-
Notifications
You must be signed in to change notification settings - Fork 10
/
create-encrypted-ami.yaml
49 lines (45 loc) · 1.4 KB
/
create-encrypted-ami.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
- name: Create encrypted AMI image
gather_facts: false
hosts: localhost
tasks:
- name: Get unencrypted RCOS AMI
ec2_ami_facts:
filters:
image-id: "{{ rhcos_ami }}"
region: "{{ region }}"
register: ami_unencrypted
- name: Get previous encrypted RHCOS AMI
ec2_ami_facts:
filters:
"tag:rhcos_version": "{{ rhcos_version }}"
"tag:latest_ami": 'true'
region: "{{ region }}"
register: ami_encrypted_old
- name: Update latest_ami tag for previous encrypted AMIs
ec2_ami:
image_id: "{{ item.image_id }}"
region: "{{ region }}"
tags:
latest_ami: 'false'
loop: "{{ ami_encrypted_old.images }}"
- name: Copy unencrypted RHCOS AMI and enable encryption
ec2_ami_copy:
source_image_id: "{{ rhcos_ami }}"
source_region: "{{ region }}"
name: "{{ ami_unencrypted.images[0]['name'] ~ '-encrypted' }}"
region: "{{ region }}"
encrypted: true
tags:
rhcos_version: "{{ rhcos_version }}"
latest_ami: 'true'
register: ami_encrypted
- name: Wait for encrypted RHCOS AMI to become available
ec2_ami_facts:
image_ids: "{{ ami_encrypted.image_id }}"
region: "{{ region }}"
register: ami_check
until: ami_check.images[0].state == 'available'
retries: 60
delay: 10
...