diff --git a/roles/aws/aws_ami/tasks/repack.yml b/roles/aws/aws_ami/tasks/repack.yml index 9a9c899ca..ba74e0aec 100644 --- a/roles/aws/aws_ami/tasks/repack.yml +++ b/roles/aws/aws_ami/tasks/repack.yml @@ -13,7 +13,7 @@ name: aws/aws_vpc tasks_from: security_group vars: - aws_vpc: + aws_vpc_sg: profile: "{{ aws_ami.aws_profile }}" region: "{{ aws_ami.region }}" name: "{{ aws_ami.repack.cluster_name }}-repacker" diff --git a/roles/aws/aws_backup/tasks/main.yml b/roles/aws/aws_backup/tasks/main.yml index 5da2d0a14..10dc5889a 100644 --- a/roles/aws/aws_backup/tasks/main.yml +++ b/roles/aws/aws_backup/tasks/main.yml @@ -64,7 +64,7 @@ with_items: "{{ aws_backup.plans }}" loop_control: loop_var: plan - when: aws_backup.plans | length + when: aws_backup.plans | length > 0 - name: Include aws backup validation role. ansible.builtin.include_role: diff --git a/roles/aws/aws_backup_validation/tasks/testing_resources.yml b/roles/aws/aws_backup_validation/tasks/testing_resources.yml index 63c79421d..6b2ceed80 100644 --- a/roles/aws/aws_backup_validation/tasks/testing_resources.yml +++ b/roles/aws/aws_backup_validation/tasks/testing_resources.yml @@ -34,7 +34,7 @@ name: aws/aws_vpc tasks_from: security_group vars: - aws_vpc: + aws_vpc_sg: name: "Restore_testing" region: "{{ aws_ec2_autoscale_cluster.region }}" id: "{{ _main_vpc_info.vpcs[0].vpc_id }}" @@ -55,7 +55,7 @@ - name: Construct AWS instance type dict. ansible.builtin.set_fact: - _restore_testing_sg: "{{ aws_vpc._result['Restore_testing'] }}" + _restore_testing_sg: "{{ aws_vpc_sg._result['Restore_testing'] }}" - name: Remove restore testing query file. ansible.builtin.file: diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml index 3421e369b..2bb19d861 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml @@ -52,7 +52,7 @@ - name: Set _aws_ec2_autoscale_cluster_security_group variable. ansible.builtin.set_fact: - _aws_ec2_autoscale_cluster_security_group: "{{ aws_vpc._result[aws_ec2_autoscale_cluster.name] }}" + _aws_ec2_autoscale_cluster_security_group: "{{ aws_vpc_sg._result[aws_ec2_autoscale_cluster.name] }}" - name: Reset subnets lists. ansible.builtin.set_fact: diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml index f51b0aecd..fe75c1c50 100644 --- a/roles/aws/aws_iam_role/tasks/main.yml +++ b/roles/aws/aws_iam_role/tasks/main.yml @@ -21,15 +21,19 @@ _combined_policies: "{{ aws_iam_role.managed_policies }}" when: aws_iam_role.inline_policies.action is not defined or aws_iam_role.inline_policies.action | length == 0 +- name: Create list of strings for predefined policies. + ansible.builtin.set_fact: + allowed_strings: ["ec2", "ecs", "backup"] + - name: Create assume role policy document if predefined string is passed. ansible.builtin.set_fact: _assume_role_policy: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}" - when: aws_iam_role.policy_document | type_debug == 'AnsibleUnicode' + when: aws_iam_role.policy_document in allowed_strings - name: Create assume role policy document if template is provided. ansible.builtin.set_fact: _assume_role_policy: "{{ aws_iam_role.policy_document }}" - when: aws_iam_role.policy_document | type_debug != 'AnsibleUnicode' + when: aws_iam_role.policy_document not in allowed_strings - name: Create an IAM role. amazon.aws.iam_role: @@ -37,8 +41,8 @@ name: "{{ aws_iam_role.name }}" assume_role_policy_document: "{{ _assume_role_policy }}" managed_policies: "{{ _combined_policies }}" - purge_policies: "{{ aws_iam_role.purge_policies }}" - tags: "{{ aws_iam_role.tags }}" + purge_policies: "{{ aws_iam_role.purge_policies | default(true) }}" + tags: "{{ aws_iam_role.tags | default({}) }}" create_instance_profile: "{% if aws_iam_role.policy_document == 'ec2' %}true{% else %}false{% endif %}" wait: true register: _aws_iam_role_result diff --git a/roles/aws/aws_lambda/tasks/handle_url.yml b/roles/aws/aws_lambda/tasks/handle_url.yml index fa5ca0202..36a2eec22 100644 --- a/roles/aws/aws_lambda/tasks/handle_url.yml +++ b/roles/aws/aws_lambda/tasks/handle_url.yml @@ -2,10 +2,14 @@ ansible.builtin.git: repo: "{{ aws_lambda.function_file }}" dest: /tmp/funct + update: true + accept_hostkey: true + become: true + become_user: "{{ ce_provision.username }}" - name: Find all .j2 template files. ansible.builtin.find: - paths: "{{ work_dir }}/{{ repo_name }}" + paths: "/tmp/funct" patterns: "*.j2" recurse: true register: _j2_files @@ -28,6 +32,11 @@ - name: Copy a zip archive of Lambda function. community.general.archive: - path: "/tmp/funct" + path: "/tmp/funct/" dest: "{{ _ce_provision_build_dir }}/{{ aws_lambda.name }}.zip" format: zip + +- name: Remove function directory + ansible.builtin.file: + path: /tmp/funct + state: absent diff --git a/roles/aws/aws_vpc/defaults/main.yml b/roles/aws/aws_vpc/defaults/main.yml index 998ce60d4..ef11f5442 100644 --- a/roles/aws/aws_vpc/defaults/main.yml +++ b/roles/aws/aws_vpc/defaults/main.yml @@ -1,3 +1,9 @@ +aws_vpc_sg: + aws_profile: "{{ _aws_profile }}" + region: "{{ _aws_region }}" + tags: {} + state: present + description: "" aws_vpc: aws_profile: "{{ _aws_profile }}" region: "{{ _aws_region }}" diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml index ad461150c..710c66505 100644 --- a/roles/aws/aws_vpc/tasks/main.yml +++ b/roles/aws/aws_vpc/tasks/main.yml @@ -12,7 +12,7 @@ - name: Ensure default Security group is tagged. ansible.builtin.include_tasks: "security_group.yml" vars: - aws_vpc: + aws_vpc_sg: name: "default" id: "{{ _aws_vpc_vpc.vpc.id }}" description: "default VPC security group" diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml index 9af4121dd..b999c343e 100644 --- a/roles/aws/aws_vpc/tasks/security_group.yml +++ b/roles/aws/aws_vpc/tasks/security_group.yml @@ -1,6 +1,6 @@ - name: Configure vars if looping over list. ansible.builtin.set_fact: - aws_vpc: + aws_vpc_sg: name: "{{ _sec_group.name | default('') }}" tags: "{{ _aws_vpc_vpc.vpc.tags | combine({'Name': _sec_group.name}) }}" id: "{{ _aws_vpc_vpc.vpc.id }}" @@ -11,18 +11,18 @@ - name: Create Security Group. amazon.aws.ec2_security_group: - name: "{{ aws_vpc.name }}" - profile: "{{ aws_vpc.aws_profile }}" - region: "{{ aws_vpc.region }}" - tags: "{{ aws_vpc.tags }}" - state: "{{ aws_vpc.state }}" - vpc_id: "{{ aws_vpc.id }}" - description: "{{ aws_vpc.description | default('') }}" - rules: "{{ aws_vpc.rules | default(omit) }}" - rules_egress: "{{ aws_vpc.rules_egress | default(omit) }}" - purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}" + name: "{{ aws_vpc_sg.name }}" + profile: "{{ aws_vpc_sg.aws_profile }}" + region: "{{ aws_vpc_sg.region }}" + tags: "{{ aws_vpc_sg.tags }}" + state: "{{ aws_vpc_sg.state }}" + vpc_id: "{{ aws_vpc_sg.id }}" + description: "{{ aws_vpc_sg.description }}" + rules: "{{ aws_vpc_sg.rules | default(omit) }}" + rules_egress: "{{ aws_vpc_sg.rules_egress | default(omit) }}" + purge_rules: "{{ aws_vpc_sg.purge_rules | default(omit) }}" register: _aws_vpc_result - name: Register aws_vpc SG results. ansible.builtin.set_fact: - aws_vpc: "{{ aws_vpc | combine({'_result': {aws_vpc.name: _aws_vpc_result}}, recursive=True) }}" + aws_vpc_sg: "{{ aws_vpc_sg | combine({'_result': {aws_vpc_sg.name: _aws_vpc_result}}, recursive=True) }}" diff --git a/roles/aws/aws_vpc_subnet/tasks/subnet.yml b/roles/aws/aws_vpc_subnet/tasks/subnet.yml index 52ceaa6af..9051b066a 100644 --- a/roles/aws/aws_vpc_subnet/tasks/subnet.yml +++ b/roles/aws/aws_vpc_subnet/tasks/subnet.yml @@ -27,7 +27,7 @@ name: aws/aws_vpc tasks_from: security_group vars: - aws_vpc: + aws_vpc_sg: name: "{{ subnet.name }}" profile: "{{ aws_vpc_subnet.aws_profile }}" region: "{{ aws_vpc_subnet.region }}"