diff --git a/playbooks/webapp/tasks/delete.yaml b/playbooks/webapp/tasks/delete.yaml index 1ae2829..929dace 100644 --- a/playbooks/webapp/tasks/delete.yaml +++ b/playbooks/webapp/tasks/delete.yaml @@ -22,54 +22,33 @@ ansible.builtin.set_fact: vpc_id: "{{ vpc.vpcs.0.vpc_id }}" - - name: Get bastion instance info + # Delete Load balancer + - name: List Load balancer(s) from VPC + community.aws.elb_classic_lb_info: + register: load_balancers + + - name: Delete load balancer(s) + amazon.aws.elb_classic_lb: + name: "{{ item }}" + wait: true + state: absent + with_items: "{{ load_balancers.elbs | selectattr('vpc_id', 'equalto', vpc_id) | map(attribute='load_balancer_name') | list }}" + + # Delete EC2 instances + - name: Get EC2 instance info amazon.aws.ec2_instance_info: filters: - instance-type: "{{ bastion_host_type }}" - key-name: "{{ deploy_flask_app_sshkey_pair_name }}" vpc-id: "{{ vpc_id }}" - instance-state-name: running - register: bastion - - - name: Delete EC2 instances with dependant Resources - when: bastion.instances | length == 1 - block: - - name: Set 'instance_host_name' variable - ansible.builtin.set_fact: - instance_host_name: "{{ bastion.instances.0.public_dns_name | split('.') | first }}" - - - name: Delete workers key pair - amazon.aws.ec2_key: - name: "{{ instance_host_name }}-key" - state: absent - - - name: Delete load balancer - amazon.aws.elb_classic_lb: - name: "{{ instance_host_name }}-lb" - wait: true - state: absent - - - name: List workers - amazon.aws.ec2_instance_info: - filters: - tag:Name: "{{ instance_host_name }}-workers" - instance-state-name: running - register: running - - - name: Delete workers - when: running.instances | length != 0 - amazon.aws.ec2_instance: - instance_ids: "{{ running.instances | map(attribute='instance_id') | list }}" - wait: true - state: terminated - - - name: Delete bastion host - amazon.aws.ec2_instance: - instance_ids: - - "{{ bastion.instances.0.instance_id }}" - wait: true - state: terminated + register: ec2_instances + + - name: Delete ec2 instances from VPC + amazon.aws.ec2_instance: + instance_ids: "{{ ec2_instances.instances | map(attribute='instance_id') | list }}" + wait: true + state: terminated + when: ec2_instances.instances | length > 0 + # Delete RDS instance - name: Delete RDS instance amazon.aws.rds_instance: state: absent @@ -87,19 +66,7 @@ name: "{{ rds_subnet_group_name }}" state: absent - - name: List Security group from VPC - amazon.aws.ec2_security_group_info: - filters: - vpc-id: "{{ vpc_id }}" - tag:prefix: "{{ resource_prefix }}" - register: secgroups - - - name: Delete security groups - amazon.aws.ec2_security_group: - state: absent - group_id: "{{ item }}" - with_items: "{{ secgroups.security_groups | map(attribute='group_id') | list }}" - + # Delete VPC route table - name: List routes table from VPC amazon.aws.ec2_vpc_route_table_info: filters: @@ -115,6 +82,7 @@ state: absent with_items: "{{ route_table.route_tables | map(attribute='id') | list }}" + # Delete NAT Gateway - name: Get NAT gateway amazon.aws.ec2_vpc_nat_gateway_info: filters: @@ -128,20 +96,39 @@ wait: true with_items: "{{ nat_gw.result | map(attribute='nat_gateway_id') | list }}" + # Delete Internet gateway - name: Delete internet gateway amazon.aws.ec2_vpc_igw: vpc_id: "{{ vpc_id }}" state: absent + # Delete Subnets + - name: List Subnets from VPC + amazon.aws.ec2_vpc_subnet_info: + filters: + vpc-id: "{{ vpc_id }}" + register: vpc_subnets + - name: Delete subnets amazon.aws.ec2_vpc_subnet: cidr: "{{ item }}" state: absent vpc_id: "{{ vpc_id }}" - with_items: "{{ subnet_cidr }}" + with_items: "{{ vpc_subnets.subnets | map(attribute='cidr_block') | list }}" + + # Delete Security groups + - name: List Security group from VPC + amazon.aws.ec2_security_group_info: + filters: + vpc-id: "{{ vpc_id }}" + register: secgroups + + - name: Delete security groups + amazon.aws.ec2_security_group: + state: absent + group_id: "{{ item }}" + with_items: "{{ secgroups.security_groups | rejectattr('group_name', 'equalto', 'default') | map(attribute='group_id') | list }}" - # As ec2_vpc_route_table can't delete route table, the vpc still has dependencies and cannot be deleted. - # You need to do it delete it manually using either the console or the cli. - name: Delete VPC amazon.aws.ec2_vpc_net: name: "{{ vpc_name }}" diff --git a/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml b/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml index c4f2742..cd99f8e 100644 --- a/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml +++ b/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml @@ -76,7 +76,7 @@ state: absent with_items: "{{ route_table.route_tables | map(attribute='id') | list }}" - # Delete VPC route table + # Delete NAT Gateway - name: Get NAT gateway amazon.aws.ec2_vpc_nat_gateway_info: filters: diff --git a/tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml b/tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml new file mode 100644 index 0000000..6c85e9a --- /dev/null +++ b/tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Write access key to file we can source + ansible.builtin.copy: + dest: access_key.sh + content: | + export AWS_ACCESS_KEY_ID="{{ aws_access_key }}" + export AWS_SECRET_ACCESS_KEY="{{ aws_secret_key }}" + export AWS_REGION="{{ aws_region }}" diff --git a/tests/integration/targets/test_playbook_webapp/runme.sh b/tests/integration/targets/test_playbook_webapp/runme.sh index 2506485..7f02bd8 100755 --- a/tests/integration/targets/test_playbook_webapp/runme.sh +++ b/tests/integration/targets/test_playbook_webapp/runme.sh @@ -1,8 +1,15 @@ #!/usr/bin/env bash +# generate inventory with access_key provided through a templated variable +ansible-playbook create_aws_credentials.yml "$@" +source access_key.sh + set -eux function cleanup() { + set +x + source access_key.sh + set -x ansible-playbook webapp.yaml -e "operation=delete" "$@" exit 1 }