Support ebs encryption pr devel

roles/aws/aws_ami/defaults/main.yml

@@ -2,7 +2,7 @@
 aws_ami:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
-  instance_type: t2.micro
+  instance_type: t3.micro
   virtualization_type: hvm
   root_device_type: ebs
   name_filter: "debian-10-amd64-*"

roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml

@@ -14,10 +14,13 @@ aws_ec2_autoscale_cluster:
     - az: c
       cidr_block: "10.0.3.128/26"
       public_subnet: public-c
-  instance_type: t2.micro
+  instance_type: t3.micro
   key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}" # This needs to match your "provision" user SSH key.
   ami_owner: self # Default to self-created image.
-  root_volume_size: 40
+  root_volume_size: 30
+  root_volume_type: gp2 # available options - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
+  root_volume_encrypted: false
+  root_volume_delete_on_termination: true
   ebs_optimized: true
   encrypt_boot: false # Whether to encrypt the EBS volumes or not.
   ami_playbook_file: "{{ playbook_dir }}/ami.yml"
@@ -91,7 +94,7 @@ aws_ec2_autoscale_cluster:
   # Associated RDS instance.
   rds:
     rds: false # wether to create an instance.
-    db_instance_class: db.m5.large
+    db_instance_class: db.t3.medium
     #db_cluster_identifier: example-aurora-cluster
     engine: mariadb
     aurora_reader: false

roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml

@@ -168,6 +168,9 @@
     volumes:
       - device_name: /dev/xvda
         volume_size: "{{ aws_ec2_autoscale_cluster.root_volume_size }}"
+        volume_type: "{{ aws_ec2_autoscale_cluster.root_volume_type }}"
+        encrypted: "{{ aws_ec2_autoscale_cluster.root_volume_encrypted }}"
+        delete_on_termination: "{{ aws_ec2_autoscale_cluster.root_volume_delete_on_termination }}"
   register: _aws_ec2_lc_created
   when:
     - aws_ec2_autoscale_cluster.asg_refresh

roles/aws/aws_ec2_with_eip/defaults/main.yml

@@ -2,7 +2,7 @@
 aws_ec2_with_eip:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
-  instance_type: t2.micro
+  instance_type: t3.micro
   key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}" # This needs to match your "provision" user SSH key.
   ami_name: "{{ _domain_name }}" # The name of an AMI image to use. Image must exists in the same region.
   ami_owner: self # Default to self-created image.
@@ -11,10 +11,13 @@ aws_ec2_with_eip:
   vpc_subnet_profile: core # if you are looking up subnets we need a Profile tag to search against
   # An IAM Role name to associate with the instance.
   iam_role_name: "example"
-  state: started
+  state: running
   termination_protection: false # set to true to disable termination and avoid accidents
   instance_name: "{{ _domain_name }}"
   root_volume_size: 80
+  root_volume_type: gp2 # available options - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
+  root_volume_encrypted: false
+  root_volume_delete_on_termination: true
   ebs_optimized: true
   security_groups: []
   tags:

roles/aws/aws_ec2_with_eip/tasks/main.yml

@@ -99,7 +99,9 @@
       - device_name: /dev/xvda
         ebs:
           volume_size: "{{ aws_ec2_with_eip.root_volume_size }}"
-          delete_on_termination: true
+          delete_on_termination: "{{ aws_ec2_with_eip.root_volume_delete_on_termination }}"
+          volume_type: "{{ aws_ec2_with_eip.root_volume_type }}"
+          encrypted: "{{ aws_ec2_with_eip.root_volume_encrypted }}"
   register: aws_ec2_with_eip_instances
 
 - name: Check if we have an existing EIP.

roles/aws/aws_rds/defaults/main.yml

@@ -7,7 +7,7 @@ aws_rds:
     - subnet-bbbbbbbb
   name: example
   tags: {}
-  db_instance_class: db.m5.large
+  db_instance_class: db.t3.medium
   state: present
   description: example
   engine: mariadb