codeenigma · gregharvey · Sep 24, 2025 · Sep 2, 2025 · Sep 4, 2025 · Sep 8, 2025
diff --git a/roles/aws/aws_ami/tasks/repack.yml b/roles/aws/aws_ami/tasks/repack.yml
@@ -13,7 +13,7 @@
     name: aws/aws_vpc
     tasks_from: security_group
   vars:
-    aws_vpc:
+    aws_vpc_sg:
       profile: "{{ aws_ami.aws_profile }}"
       region: "{{ aws_ami.region }}"
       name: "{{ aws_ami.repack.cluster_name }}-repacker"

diff --git a/roles/aws/aws_backup/tasks/main.yml b/roles/aws/aws_backup/tasks/main.yml
@@ -64,7 +64,7 @@
   with_items: "{{ aws_backup.plans }}"
   loop_control:
     loop_var: plan
-  when: aws_backup.plans | length
+  when: aws_backup.plans | length > 0
 
 - name: Include aws backup validation role.
   ansible.builtin.include_role:

diff --git a/roles/aws/aws_backup_validation/tasks/testing_resources.yml b/roles/aws/aws_backup_validation/tasks/testing_resources.yml
@@ -34,7 +34,7 @@
     name: aws/aws_vpc
     tasks_from: security_group
   vars:
-    aws_vpc:
+    aws_vpc_sg:
       name: "Restore_testing"
       region: "{{ aws_ec2_autoscale_cluster.region }}"
       id: "{{ _main_vpc_info.vpcs[0].vpc_id }}"
@@ -55,7 +55,7 @@
 
 - name: Construct AWS instance type dict.
   ansible.builtin.set_fact:
-    _restore_testing_sg: "{{ aws_vpc._result['Restore_testing'] }}"
+    _restore_testing_sg: "{{ aws_vpc_sg._result['Restore_testing'] }}"
 
 - name: Remove restore testing query file.
   ansible.builtin.file:

diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
@@ -52,7 +52,7 @@
 
 - name: Set _aws_ec2_autoscale_cluster_security_group variable.
   ansible.builtin.set_fact:
-    _aws_ec2_autoscale_cluster_security_group: "{{ aws_vpc._result[aws_ec2_autoscale_cluster.name] }}"
+    _aws_ec2_autoscale_cluster_security_group: "{{ aws_vpc_sg._result[aws_ec2_autoscale_cluster.name] }}"
 
 - name: Reset subnets lists.
   ansible.builtin.set_fact:

diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml
@@ -21,24 +21,28 @@
     _combined_policies: "{{ aws_iam_role.managed_policies }}"
   when: aws_iam_role.inline_policies.action is not defined or aws_iam_role.inline_policies.action | length == 0
 
+- name: Create list of strings for predefined policies.
+  ansible.builtin.set_fact:
+    allowed_strings: ["ec2", "ecs", "backup"]
+
 - name: Create assume role policy document if predefined string is passed.
   ansible.builtin.set_fact:
     _assume_role_policy: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}"
-  when: aws_iam_role.policy_document | type_debug == 'AnsibleUnicode'
+  when: aws_iam_role.policy_document in allowed_strings
 
 - name: Create assume role policy document if template is provided.
   ansible.builtin.set_fact:
     _assume_role_policy: "{{ aws_iam_role.policy_document }}"
-  when: aws_iam_role.policy_document | type_debug != 'AnsibleUnicode'
+  when: aws_iam_role.policy_document not in allowed_strings
 
 - name: Create an IAM role.
   amazon.aws.iam_role:
     profile: "{{ aws_iam_role.aws_profile }}"
     name: "{{ aws_iam_role.name }}"
     assume_role_policy_document: "{{ _assume_role_policy }}"
     managed_policies: "{{ _combined_policies }}"
-    purge_policies: "{{ aws_iam_role.purge_policies }}"
-    tags: "{{ aws_iam_role.tags }}"
+    purge_policies: "{{ aws_iam_role.purge_policies | default(true) }}"
+    tags: "{{ aws_iam_role.tags | default({}) }}"
     create_instance_profile: "{% if aws_iam_role.policy_document == 'ec2' %}true{% else %}false{% endif %}"
     wait: true
   register: _aws_iam_role_result

diff --git a/roles/aws/aws_lambda/tasks/handle_url.yml b/roles/aws/aws_lambda/tasks/handle_url.yml
@@ -2,10 +2,14 @@
   ansible.builtin.git:
     repo: "{{ aws_lambda.function_file }}"
     dest: /tmp/funct
+    update: true
+    accept_hostkey: true
+  become: true
+  become_user: "{{ ce_provision.username }}"
 
 - name: Find all .j2 template files.
   ansible.builtin.find:
-    paths: "{{ work_dir }}/{{ repo_name }}"
+    paths: "/tmp/funct"
     patterns: "*.j2"
     recurse: true
   register: _j2_files
@@ -28,6 +32,11 @@
 
 - name: Copy a zip archive of Lambda function.
   community.general.archive:
-    path: "/tmp/funct"
+    path: "/tmp/funct/"
     dest: "{{ _ce_provision_build_dir }}/{{ aws_lambda.name }}.zip"
     format: zip
+
+- name: Remove function directory
+  ansible.builtin.file:
+    path: /tmp/funct
+    state: absent
diff --git a/roles/aws/aws_vpc/defaults/main.yml b/roles/aws/aws_vpc/defaults/main.yml
@@ -1,3 +1,9 @@
+aws_vpc_sg:
+  aws_profile: "{{ _aws_profile }}"
+  region: "{{ _aws_region }}"
+  tags: {}
+  state: present
+  description: ""
 aws_vpc:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"

diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: Ensure default Security group is tagged.
   ansible.builtin.include_tasks: "security_group.yml"
   vars:
-    aws_vpc:
+    aws_vpc_sg:
       name: "default"
       id: "{{ _aws_vpc_vpc.vpc.id }}"
       description: "default VPC security group"

diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -1,6 +1,6 @@
 - name: Configure vars if looping over list.
   ansible.builtin.set_fact:
-    aws_vpc:
+    aws_vpc_sg:
       name: "{{ _sec_group.name | default('') }}"
       tags: "{{ _aws_vpc_vpc.vpc.tags | combine({'Name': _sec_group.name}) }}"
       id: "{{ _aws_vpc_vpc.vpc.id }}"
@@ -11,18 +11,18 @@
 
 - name: Create Security Group.
   amazon.aws.ec2_security_group:
-    name: "{{ aws_vpc.name }}"
-    profile: "{{ aws_vpc.aws_profile }}"
-    region: "{{ aws_vpc.region }}"
-    tags: "{{ aws_vpc.tags }}"
-    state: "{{ aws_vpc.state }}"
-    vpc_id: "{{ aws_vpc.id }}"
-    description: "{{ aws_vpc.description | default('') }}"
-    rules: "{{ aws_vpc.rules | default(omit) }}"
-    rules_egress: "{{ aws_vpc.rules_egress | default(omit) }}"
-    purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}"
+    name: "{{ aws_vpc_sg.name }}"
+    profile: "{{ aws_vpc_sg.aws_profile }}"
+    region: "{{ aws_vpc_sg.region }}"
+    tags: "{{ aws_vpc_sg.tags }}"
+    state: "{{ aws_vpc_sg.state }}"
+    vpc_id: "{{ aws_vpc_sg.id }}"
+    description: "{{ aws_vpc_sg.description }}"
+    rules: "{{ aws_vpc_sg.rules | default(omit) }}"
+    rules_egress: "{{ aws_vpc_sg.rules_egress | default(omit) }}"
+    purge_rules: "{{ aws_vpc_sg.purge_rules | default(omit) }}"
   register: _aws_vpc_result
 
 - name: Register aws_vpc SG results.
   ansible.builtin.set_fact:
-    aws_vpc: "{{ aws_vpc | combine({'_result': {aws_vpc.name: _aws_vpc_result}}, recursive=True) }}"
+    aws_vpc_sg: "{{ aws_vpc_sg | combine({'_result': {aws_vpc_sg.name: _aws_vpc_result}}, recursive=True) }}"
diff --git a/roles/aws/aws_vpc_subnet/tasks/subnet.yml b/roles/aws/aws_vpc_subnet/tasks/subnet.yml
@@ -27,7 +27,7 @@
     name: aws/aws_vpc
     tasks_from: security_group
   vars:
-    aws_vpc:
+    aws_vpc_sg:
       name: "{{ subnet.name }}"
       profile: "{{ aws_vpc_subnet.aws_profile }}"
       region: "{{ aws_vpc_subnet.region }}"