62 lines
2 KiB
YAML
62 lines
2 KiB
YAML
- name: set connection information for all tasks
|
|
set_fact:
|
|
aws_connection_info: &aws_connection_info
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
|
security_token: "{{ security_token }}"
|
|
region: "{{ aws_region }}"
|
|
no_log: true
|
|
|
|
- block:
|
|
- name: Create IAM role for test
|
|
iam_role:
|
|
name: "{{ resource_prefix }}-test-policy"
|
|
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
|
state: present
|
|
create_instance_profile: yes
|
|
managed_policy:
|
|
- AmazonEC2ContainerServiceRole
|
|
<<: *aws_connection_info
|
|
register: iam_role
|
|
|
|
- name: Wait for IAM role to be available, otherwise the next step will fail (Invalid IAM Instance Profile name)
|
|
command: sleep 10
|
|
|
|
- name: Make instance with an instance_role
|
|
ec2_instance:
|
|
name: "{{ resource_prefix }}-test-default-vpc"
|
|
image_id: "{{ ec2_ami_image[aws_region] }}"
|
|
security_groups: "{{ sg.group_id }}"
|
|
instance_type: t2.micro
|
|
instance_role: "{{ resource_prefix }}-test-policy"
|
|
<<: *aws_connection_info
|
|
register: instance_with_role
|
|
|
|
- assert:
|
|
that:
|
|
- 'instance_with_role.instances[0].iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
|
|
|
|
always:
|
|
- name: Terminate instance
|
|
ec2:
|
|
instance_ids: "{{ instance_with_role.instance_ids }}"
|
|
state: absent
|
|
<<: *aws_connection_info
|
|
register: removed
|
|
until: removed is not failed
|
|
ignore_errors: yes
|
|
retries: 10
|
|
|
|
- name: Delete IAM role for test
|
|
iam_role:
|
|
name: "{{ resource_prefix }}-test-policy"
|
|
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
|
state: absent
|
|
create_instance_profile: yes
|
|
managed_policy:
|
|
- AmazonEC2ContainerServiceRole
|
|
<<: *aws_connection_info
|
|
register: removed
|
|
until: removed is not failed
|
|
ignore_errors: yes
|
|
retries: 10
|