bastion-instance.yaml

---
- name: Configure Bastion Host for Vprofile Project
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:
    - name: Import VPC Setup Variable
      include_vars: vars/vpc_setup

    - name: Import VPC Setup Variable
      include_vars: vars/vpc_output_vars

    - name: Create vprofile EC2 Key
      ec2_key:
        name: vprofile-key
        region: "{{ region }}"
      register: key_out

    - name: Save Private Key into File bastion-key.pem
      ansible.builtin.copy:
        content: "{{ key_out.key.private_key }}"
        dest: "./bastion-key.pem"
        mode: 0600
      when: key_out.changed

    - name: Create Security Group for Bastion Host
      ec2_group:
        name: bastion-host-sg
        description: Allow port 22 from everywhere and all port within sg
        region: "{{ region }}"
        vpc_id: "{{ vpcid }}"
        rules:
          - proto: tcp
            from_port: 22
            to_port: 22
            cidr_ip: "{{ my_ip }}"
      register: bastionsg_out

    - name: Creating Bastion Host
      ec2:
        key_name: vprofile-key
        region: "{{ region }}"
        instance_type: t2.micro
        image: "{{ bastion_ami }}"
        wait: yes
        wait_timeout: 300
        instance_tags:
          Name: "bastion_host"
          Project: vprofile
          Owner: DevOps Team
        exact_count: 1
        count_tag:
          Name: "bastion_host"
          Project: vprofile
          Owner: DevOps Team
        group_id: "{{ bastionsg_out.group_id }}"
        vpc_subnet_id: "{{ pubsub1id }}"
      register: bastionhost_out

    - name: Insert/Update "bastion_sgid" in vars/vpc_output_vars
      ansible.builtin.blockinfile:
        path: vars/vpc_output_vars
        backup: yes
        block: |
          bastion_sgid: {{ bastionsg_out.group_id }}