Initial commit.

Christopher M. Neill · Christopher M. Neill · commit 2ba7f2c1310e · 2015-12-01T16:34:30.000-08:00
diff --git a/ansible/group_vars/delta.yml b/ansible/group_vars/delta.yml
@@ -0,0 +1,4 @@
+---
+env: "delta"
+region: "us-west-2"
+vpc_id: "vpc-864c6be3"
diff --git a/ansible/group_vars/sg_list.yml b/ansible/group_vars/sg_list.yml
@@ -0,0 +1,15 @@
+name: security_groups
+  sg_api:  API
+  sg_bastion: Bastion
+  sg_dock: Docks
+  sg_hipache: Hipache
+  sg_mongo: MongoDB
+  sg_nat: NAT
+  sg_navi: Navi
+  sg_neo4j: Neo4J
+  sg_rabbit: RabbitMQ
+  sg_rds: RDS
+  sg_redis: Redis
+  sg_services: Services
+  sg_userland: Userland Hipache
+  sg_web: Web
diff --git a/ansible/local/hosts b/ansible/local/hosts
@@ -0,0 +1,2 @@
+[local]
+localhost
diff --git a/ansible/roles/create_sg/tasks/main.yml b/ansible/roles/create_sg/tasks/main.yml
@@ -0,0 +1,6 @@
+- name: create AWS SG
+  ec2_group:
+    name: "{{ sg_name }}"
+    description: "{{ env }} security policy for {{ descr }}"
+    vpc_id: "{{ vpc_id }}"
+    region: "{{ region }}"
diff --git a/ansible/roles/create_sg/template.yml b/ansible/roles/create_sg/template.yml
@@ -0,0 +1,48 @@
+- name: example ec2 group
+  ec2_group:
+    name: example
+    description: an example EC2 group
+    vpc_id: 12345
+    region: eu-west-1a
+    aws_secret_key: SECRET
+    aws_access_key: ACCESS
+    rules:
+      - proto: tcp
+        from_port: 80
+        to_port: 80
+        cidr_ip: 0.0.0.0/0
+      - proto: tcp
+        from_port: 22
+        to_port: 22
+        cidr_ip: 10.0.0.0/8
+      - proto: tcp
+        from_port: 443
+        to_port: 443
+        group_id: amazon-elb/sg-87654321/amazon-elb-sg
+      - proto: tcp
+        from_port: 3306
+        to_port: 3306
+        group_id: 123412341234/sg-87654321/exact-name-of-sg
+      - proto: udp
+        from_port: 10050
+        to_port: 10050
+        cidr_ip: 10.0.0.0/8
+      - proto: udp
+        from_port: 10051
+        to_port: 10051
+        group_id: sg-12345678
+      - proto: icmp
+        from_port: 8 # icmp type, -1 = any type
+        to_port:  -1 # icmp subtype, -1 = any subtype
+        cidr_ip: 10.0.0.0/8
+      - proto: all
+        # the containing group name may be specified here
+        #         group_name: example
+        #             rules_egress:
+        #                   - proto: tcp
+        #                           from_port: 80
+        #                                   to_port: 80
+        #                                           cidr_ip: 0.0.0.0/0
+        #                                                   group_name: example-other
+        #                                                           # description to use if example-other needs to be created
+        #                                                                   group_desc: other example EC2 group
diff --git a/ansible/sg_create.yml b/ansible/sg_create.yml
@@ -0,0 +1,6 @@
+---
+- hosts: all
+  vars_files:
+    - "group_vars/delta.yml"
+  roles:
+  - { role: create_sg }
