setup_sg_keypair.yml

---  

- name: "setup keypair and security groups"
  hosts: localhost
  gather_facts: no

  vars:
    aws_region: us-west-2  # If not specified then the value of the EC2_REGION environment variable, if any, is used.

    sg_allowed_ip: 0.0.0.0/0
    keyname: jenkins_access

    # vpc_id: added to group_vars/all by script 'setup_vpc_subnets.yml' at runtime

  tasks:
    - name: create jenkins security group  
      local_action:
        module: ec2_group
        vpc_id: "{{ vpc_id }}"
        region: "{{ aws_region }}"
        name: jenkins    
        description: security group for jenkins host
        rules:
          # allow ssh access from your ip address  
          - proto: tcp  
            from_port: 22  
            to_port: 22  
            cidr_ip: "{{ sg_allowed_ip }}"  
          # allow http access from anywhere  
          - proto: tcp  
            from_port: 80    
            to_port: 80    
            cidr_ip: 0.0.0.0/0  
        rules_egress:
          - proto: all
            cidr_ip: 0.0.0.0/0
      register: sg

    - name: write group_id to group_vars/all file
      local_action: shell echo "\ngroup_id:" "{{ sg.group_id }}"
                      >>  group_vars/all

    - name: create key pair main_access
      local_action:  
        module: ec2_key  
        region: "{{ aws_region }}"
        name: "{{ keyname }}"
      register: mykey
    - name: write key pair to file
      local_action: shell echo "{{ item.value.private_key }}" > "{{ keyname }}".pem && chmod 600 "{{ keyname }}".pem
      with_dict: mykey
      when: item.value.private_key is defined