125 lines
3.7 KiB
YAML
125 lines
3.7 KiB
YAML
---
|
|
- name: Create Cloud Infra
|
|
hosts: localhost
|
|
gather_facts: false
|
|
vars:
|
|
aws_vpc_name: aws-test-vpc
|
|
aws_owner_tag: default
|
|
aws_purpose_tag: ansible_demo
|
|
aws_tenancy: default
|
|
aws_vpc_cidr_block: 10.0.0.0/16
|
|
aws_subnet_cidr: 10.0.1.0/24
|
|
aws_sg_name: aws-test-sg
|
|
aws_subnet_name: aws-test-subnet
|
|
aws_rt_name: aws-test-rt
|
|
|
|
tasks:
|
|
- name: Create VPC
|
|
amazon.aws.ec2_vpc_net:
|
|
state: present
|
|
name: "{{ aws_vpc_name }}"
|
|
cidr_block: "{{ aws_vpc_cidr_block }}"
|
|
tenancy: "{{ aws_tenancy }}"
|
|
region: "{{ create_vm_aws_region }}"
|
|
tags:
|
|
owner: "{{ aws_owner_tag }}"
|
|
purpose: "{{ aws_purpose_tag }}"
|
|
register: aws_vpc
|
|
|
|
- name: Create internet gateway
|
|
amazon.aws.ec2_vpc_igw:
|
|
state: present
|
|
vpc_id: "{{ aws_vpc.vpc.id }}"
|
|
region: "{{ create_vm_aws_region }}"
|
|
tags:
|
|
Name: "{{ aws_vpc_name }}"
|
|
owner: "{{ aws_owner_tag }}"
|
|
purpose: "{{ aws_purpose_tag }}"
|
|
register: aws_gateway
|
|
|
|
- name: Create security group internal
|
|
amazon.aws.ec2_security_group:
|
|
state: present
|
|
name: "{{ aws_sg_name }}"
|
|
region: "{{ create_vm_aws_region }}"
|
|
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
|
|
rules:
|
|
- proto: tcp
|
|
ports:
|
|
- 80 # HTTP
|
|
- 443 # HTTPS
|
|
- 22 # SSH
|
|
- 5986 # WinRM
|
|
- 3389 # RDP
|
|
- 9090 # Cockpit
|
|
cidr_ip: 0.0.0.0/0
|
|
- proto: icmp
|
|
to_port: -1
|
|
from_port: -1
|
|
cidr_ip: 0.0.0.0/0
|
|
- proto: tcp
|
|
ports:
|
|
- 80 # HTTP
|
|
- 5986 # WinRM
|
|
- 3389 # RDP
|
|
- 53 # DNS
|
|
- 88 # Kerberos Authentication
|
|
- 135 # RPC
|
|
- 139 # Netlogon
|
|
- 389 # LDAP
|
|
- 445 # SMB
|
|
- 464 # Kerberos Authentication
|
|
- 5432 # PostgreSQL
|
|
- 636 # LDAPS (LDAP over TLS)
|
|
- 873 # Rsync
|
|
- 3268-3269 # Global Catalog
|
|
- 1024-65535 # Ephemeral RPC ports
|
|
cidr_ip: "{{ aws_vpc_cidr_block }}"
|
|
- proto: udp
|
|
ports:
|
|
- 53 # DNS
|
|
- 88 # Kerberos Authentication
|
|
- 123 # NTP
|
|
- 137-138 # Netlogon
|
|
- 389 # LDAP
|
|
- 445 # SMB
|
|
- 464 # Kerberos Authentication
|
|
- 1024-65535 # Ephemeral RPC ports
|
|
cidr_ip: "{{ aws_vpc_cidr_block }}"
|
|
rules_egress:
|
|
- proto: -1
|
|
cidr_ip: 0.0.0.0/0
|
|
vpc_id: "{{ aws_vpc.vpc.id }}"
|
|
tags:
|
|
Name: "{{ aws_sg_name }}"
|
|
owner: "{{ aws_owner_tag }}"
|
|
purpose: "{{ aws_purpose_tag }}"
|
|
|
|
- name: Create a subnet on the VPC
|
|
amazon.aws.ec2_vpc_subnet:
|
|
state: present
|
|
vpc_id: "{{ aws_vpc.vpc.id }}"
|
|
cidr: "{{ aws_subnet_cidr }}"
|
|
region: "{{ create_vm_aws_region }}"
|
|
map_public: true
|
|
tags:
|
|
Name: "{{ aws_subnet_name }}"
|
|
owner: "{{ aws_owner_tag }}"
|
|
purpose: "{{ aws_purpose_tag }}"
|
|
register: aws_subnet
|
|
|
|
- name: Create a subnet route table
|
|
amazon.aws.ec2_vpc_route_table:
|
|
state: present
|
|
vpc_id: "{{ aws_vpc.vpc.id }}"
|
|
region: "{{ create_vm_aws_region }}"
|
|
subnets:
|
|
- "{{ aws_subnet.subnet.id }}"
|
|
routes:
|
|
- dest: 0.0.0.0/0
|
|
gateway_id: "{{ aws_gateway.gateway_id }}"
|
|
tags:
|
|
Name: "{{ aws_rt_name }}"
|
|
owner: "{{ aws_owner_tag }}"
|
|
purpose: "{{ aws_purpose_tag }}"
|