codeenigma · matej5 · Mar 28, 2025 · Mar 28, 2025
diff --git a/roles/_init/tasks/main.yml b/roles/_init/tasks/main.yml
@@ -37,7 +37,7 @@
   when: _init.lock_file | length > 0
 
 # Load Linux services into ansible_facts.services.
-- name: Populate service facts
+- name: Populate service facts.
   ansible.builtin.service_facts:
 
 - name: Set "tracking" file for the playbook.
@@ -97,7 +97,7 @@
   loop_control:
     loop_var: _init_vars_dir_md5
 
-- name: Lookup current playbook md5
+- name: Lookup current playbook md5.
   ansible.builtin.set_fact:
     previous_play_dir_md5: "{{ lookup('file', '{{ _ce_provision_data_dir }}/{{ current_play_md5_file }}') }}"
 

diff --git a/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml b/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create amazon ip reputation rule
+- name: Create amazon ip reputation rule.
   ansible.builtin.set_fact:
     amazon_ip_reputation:
       name: "AWS-AWSManagedRulesAmazonIpReputationList"
@@ -27,6 +27,6 @@
   ansible.builtin.set_fact:
     amazon_ip_reputation: "{{ amazon_ip_reputation | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [amazon_ip_reputation] }}"
diff --git a/roles/aws/aws_acl/tasks/anonymous_ip_list.yml b/roles/aws/aws_acl/tasks/anonymous_ip_list.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create anonymous ip list rule
+- name: Create anonymous ip list rule.
   ansible.builtin.set_fact:
     anonymous_ip_list:
       name: "AWS-AWSManagedRulesAnonymousIpList"
@@ -30,6 +30,6 @@
   ansible.builtin.set_fact:
     anonymous_ip_list: "{{ anonymous_ip_list | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [anonymous_ip_list] }}"
diff --git a/roles/aws/aws_acl/tasks/bot_control.yml b/roles/aws/aws_acl/tasks/bot_control.yml
@@ -1,5 +1,5 @@
 ---
-- name: Define empty action rule list
+- name: Define empty action rule list.
   ansible.builtin.set_fact:
     _action_rules: []
 
@@ -60,17 +60,17 @@
           action_to_use:
             block: {}
 
-  - name: Attach common action rules to list
+  - name: Attach common action rules to list.
     ansible.builtin.set_fact:
       _action_rules: "{{ _action_rules | default([]) + _action_rules_common }}"
 
-  - name: Define common config
+  - name: Define common config.
     ansible.builtin.set_fact:
       _rule_config:
         - a_w_s_managed_rules_bot_control_rule_set:
             inspection_level: "COMMON"
 
-- name: Define targeted actions rules
+- name: Define targeted actions rules.
   when: _acl.rules.bot_control.target == "TARGETED"
   block:
     - name: Define targeted actions
@@ -98,11 +98,11 @@
             action_to_use:
               block: {}
 
-    - name: Attach targeted action rules to list
+    - name: Attach targeted action rules to list.
       ansible.builtin.set_fact:
         _action_rules: "{{ _action_rules | default([]) + _action_rules_tgt }}"
 
-    - name: Define targeted config
+    - name: Define targeted config.
       ansible.builtin.set_fact:
         _rule_config:
           - a_w_s_managed_rules_bot_control_rule_set:

diff --git a/roles/aws/aws_acl/tasks/cc_rules.yml b/roles/aws/aws_acl/tasks/cc_rules.yml
@@ -1,9 +1,9 @@
 ---
-- name: Set action string
+- name: Set action string.
   ansible.builtin.set_fact:
     _action: "{ {{ _cc_set.action }}: {} }"
 
-- name: Create country block rule
+- name: Create country block rule.
   ansible.builtin.set_fact:
     cc_rule:
       name: "{{ _cc_set.name }}"
@@ -25,6 +25,6 @@
   ansible.builtin.set_fact:
     cc_rule: "{{ cc_rule | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [cc_rule] }}"
diff --git a/roles/aws/aws_acl/tasks/common_rule_set.yml b/roles/aws/aws_acl/tasks/common_rule_set.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create common rule set rule
+- name: Create common rule set rule.
   ansible.builtin.set_fact:
     common_rule_set:
       name: "AWS-AWSManagedRulesCommonRuleSet"
@@ -23,6 +23,6 @@
   ansible.builtin.set_fact:
     common_rule_set: "{{ common_rule_set | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [common_rule_set] }}"
diff --git a/roles/aws/aws_acl/tasks/create_acl.yml b/roles/aws/aws_acl/tasks/create_acl.yml
@@ -3,7 +3,7 @@
   ansible.builtin.set_fact:
     _rules: []
 
-- name: Set priority dict
+- name: Set priority dict.
   set_fact:
     _priority_dict: {}
 
@@ -82,10 +82,6 @@
     - _acl.rules.anonymous_ip_list is defined
     - _acl.rules.anonymous_ip_list.enabled
 
-- name: Print the rules
-  ansible.builtin.debug:
-    msg: "{{ _rules }}"
-
 - name: Create web acl.
   community.aws.wafv2_web_acl:
     name: "{{ _acl.name }}" # Member must satisfy regular expression pattern: ^[\\w\\-]+$

diff --git a/roles/aws/aws_acl/tasks/cyber_sec.yml b/roles/aws/aws_acl/tasks/cyber_sec.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create cyber security rule
+- name: Create cyber security rule.
   ansible.builtin.set_fact:
     cyber_sec_rule:
       name: "CyberSecurityCloud-HighSecurityOWASPSet"
@@ -55,6 +55,6 @@
   ansible.builtin.set_fact:
     cyber_sec_rule: "{{ cyber_sec_rule | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [cyber_sec_rule] }}"
diff --git a/roles/aws/aws_acl/tasks/increase_priority.yml b/roles/aws/aws_acl/tasks/increase_priority.yml
@@ -1,12 +1,12 @@
 ---
-- name: Increase counter
+- name: Increase counter.
   ansible.builtin.set_fact:
     _priority: "{{ _priority | default(0) | int + 1 }}"
 
-- name: Set dict string
+- name: Set dict string.
   ansible.builtin.set_fact:
     _priority_dict_string: "{ priority: {{ _priority }} }"
 
-- name: Set dict
+- name: Set dict.
   ansible.builtin.set_fact:
     _priority_dict: "{{ _priority_dict_string | from_yaml }}"
diff --git a/roles/aws/aws_acl/tasks/ip_sets.yml b/roles/aws/aws_acl/tasks/ip_sets.yml
@@ -17,7 +17,7 @@
     region: "{{ _acl.region }}"
   register: _ip_set_info
 
-- name: Set action string
+- name: Set action string.
   ansible.builtin.set_fact:
     _action: "{ {{ _ip_set.action }}: {} }"
 

diff --git a/roles/aws/aws_acl/tasks/known_bad_inputs.yml b/roles/aws/aws_acl/tasks/known_bad_inputs.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create known bad inputs rule
+- name: Create known bad inputs rule.
   ansible.builtin.set_fact:
     known_bad_inputs:
       name: "AWS-AWSManagedRulesKnownBadInputsRuleSet"
@@ -23,6 +23,6 @@
   ansible.builtin.set_fact:
     known_bad_inputs: "{{ known_bad_inputs | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [known_bad_inputs] }}"
diff --git a/roles/aws/aws_acl/tasks/php_rule_set.yml b/roles/aws/aws_acl/tasks/php_rule_set.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create php rule set rule
+- name: Create php rule set rule.
   ansible.builtin.set_fact:
     php_rule_set:
       name: "AWS-AWSManagedRulesPHPRuleSet"
@@ -23,6 +23,6 @@
   ansible.builtin.set_fact:
     php_rule_set: "{{ php_rule_set | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [php_rule_set] }}"
diff --git a/roles/aws/aws_acl/tasks/rate_limit.yml b/roles/aws/aws_acl/tasks/rate_limit.yml
@@ -1,9 +1,9 @@
 ---
-- name: Set rate based statement from template
+- name: Set rate based statement from template.
   ansible.builtin.set_fact:
     _rbs: "{{ lookup('ansible.builtin.template', './rate_limit.j2') | from_yaml }}"
 
-- name: Set action statement
+- name: Set action statement.
   ansible.builtin.set_fact:
     _action: "{ {{ _acl.rules.rate_limit.action | default('block') }}: {} }"
 

diff --git a/roles/aws/aws_acl/tasks/regular_rule.yml b/roles/aws/aws_acl/tasks/regular_rule.yml
@@ -1,9 +1,9 @@
 ---
-- name: Set action string
+- name: Set action string.
   ansible.builtin.set_fact:
     _action: "{ {{ _reg_rule.action }}: {} }"
 
-- name: Set statement string
+- name: Set statement string.
   ansible.builtin.set_fact:
     _statements: ""
 
@@ -16,12 +16,12 @@
   loop_control:
     loop_var: _stat
 
-- name: Encapsulate statement with type
+- name: Encapsulate statement with type.
   ansible.builtin.set_fact:
     _statements: "{ {{ _reg_rule.statements_type }}_statement: { statements: [{{ _statements }}] } }"
   when: _reg_rule.statements_type != "single"
 
-- name: Create regular rule
+- name: Create regular rule.
   ansible.builtin.set_fact:
     regular_rule:
         name: "{{ _reg_rule.name }}"
@@ -41,6 +41,6 @@
   ansible.builtin.set_fact:
     regular_rule: "{{ regular_rule | combine(_priority_dict) }}"
 
-- name: Add rule to list
+- name: Add rule to list.
   ansible.builtin.set_fact:
     _rules: "{{ _rules + [regular_rule] }}"
diff --git a/roles/aws/aws_acl/tasks/regular_rule_statements.yml b/roles/aws/aws_acl/tasks/regular_rule_statements.yml
@@ -1,19 +1,19 @@
 ---
-- name: Add comma if _statement already has element
+- name: Add comma if _statement already has element.
   ansible.builtin.set_fact:
     _statements: "{{ _statements }}, "
   when: _statements != ''
 
-- name: Set field match string for SingleHeader
+- name: Set field match string for SingleHeader.
   ansible.builtin.set_fact:
     _ftm: "{ single_header: { name: \"user-agent\"} }"
   when: _stat.inspect == "SingleHeader"
 
-- name: Set field match string for SingleHeader
+- name: Set field match string for SingleHeader.
   ansible.builtin.set_fact:
     _ftm: "{ uri_path: {} }"
   when: _stat.inspect == "UriPath"
 
-- name: Set statements string
+- name: Set statements string.
   ansible.builtin.set_fact:
     _statements: "{{ _statements }}{ byte_match_statement: { search_string: {{ _stat.string }}, field_to_match: {{ _ftm }}, text_transformations: [{ priority: 0, type: {{ _stat.text_trans }} }], positional_constraint: {{ _stat.position }} } }"
diff --git a/roles/aws/aws_acl/tasks/set_priority_dict.yml b/roles/aws/aws_acl/tasks/set_priority_dict.yml
@@ -1,12 +1,12 @@
 ---
-- name: Set dict string
+- name: Set dict string.
   ansible.builtin.set_fact:
     _priority_multiplied: "{{ ((_priority | float) * 10) | int }}"
 
-- name: Set dict string
+- name: Set dict string.
   ansible.builtin.set_fact:
     _priority_dict_string: "{ priority: {{ _priority_multiplied }} }"
 
-- name: Set dict
+- name: Set dict.
   ansible.builtin.set_fact:
     _priority_dict: "{{ _priority_dict_string | from_yaml }}"
diff --git a/roles/aws/aws_admin_tools/tasks/create_methods.yml b/roles/aws/aws_admin_tools/tasks/create_methods.yml
@@ -35,7 +35,7 @@
   ansible.builtin.set_fact:
     _api_resource: "{{ _api_resource.stdout | from_json }}"
 
-- name: Put method on API gateway
+- name: Put method on API gateway.
   ansible.builtin.command: >-
     aws apigateway put-method
     --rest-api-id "{{ _api_gate.id }}"

diff --git a/roles/aws/aws_admin_tools/tasks/lambda_functions.yml b/roles/aws/aws_admin_tools/tasks/lambda_functions.yml
@@ -1,3 +1,4 @@
+# TODO use aws_lambda role here
 - name: Create S3 bucket for lambda functions.
   amazon.aws.s3_bucket:
     name: "{{ _aws_profile }}-lambda-api-functions"

diff --git a/roles/aws/aws_admin_tools/tasks/main.yml b/roles/aws/aws_admin_tools/tasks/main.yml
@@ -49,7 +49,7 @@
   ansible.builtin.set_fact:
     _api_res_list: "{{ _api_res_list.stdout | from_json | json_query('items') }}"
 
-- name: Get index of / resource from API gateway.
+- name: Get index of main "/" resource from API gateway.
   ansible.builtin.set_fact:
     _api_res_index_list: "{{ lookup('ansible.utils.index_of', _api_res_list, 'eq', '/', 'path', wantlist=True) }}"
 

diff --git a/roles/aws/aws_ami_asg_cleanup/tasks/main.yml b/roles/aws/aws_ami_asg_cleanup/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: Create a role and attach policies
+- name: Create a role and attach policies.
   amazon.aws.iam_role:
     name: LambdaAsgAmiCleanupRole
     assume_role_policy_document: "{{ lookup('template', 'assume_lambda_iam_policy.j2') }}"
@@ -8,17 +8,18 @@
       - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
   register: _created_iam_lambda_cleanup_role
 
-- name: Ensure python script is removed
+# TODO: Use aws_lambda role to create function
+- name: Ensure python script is removed.
   ansible.builtin.file:
     path: "{{ _ce_provision_build_dir }}/clean_up_ami.py"
     state: absent
 
-- name: Ensure zip file is removed
+- name: Ensure zip file is removed.
   ansible.builtin.file:
     path: "{{ _ce_provision_build_dir }}/clean_up_ami.zip"
     state: absent
 
-- name: Write Lambda function
+- name: Write Lambda function.
   ansible.builtin.template:
     src: cleanup_ami.py.j2
     dest: "{{ _ce_provision_build_dir }}/clean_up_ami.py"
@@ -35,11 +36,11 @@
 #    log_group_name: ami_asg_cleanup
 #  register: _ami_asg_log
 
-- name: Sleep for 20 seconds for IAM before Lambda creation
+- name: Sleep for 5 seconds for IAM before Lambda creation.
   ansible.builtin.wait_for:
-    timeout: 20
+    timeout: 5
 
-- name: Create Lambda function
+- name: Create Lambda function.
   amazon.aws.lambda:
     name: "clean_up_ami"
     region: "{{ _aws_region }}"
@@ -53,7 +54,7 @@
       Test: 'This is test tag'
   register: _created_iam_lambda_cleanup_function
 
-- name: Create scheduler to invoke Lambda function
+- name: Create scheduler to invoke Lambda function.
   amazon.aws.cloudwatchevent_rule:
     name: "cleanup_asg_ami_{{ _aws_resource_name }}"
     schedule_expression: "{{ aws_ami_asg_cleanup.scheduler_cron }}"