---
- name: Create Cloud Infra
  hosts: localhost
  gather_facts: no
  vars:
    vpc_user: workshop
    vpc_name: demo
    vpc_cidr_block: 10.0.0.0/16

  tasks:
  - name: Create VPC
    amazon.aws.ec2_vpc_net:
      state: present
      name: "{{ vpc_name }}-ansible-vpc"
      cidr_block: "{{ vpc_cidr_block }}"
      tenancy: default
      region: "{{ aws_region }}"
      tags:
        user: "{{ vpc_user }}"
        purpose: Ansible Demo 
    register: aws_vpc

  - name: Create Internet Gateway for VPC  
    amazon.aws.ec2_vpc_igw:
      state: present
      vpc_id: "{{ aws_vpc.vpc.id }}"
      region: "{{ aws_region }}"
      tags:
        Name: "{{ vpc_user }}-{{vpc_name }}-vpc-igw"
        user: "{{ vpc_user }}"
        purpose: Ansible Demo
    register: aws_gateway

  - name: Create security group internal
    amazon.aws.ec2_group: 
      state: present
      name: "{{ vpc_user }}-{{ vpc_name }}-sec-group"
      region: "{{ aws_region }}"
      description: Inbound WinRM and RDP, http for demo servers and internal AD ports 
      rules:
        - proto: tcp 
          ports:
            - 80 # HTTP
            - 443 # HTTPS
            - 22 # SSH
          cidr_ip: 0.0.0.0/0
        - proto: icmp
          to_port: -1
          from_port: -1
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          ports: 
            - 80 # HTTP
            - 5986 # WinRM
            - 3389 # RDP
            - 53 # DNS
            - 88 # Kerberos Authentication
            - 135 # RPC
            - 139 # Netlogon
            - 389 # LDAP
            - 445 # SMB
            - 464 # Kerberos Authentication
            - 5432 # PostgreSQL
            - 636 # LDAPS (LDAP over TLS)
            - 873 # Rsync 
            - 3268-3269 # Global Catalog 
            - 1024-65535 # Ephemeral RPC ports
          cidr_ip: 10.0.0.0/16
        - proto: udp 
          ports: 
            - 53 # DNS
            - 88 # Kerberos Authentication
            - 123 # NTP
            - 137-138 # Netlogon 
            - 389 # LDAP 
            - 445 # SMB
            - 464 # Kerberos Authentication
            - 1024-65535 # Ephemeral RPC ports
          cidr_ip: 10.0.0.0/16
      rules_egress:
        - proto: -1 
          cidr_ip: 0.0.0.0/0
      vpc_id: "{{ aws_vpc.vpc.id }}"
      tags:
        Name: "{{ vpc_user }}-{{ vpc_name }}-sec-group"
        user: "{{ vpc_user}}"
        purpose: Ansible Demo

  - name: Create a subnet on the VPC
    amazon.aws.ec2_vpc_subnet:
      state: present
      vpc_id: "{{ aws_vpc.vpc.id }}"
      cidr: 10.0.0.0/16
      region: "{{ aws_region }}"
      map_public: yes
      tags:
        Name: "{{ vpc_user }}-{{ vpc_name }}-subnet"
        user: "{{ vpc_user }}"
        purpose: Ansible Demo
    register: aws_subnet

  - name: Create a subnet route table 
    amazon.aws.ec2_vpc_route_table:
      state: present 
      vpc_id: "{{ aws_vpc.vpc.id }}"
      region: "{{ aws_region }}"
      subnets:
        - "{{ aws_subnet.subnet.id }}"
      routes:
        - dest: 0.0.0.0/0 
          gateway_id: "{{ aws_gateway.gateway_id }}"
      tags: 
        Name: "{{ vpc_user }}-{{ vpc_name }}-vpc-rtbl"
        user: "{{ vpc_user }}"
        purpose: Ansible Demo

  - name: Create AWS keypair
    amazon.aws.ec2_key:
      name: "{{ vpc_user }}-{{ vpc_name }}-demo-key"
      region: "{{ aws_region }}"
      key_material: "{{ aws_public_key }}"
      state: present