ansible/test/integration/targets/ec2_instance/tasks/termination_protection.yml

- block:
    - name: set connection information for all tasks
      set_fact:
        aws_connection_info: &aws_connection_info
          aws_access_key: "{{ aws_access_key }}"
          aws_secret_key: "{{ aws_secret_key }}"
          security_token: "{{ security_token }}"
          region: "{{ aws_region }}"
      no_log: true

    - name: Make termination-protected instance in the testing subnet created in the test VPC
      ec2_instance:
        name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
        image_id: "{{ ec2_ami_image[aws_region] }}"
        tags:
          TestId: "{{ resource_prefix }}"
        security_groups: "{{ sg.group_id }}"
        vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
        termination_protection: true
        instance_type: t2.micro
        state: running
        wait: yes
        <<: *aws_connection_info
      register: in_test_vpc

    - name: Make termination-protected instance in the testing subnet created in the test VPC(check mode)
      ec2_instance:
        name: "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
        image_id: "{{ ec2_ami_image[aws_region] }}"
        tags:
          TestId: "{{ resource_prefix }}"
        security_groups: "{{ sg.group_id }}"
        vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
        termination_protection: true
        instance_type: t2.micro
        <<: *aws_connection_info
      check_mode: yes

    - name: "fact presented ec2 instance"
      ec2_instance_info:
        filters:
          "tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc"
          "instance-state-name": "running"
        <<: *aws_connection_info
      register: presented_instance_fact

    - name: "fact checkmode ec2 instance"
      ec2_instance_info:
        filters:
          "tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
        <<: *aws_connection_info
      register: checkmode_instance_fact

    - name: "Confirm whether the check mode is working normally."
      assert:
        that:
          - "{{ presented_instance_fact.instances | length }} > 0"
          - "'{{ presented_instance_fact.instances.0.state.name }}' in ['running', 'pending']"
          - "{{ checkmode_instance_fact.instances | length }} == 0"

    - name: Try to terminate the instance
      ec2_instance:
        state: absent
        name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
        image_id: "{{ ec2_ami_image[aws_region] }}"
        tags:
          TestId: "{{ resource_prefix }}"
        security_groups: "{{ sg.group_id }}"
        vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
        termination_protection: true
        instance_type: t2.micro
        <<: *aws_connection_info
      register: bad_terminate
      ignore_errors: yes
    - name: Cannot terminate protected instance
      assert:
        that:
          - bad_terminate is failed
    - name: Alter termination protection setting
      ec2_instance:
        name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
        image_id: "{{ ec2_ami_image[aws_region] }}"
        vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
        termination_protection: false
        instance_type: t2.micro
        <<: *aws_connection_info
    - name: Try to terminate the instance again (should work)
      ec2_instance:
        name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
        image_id: "{{ ec2_ami_image[aws_region] }}"
        vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
        instance_type: t2.micro
        state: absent
        wait: false
        <<: *aws_connection_info
      register: terminate_results
    - assert:
        that: terminate_results is not failed

  always:
    - name: Terminate instance
      ec2_instance:
        filters:
          tag:TestId: "{{ resource_prefix }}"
        state: absent
        wait: false
        <<: *aws_connection_info
      register: result
      ignore_errors: yes