-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathiac-destroy.yml
56 lines (53 loc) · 2.77 KB
/
iac-destroy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#############################################################################
# Copyright (c) 2020-2021 DBSentry Corp. All Rights Reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# You may obtain a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
# #
#############################################################################
# iac-deploy.yml
# Playbook to deploy IaC code using Terraform.
#############################################################################
- name: Deploy IaC code
hosts: all
connection: local
gather_facts: no
vars:
aws_account_name: "{{ group_names[0] }}"
aws_account_name_list: "{{ groups.keys() | reject('match', 'all') | reject('match', 'ungrouped') }}"
tf_target_state: "absent"
tf_blast_radius_all: "all"
pre_tasks:
- name: Read Secret Variable
include_vars:
file: aws-deploy-secrets.yml
name: aws_secret_vars
tags:
- always
- name: Set Variables
set_fact:
aws_access_key_id: "{{ aws_secret_vars[all_vars.org_account_name + '_aws_access_key_id'] }}"
aws_secret_access_key: "{{ aws_secret_vars[all_vars.org_account_name + '_aws_secret_access_key'] }}"
aws_default_region: "{{ aws_secret_vars[all_vars.org_account_name + '_aws_default_region'] }}"
tf_bucket: "{{ all_vars.tfstate_namespace + '-' + aws_account_name + '-' + all_vars.tfstate_name + '-state'}}"
tf_dynamodb_table: "{{ all_vars.tfstate_namespace + '-' + aws_account_name + '-' + all_vars.tfstate_name + '-state-lock'}}"
tf_blast_radius: "{{ ansible_run_tags | sort(reverse=True) }}"
tags:
- always
- block:
- name: Destroy cannot be run for all
debug:
msg: "Destroy cannot be run for ALL stacks. Narrow down using --tags. Exiting..."
- meta: end_play
when: tf_blast_radius_all in tf_blast_radius
roles:
- { role: iac-aws, secrets: "{{ aws_secret_vars }}", tags: ["always"] }