- block:

  - name: set connection information for all tasks
    set_fact:
      aws_connection_info: &aws_connection_info
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        security_token: "{{ security_token }}"
        region: "{{ aws_region }}"
    no_log: yes

  - name: create certificate
    iam_cert:
      name: test_cert
      state: present
      cert: "{{ lookup('file', 'cert.pem') }}"
      key: "{{ lookup('file', 'key.pem') }}"
      <<: *aws_connection_info
    register: cert

  - name: create VPC
    ec2_vpc_net:
      cidr_block: 10.228.228.0/22
      name: "{{ resource_prefix }}_vpc"
      state: present
      <<: *aws_connection_info
    register: vpc

  - name: create internet gateway
    ec2_vpc_igw:
      vpc_id: "{{ vpc.vpc.id }}"
      state: present
      tags:
        Name: "{{ resource_prefix }}"
      <<: *aws_connection_info
    register: igw

  - name: create subnets
    ec2_vpc_subnet:
      cidr: "{{ item.cidr }}"
      az: "{{ aws_region}}{{ item.az }}"
      vpc_id: "{{ vpc.vpc.id }}"
      state: present
      tags:
        Created_By: "{{ resource_prefix }}"
        Public: "{{ item.public }}"
      <<: *aws_connection_info
    with_items:
      - cidr: 10.228.228.0/24
        az: "a"
        public: True
      - cidr: 10.228.229.0/24
        az: "b"
        public: True
      - cidr: 10.228.230.0/24
        az: "a"
        public: False
      - cidr: 10.228.231.0/24
        az: "b"
        public: False
    register: subnets

  - ec2_vpc_subnet_info:
      filters:
        vpc-id: "{{ vpc.vpc.id }}"
      <<: *aws_connection_info
    register: vpc_subnets

  - name: create list of subnet ids
    set_fact:
      nlb_subnets: "{{ vpc_subnets|json_query('subnets[?tags.Public == `True`].id') }}"
      private_subnets: "{{ vpc_subnets|json_query('subnets[?tags.Public != `True`].id') }}"

  - name: create a route table
    ec2_vpc_route_table:
      vpc_id: "{{ vpc.vpc.id }}"
      <<: *aws_connection_info
      tags:
        Name: igw-route
        Created: "{{ resource_prefix }}"
      subnets: "{{ nlb_subnets + private_subnets }}"
      routes:
        - dest: 0.0.0.0/0
          gateway_id: "{{ igw.gateway_id }}"
    register: route_table

  - ec2_group:
      name: "{{ resource_prefix }}"
      description: "security group for Ansible NLB integration tests"
      state: present
      vpc_id: "{{ vpc.vpc.id }}"
      rules:
        - proto: tcp
          from_port: 1
          to_port: 65535
          cidr_ip: 0.0.0.0/0
        - proto: all
          ports: 80
          cidr_ip: 10.228.228.0/22
      <<: *aws_connection_info
    register: sec_group

  - name: create a target group for testing
    elb_target_group:
      name: "{{ tg_name }}"
      protocol: tcp
      port: 80
      vpc_id: "{{ vpc.vpc.id }}"
      state: present
      <<: *aws_connection_info
    register: tg

  - include_tasks: test_nlb_bad_listener_options.yml
  - include_tasks: test_nlb_tags.yml
  - include_tasks: test_creating_nlb.yml
  - include_tasks: test_nlb_with_asg.yml
  - include_tasks: test_modifying_nlb_listeners.yml
  - include_tasks: test_deleting_nlb.yml

  always:

    - name: destroy NLB
      elb_network_lb:
        name: "{{ nlb_name }}"
        state: absent
        wait: yes
        wait_timeout: 600
        <<: *aws_connection_info
      ignore_errors: yes

    - name: destroy target group if it was created
      elb_target_group:
        name: "{{ tg_name }}"
        protocol: tcp
        port: 80
        vpc_id: "{{ vpc.vpc.id }}"
        state: absent
        wait: yes
        wait_timeout: 600
        <<: *aws_connection_info
      register: remove_tg
      retries: 5
      delay: 3
      until: remove_tg is success
      when: tg is defined
      ignore_errors: yes

    - name: destroy sec group
      ec2_group:
        name: "{{ sec_group.group_name }}"
        description: "security group for Ansible NLB integration tests"
        state: absent
        vpc_id: "{{ vpc.vpc.id }}"
        <<: *aws_connection_info
      register: remove_sg
      retries: 10
      delay: 5
      until: remove_sg is success
      ignore_errors: yes

    - name: remove route table
      ec2_vpc_route_table:
        vpc_id: "{{ vpc.vpc.id }}"
        route_table_id: "{{ route_table.route_table.route_table_id }}"
        lookup: id
        state: absent
        <<: *aws_connection_info
      register: remove_rt
      retries: 10
      delay: 5
      until: remove_rt is success
      ignore_errors: yes

    - name: destroy subnets
      ec2_vpc_subnet:
        cidr: "{{ item.cidr }}"
        vpc_id: "{{ vpc.vpc.id }}"
        state: absent
        <<: *aws_connection_info
      register: remove_subnet
      retries: 10
      delay: 5
      until: remove_subnet is success
      with_items:
        - cidr: 10.228.228.0/24
        - cidr: 10.228.229.0/24
        - cidr: 10.228.230.0/24
        - cidr: 10.228.231.0/24
      ignore_errors: yes

    - name: destroy internet gateway
      ec2_vpc_igw:
        vpc_id: "{{ vpc.vpc.id }}"
        tags:
          Name: "{{ resource_prefix }}"
        state: absent
        <<: *aws_connection_info
      register: remove_igw
      retries: 10
      delay: 5
      until: remove_igw is success
      ignore_errors: yes

    - name: destroy VPC
      ec2_vpc_net:
        cidr_block: 10.228.228.0/22
        name: "{{ resource_prefix }}_vpc"
        state: absent
        <<: *aws_connection_info
      register: remove_vpc
      retries: 10
      delay: 5
      until: remove_vpc is success
      ignore_errors: yes

    - name: destroy certificate
      iam_cert:
        name: test_cert
        state: absent
        <<: *aws_connection_info
      ignore_errors: yes