_region/meta/main.yml +++ b/roles/_meta/aws_region/meta/main.yml @@ -8,3 +8,4 @@ dependencies: - role: aws/aws_cloudwatch_log_group - role: aws/aws_backup - role: aws/aws_backup_sns + - role: aws/aws_admin_tools diff --git a/roles/aws/aws_acl/defaults/main.yml b/roles/aws/aws_acl/defaults/main.yml index d74402f89..e71b98ac7 100644 --- a/roles/aws/aws_acl/defaults/main.yml +++ b/roles/aws/aws_acl/defaults/main.yml @@ -6,6 +6,7 @@ aws_acl: region: "us-east-1" tags: "{{ _aws_tags }}" recreate: false # set to true to creating the ACL + default_action: "Allow" # Default action if no rules are triggered, can be Block rules: rate_limit: value: 600 # set to 0 to skip rate limit rule, set to a value to set how many requests to allow in period before blocking diff --git a/roles/aws/aws_acl/tasks/create_acl.yml b/roles/aws/aws_acl/tasks/create_acl.yml index 57ca9b287..26cc6c6f1 100644 --- a/roles/aws/aws_acl/tasks/create_acl.yml +++ b/roles/aws/aws_acl/tasks/create_acl.yml @@ -92,7 +92,7 @@ description: "{{ _acl.description }}" scope: "{{ _acl.scope }}" region: "{{ _acl.region }}" - default_action: Allow # or "Block" + default_action: "{{ _acl.default_action }}" # or "Block" sampled_requests: false cloudwatch_metrics: true # or "false" to disable metrics metric_name: test-metric-name # not sure about this name, since each rule also has it's own metrics name (maybe log group name) diff --git a/roles/aws/aws_admin_tools/defaults/main.yml b/roles/aws/aws_admin_tools/defaults/main.yml new file mode 100644 index 000000000..10c07da2f --- /dev/null +++ b/roles/aws/aws_admin_tools/defaults/main.yml @@ -0,0 +1,18 @@ +aws_admin_tools: + runtime: "python3.12" + timeout: 20 + allowed_ips: + - 192.168.1.1/32 # Ip of server with access to API-s + functions: + - name: "GetForecastedCosts" + type: GET + policies: + - "arn:aws:iam::{{ _acc_id }}:policy/CEBillingPolicy" # Custom policy + - name: "ChangeASGScaling" + type: POST + policies: + - arn:aws:iam::aws:policy/AmazonEC2FullAccess + - name: "GetListOfEC2" + type: GET + policies: + - arn:aws:iam::aws:policy/AmazonEC2FullAccess diff --git a/roles/aws/aws_admin_tools/tasks/create.yml b/roles/aws/aws_admin_tools/tasks/create.yml new file mode 100644 index 000000000..45b72a3ca --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/create.yml @@ -0,0 +1,74 @@ +- name: Create stage on API gateway. + ansible.builtin.command: >- + aws apigateway create-stage + --rest-api-id "{{ _api_gate.id }}" + --stage-name "prod" + --deployment-id "{{ _main_api_deploy.id }}" + --region "{{ _aws_region }}" + register: _main_api_stage + when: _api_index | length == 0 + +- name: Create resources and set methods on API Gateway. + ansible.builtin.include_tasks: create_methods.yml + loop: "{{ aws_admin_tools.functions }}" + +- name: Obtain all information for a single WAF. + community.aws.wafv2_web_acl_info: + name: "{{ _aws_profile }}_admin_tools" + scope: "REGIONAL" + region: "{{ _aws_region }}" + register: _main_waf + +- name: Get list of API gateway resources. + ansible.builtin.command: >- + aws apigateway get-resources + --region "{{ _aws_region }}" + --rest-api-id "{{ _api_gate.id }}" + register: _api_res_list + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _api_res_list: "{{ _api_res_list.stdout | from_json | json_query('items') }}" + +- name: Get index of DelMe resource from API gateway. + ansible.builtin.set_fact: + _api_res_index_list: "{{ lookup('ansible.utils.index_of', _api_res_list, 'eq', '/DelMe', 'path', wantlist=True) }}" + when: _api_index | length == 0 + +- name: Delete the initial resource. + ansible.builtin.command: >- + aws apigateway delete-resource + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_res_list[_api_res_index_list[0]].id }}" + --region "{{ _aws_region }}" + when: _api_index | length == 0 + +- name: Deploy API gateway prior to attaching WAF. + ansible.builtin.command: >- + aws apigateway create-deployment + --rest-api-id "{{ _api_gate.id }}" + --stage-name "prod" + --region "{{ _aws_region }}" + +- name: Add API gateway to waf. + community.aws.wafv2_resources: + name: "{{ _aws_profile }}_admin_tools" + scope: REGIONAL + state: present + region: "{{ _aws_region }}" + arn: "arn:aws:apigateway:{{ _aws_region }}::/restapis/{{ _api_gate.id }}/stages/prod" + +- name: Generate unique string. + ansible.builtin.set_fact: + _rand_str: "{{ lookup('community.general.random_string', length=8, special=false, min_lower=2, min_numeric=2, min_upper=2) }}" + +- name: Update Lambda triggers. + ansible.builtin.command: >- + aws lambda add-permission + --function-name "API_{{ item.name }}" + --statement-id "{{ item.name }}_{{ _rand_str }}" + --action "lambda:InvokeFunction" + --principal apigateway.amazonaws.com + --source-arn arn:aws:execute-api:{{ _aws_region }}:{{ _acc_id }}:{{ _api_gate.id }}/*/{{ item.type }}/{{ item.name }} + --region {{ _aws_region }} + loop: "{{ aws_admin_tools.functions }}" diff --git a/roles/aws/aws_admin_tools/tasks/create_methods.yml b/roles/aws/aws_admin_tools/tasks/create_methods.yml new file mode 100644 index 000000000..c10a1c391 --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/create_methods.yml @@ -0,0 +1,80 @@ +- name: Get resources. + ansible.builtin.command: >- + aws apigateway get-resources + --rest-api-id "{{ _api_gate.id }}" + --region "{{ _aws_region }}" + register: _api_old_resource + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _api_old_resource: "{{ _api_old_resource.stdout | from_json }}" + +- name: Find the index of existing resource. + ansible.builtin.set_fact: + _api_old_resource_index: "{{ lookup('ansible.utils.index_of', _api_old_resource['items'], 'eq', '/' + item.name, 'path', wantlist=True) }}" + +- name: Delete resource. + ansible.builtin.command: >- + aws apigateway delete-resource + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_old_resource['items'][_api_old_resource_index[0]].id }}" + --region "{{ _aws_region }}" + register: _api_old_resource + when: _api_old_resource_index | length > 0 + +- name: Create resource on API gateway. + ansible.builtin.command: >- + aws apigateway create-resource + --rest-api-id "{{ _api_gate.id }}" + --parent-id "{{ _api_res_list[_api_res_index_list[0]].id }}" + --path-part "{{ item.name }}" + --region "{{ _aws_region }}" + register: _api_resource + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _api_resource: "{{ _api_resource.stdout | from_json }}" + +- name: Put method on API gateway + ansible.builtin.command: >- + aws apigateway put-method + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method "{{ item.type }}" + --authorization-type "NONE" + --no-api-key-required + --region "{{ _aws_region }}" + +- name: Add Lambda for method. + ansible.builtin.command: >- + aws apigateway put-integration + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method "{{ item.type }}" + --type AWS + --content-handling CONVERT_TO_TEXT + --request-templates '{ "application/json": "{\"statusCode\": 200}" }' + --integration-http-method POST + --uri "arn:aws:apigateway:{{ _aws_region }}:lambda:path/2015-03-31/functions/arn:aws:lambda:{{ _aws_region }}:{{ _acc_id }}:function:API_{{ item.name }}/invocations" + --region {{ _aws_region }} + +- name: Add method response. + ansible.builtin.command: >- + aws apigateway put-method-response + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method "{{ item.type }}" + --status-code "200" + --response-models '{"application/json":"Empty"}' + --region {{ _aws_region }} + +- name: Add integration response. + ansible.builtin.command: >- + aws apigateway put-integration-response + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method "{{ item.type }}" + --status-code "200" + --selection-pattern "" + --content-handling "CONVERT_TO_TEXT" + --region {{ _aws_region }} diff --git a/roles/aws/aws_admin_tools/tasks/create_mock.yml b/roles/aws/aws_admin_tools/tasks/create_mock.yml new file mode 100644 index 000000000..7f4843592 --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/create_mock.yml @@ -0,0 +1,42 @@ +- name: Create MOCK resource on API gateway. + ansible.builtin.command: >- + aws apigateway create-resource + --rest-api-id "{{ _api_gate.id }}" + --parent-id "{{ _api_res_list[_api_res_index_list[0]].id }}" + --path-part "DelMe" + --region "{{ _aws_region }}" + register: _api_resource + +- name: Setting command output into variable. + ansible.builtin.set_fact: + _api_resource: "{{ _api_resource.stdout | from_json }}" + +- name: Put method on API gateway. + ansible.builtin.command: >- + aws apigateway put-method + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method "GET" + --authorization-type "NONE" + --no-api-key-required + --region "{{ _aws_region }}" + +- name: Add mock integration. + ansible.builtin.command: >- + aws apigateway put-integration + --rest-api-id "{{ _api_gate.id }}" + --resource-id "{{ _api_resource.id }}" + --http-method GET + --type MOCK + --region {{ _aws_region }} + +- name: Create initial deployent for API gateway. + ansible.builtin.command: >- + aws apigateway create-deployment + --rest-api-id "{{ _api_gate.id }}" + --region "{{ _aws_region }}" + register: _main_api_deploy + +- name: Setting command output into variable. + ansible.builtin.set_fact: + _main_api_deploy: "{{ _main_api_deploy.stdout | from_json }}" diff --git a/roles/aws/aws_admin_tools/tasks/lambda_functions.yml b/roles/aws/aws_admin_tools/tasks/lambda_functions.yml new file mode 100644 index 000000000..0297d3279 --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/lambda_functions.yml @@ -0,0 +1,48 @@ +- name: Create S3 bucket for lambda functions. + amazon.aws.s3_bucket: + name: "{{ _aws_profile }}-lambda-api-functions" + region: "{{ _aws_region }}" + state: present + +- name: Check and clean any previous python files. + ansible.builtin.file: + path: "/tmp/{{ item.name }}.py" + state: absent + +- name: Write Lambda functions. + ansible.builtin.template: + src: "API_{{ item.name }}.py.j2" + dest: "/tmp/API_{{ item.name }}.py" + +- name: Create a zip archive of Lambda functions. + community.general.archive: + path: "/tmp/API_{{ item.name }}.py" + dest: "/tmp/API_{{ item.name }}.zip" + format: zip + +- name: Place Lambda functions in S3 bucket. + amazon.aws.s3_object: + bucket: "{{ _aws_profile }}-lambda-api-functions" + object: "lambda-functions/API-{{ item.name }}.zip" + src: "/tmp/API_{{ item.name }}.zip" + mode: put + +- name: Get appropriate IAM role for Lambda. + amazon.aws.iam_role_info: + name: "API_{{ item.name }}" + register: _iam_api_lambda + +- name: Create Lambda functions. + amazon.aws.lambda: + name: "API_{{ item.name }}" + description: "Lambda function for {{ item.name }}" + region: "{{ _aws_region }}" + timeout: "{{ aws_admin_tools.timeout }}" + s3_bucket: "{{ _aws_profile }}-lambda-api-functions" + s3_key: "lambda-functions/API-{{ item.name }}.zip" + state: present + runtime: "{{ aws_admin_tools.runtime }}" + role: "{{ _iam_api_lambda.iam_roles[0].arn }}" + handler: "API_{{ item.name }}.lambda_handler" + tags: + Name: "API_{{ item.name }}" diff --git a/roles/aws/aws_admin_tools/tasks/lambda_iam.yml b/roles/aws/aws_admin_tools/tasks/lambda_iam.yml new file mode 100644 index 000000000..f5ac58341 --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/lambda_iam.yml @@ -0,0 +1,9 @@ +- name: Attach CloudWatch policy. + ansible.builtin.set_fact: + _policies: "{{ item.policies + ['arn:aws:iam::aws:policy/CloudWatchLogsFullAccess'] }}" + +- name: Create a role and attach policies. + amazon.aws.iam_role: + name: "API_{{ item.name }}" + assume_role_policy_document: "{{ lookup('template', 'trusted_entitites.j2') }}" + managed_policies: "{{ _policies }}" diff --git a/roles/aws/aws_admin_tools/tasks/main.yml b/roles/aws/aws_admin_tools/tasks/main.yml new file mode 100644 index 000000000..10488618d --- /dev/null +++ b/roles/aws/aws_admin_tools/tasks/main.yml @@ -0,0 +1,112 @@ +- name: Create API gateway. + ansible.builtin.command: >- + aws sts get-caller-identity + --query Account + --output text + register: _acc_id + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _acc_id: "{{ _acc_id.stdout | from_json }}" + +- name: List all API gateways. + community.aws.api_gateway_info: + region: "{{ _aws_region }}" + register: _api_gate_list + +- name: Find the index of admin tools API. + ansible.builtin.set_fact: + _api_index: "{{ lookup('ansible.utils.index_of', _api_gate_list['rest_apis'], 'eq', _aws_profile + '_admin_tools', 'name', wantlist=True) }}" + +- name: Create API gateway. + ansible.builtin.command: >- + aws apigateway create-rest-api + --region "{{ _aws_region }}" + --name "{{ _aws_profile }}_admin_tools" + --description "API for administration functions made automatically by ansible" + --endpoint-configuration "{\"types\": [\"REGIONAL\"]}" + register: _api_gate + when: _api_index | length == 0 + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _api_gate: "{{ _api_gate.stdout | from_json }}" + when: _api_index | length == 0 + +- name: Setting _api_index if API already exists. + ansible.builtin.set_fact: + _api_gate: "{{ _api_gate_list.rest_apis[_api_index[0]] }}" + when: _api_index | length > 0 + +- name: Get list of API gateway resources. + ansible.builtin.command: >- + aws apigateway get-resources + --region "{{ _aws_region }}" + --rest-api-id "{{ _api_gate.id }}" + register: _api_res_list + +- name: Setting previous command output into variable. + ansible.builtin.set_fact: + _api_res_list: "{{ _api_res_list.stdout | from_json | json_query('items') }}" + +- name: Get index of / resource from API gateway. + ansible.builtin.set_fact: + _api_res_index_list: "{{ lookup('ansible.utils.index_of', _api_res_list, 'eq', '/', 'path', wantlist=True) }}" + +- name: Create MOCK deployment. + ansible.builtin.include_tasks: create_mock.yml + when: _api_index | length == 0 + +- name: Get all deployments from API gateway. + ansible.builtin.command: >- + aws apigateway get-deployments + --rest-api-id "{{ _api_gate.id }}" + --region "{{ _aws_region }}" + register: _main_api_deploy + when: _api_index | length > 0 + +- name: Set previous command output into variable. + ansible.builtin.set_fact: + _main_api_deploy_tmp: "{{ _main_api_deploy.stdout | from_json }}" + when: _api_index | length > 0 + +- name: Get last item from deployment list. + ansible.builtin.set_fact: + _main_api_deploy: "{{ _main_api_deploy_tmp['items'] | last }}" + when: _api_index | length > 0 + +- name: Configure Lambda IAM policies. + ansible.builtin.include_tasks: lambda_iam.yml + loop: "{{ aws_admin_tools.functions }}" + +- name: Sleep for 5 seconds for IAM roles. + ansible.builtin.wait_for: + timeout: 5 + +- name: Configure Lambda functions. + ansible.builtin.include_tasks: lambda_functions.yml + loop: "{{ aws_admin_tools.functions }}" + +- name: Create WAF for API Gateway. + ansible.builtin.include_role: + name: aws/aws_acl + vars: + aws_acl: + - name: "{{ _aws_profile }}_admin_tools" + description: "ACL rules for API Gateway" + scope: REGIONAL + region: "{{ _aws_region }}" + tags: "{{ _aws_tags }}" + recreate: true + default_action: "Block" + rules: + ip_sets: + - rule_name: "{{ _aws_profile }}_admin_tools" + set_name: "{{ _aws_profile }}_admin_tools" + description: "List of IPs to allow using API - Ansible managed" + action: allow + priority: 1 + list: "{{ aws_admin_tools.allowed_ips }}" + +- name: Create API Gateway resurces. + ansible.builtin.include_tasks: create.yml diff --git a/roles/aws/aws_admin_tools/templates/API_ChangeASGScaling.py.j2 b/roles/aws/aws_admin_tools/templates/API_ChangeASGScaling.py.j2 new file mode 100644 index 000000000..6bed7668b --- /dev/null +++ b/roles/aws/aws_admin_tools/templates/API_ChangeASGScaling.py.j2 @@ -0,0 +1,39 @@ +import json +import calendar +from datetime import datetime +import boto3 + +costExpl = boto3.client('ce') + +def lambda_handler(event, context): + currDay=datetime.now().day + currMonth=datetime.now().month + print(currMonth) + currYear=datetime.now().year + print(currYear) + lastDay=calendar.monthrange(currYear, currMonth) + + if currMonth < 10: + currMonth = '0' + str(currMonth) + nextDay = currDay + 1 + if currDay < 10: + currDay = '0' + str(currDay) + if nextDay < 10: + nextDay = '0' + str(nextDay) + + startDate=str(currYear) + '-' + str(currMonth) + '-' + str(currDay) + endDate=str(currYear) + '-' + str(currMonth) + '-' + str(nextDay) + + estimatedCost = costExpl.get_cost_forecast( + TimePeriod={ + 'Start': startDate, + 'End': endDate + }, + Granularity='MONTHLY', + Metric='BLENDED_COST' + ) + return { + 'statusCode': 200, + 'Amount': estimatedCost['Total']['Amount'] + ' ' + estimatedCost['Total']['Unit'], + 'Between': estimatedCost['ForecastResultsByTime'][0]['TimePeriod']['Start'] + ' - ' + estimatedCost['ForecastResultsByTime'][0]['TimePeriod']['End'] + } diff --git a/roles/aws/aws_admin_tools/templates/API_GetForecastedCosts.py.j2 b/roles/aws/aws_admin_tools/templates/API_GetForecastedCosts.py.j2 new file mode 100644 index 000000000..6bed7668b --- /dev/null +++ b/roles/aws/aws_admin_tools/templates/API_GetForecastedCosts.py.j2 @@ -0,0 +1,39 @@ +import json +import calendar +from datetime import datetime +import boto3 + +costExpl = boto3.client('ce') + +def lambda_handler(event, context): + currDay=datetime.now().day + currMonth=datetime.now().month + print(currMonth) + currYear=datetime.now().year + print(currYear) + lastDay=calendar.monthrange(currYear, currMonth) + + if currMonth < 10: + currMonth = '0' + str(currMonth) + nextDay = currDay + 1 + if currDay < 10: + currDay = '0' + str(currDay) + if nextDay < 10: + nextDay = '0' + str(nextDay) + + startDate=str(currYear) + '-' + str(currMonth) + '-' + str(currDay) + endDate=str(currYear) + '-' + str(currMonth) + '-' + str(nextDay) + + estimatedCost = costExpl.get_cost_forecast( + TimePeriod={ + 'Start': startDate, + 'End': endDate + }, + Granularity='MONTHLY', + Metric='BLENDED_COST' + ) + return { + 'statusCode': 200, + 'Amount': estimatedCost['Total']['Amount'] + ' ' + estimatedCost['Total']['Unit'], + 'Between': estimatedCost['ForecastResultsByTime'][0]['TimePeriod']['Start'] + ' - ' + estimatedCost['ForecastResultsByTime'][0]['TimePeriod']['End'] + } diff --git a/roles/aws/aws_admin_tools/templates/API_GetListOfEC2.py.j2 b/roles/aws/aws_admin_tools/templates/API_GetListOfEC2.py.j2 new file mode 100644 index 000000000..cc6253de3 --- /dev/null +++ b/roles/aws/aws_admin_tools/templates/API_GetListOfEC2.py.j2 @@ -0,0 +1,49 @@ +import json +import boto3 + +# Defining Clients +ec2_cli = boto3.client("ec2", region_name="{{ _aws_region }}") + +def lambda_handler(event, context): + + print("Gathering instance details.") + ec2_instances=ec2_cli.describe_instances() + + instance_exist = False + Ec2_info_list=[] + + for reservation in ec2_instances["Reservations"]: + for instance in reservation["Instances"]: + pub_ip = "" + priv_ip = "" + inst_name = "" + + if "PublicIpAddress" in instance: + pub_ip = instance['PublicIpAddress'] + else: + pub_ip = "-" + if "PrivateIpAddress" in instance: + priv_ip = instance['PrivateIpAddress'] + else: + priv_ip = "-" + + if "Tags" in instance: + for name in instance['Tags']: + if name['Key'] == 'Name': + inst_name = name['Value'] + else: + inst_name = "-" + + new_dict={ + 'EC2 name': inst_name, + 'State': instance['State'], + 'Public IP': pub_ip, + 'Private IP': priv_ip, + 'Instance type': instance['InstanceType'] + } + Ec2_info_list.append(new_dict) + + return { + 'statusCode': 200, + 'EC2 info': Ec2_info_list + } diff --git a/roles/aws/aws_admin_tools/templates/API_tmp.j2 b/roles/aws/aws_admin_tools/templates/API_tmp.j2 new file mode 100644 index 000000000..83608d358 --- /dev/null +++ b/roles/aws/aws_admin_tools/templates/API_tmp.j2 @@ -0,0 +1,8 @@ +import json + +def lambda_handler(event, context): + + return { + 'statusCode': 200, + 'body': "Yey" + } diff --git a/roles/aws/aws_admin_tools/templates/trusted_entitites.j2 b/roles/aws/aws_admin_tools/templates/trusted_entitites.j2 new file mode 100644 index 000000000..fb84ae9de --- /dev/null +++ b/roles/aws/aws_admin_tools/templates/trusted_entitites.j2 @@ -0,0 +1,12 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} diff --git a/roles/aws/aws_ec2_with_eip/tasks/main.yml b/roles/aws/aws_ec2_with_eip/tasks/main.yml index 8e0e5be7b..dee50043d 100644 --- a/roles/aws/aws_ec2_with_eip/tasks/main.yml +++ b/roles/aws/aws_ec2_with_eip/tasks/main.yml @@ -163,7 +163,7 @@ tag:Name: "{{ aws_ec2_with_eip.instance_name }}" register: _aws_ec2_with_eip_instances_eip -- name: allocate a new elastic IP inside a VPC +- name: Allocate a new elastic IP inside a VPC. amazon.aws.ec2_eip: region: "{{ aws_ec2_with_eip.region }}" in_vpc: true diff --git a/roles/aws/aws_sg_iptables/tasks/main.yml b/roles/aws/aws_sg_iptables/tasks/main.yml index baa4fc575..826a29494 100644 --- a/roles/aws/aws_sg_iptables/tasks/main.yml +++ b/roles/aws/aws_sg_iptables/tasks/main.yml @@ -7,7 +7,7 @@ - name: Set list of commands for tcp/udp in include_tasks: tcp_udp_string.yml - loop: "{{ q( 'ansible.builtin.subelements', _glob, 'ports', { 'skip_missing': True }) }}" + loop: "{{ q('ansible.builtin.subelements', _glob, 'ports', {'skip_missing': True}) }}" - name: Remove priority element from dict. ansible.builtin.set_fact: @@ -29,7 +29,7 @@ - name: Set list of commands four tcp/udp out include_tasks: tcp_udp_string.yml - loop: "{{ q( 'ansible.builtin.subelements', _glob, 'ports', { 'skip_missing': True }) }}" + loop: "{{ q('ansible.builtin.subelements', _glob, 'ports', {'skip_missing': True}) }}" - name: Set list of commands for icmp in include_tasks: icmp_string.yml