--- - name: get resource group info become: true become_user: root # become_method: runas hosts: localhost tasks: ## create the resource group - name: create resource_group azure_rm_resourcegroup: name: "rg-clean_room" location: westeurope ## create the vnet with subnets - name: Create virtual network vnet-clean_room azure_rm_virtualnetwork: resource_group: "rg-clean_room" name: vnet-clean_room address_prefixes: - "10.10.0.0/24" - "10.245.140.0/22" dns_servers: - "10.245.142.82" - "10.245.142.83" - name: create nsg azure.azcollection.azure_rm_securitygroup: resource_group: "rg-clean_room" name: nsg-clean-room rules: - name: DENYOUTBOUNDINTERNET protocol: "*" access: Deny priority: 100 destination_address_prefix: Internet direction: Outbound state: present - name: Add subnet clean_room azure_rm_subnet: resource_group: "rg-clean_room" name: sn-clean_room address_prefix: "10.245.140.0/24" virtual_network: vnet-clean_room security_group: name: nsg-clean-room resource_group: rg-clean_room - name: Add subnet clean_room1 azure_rm_subnet: resource_group: "rg-clean_room" name: sn-clean_room1 address_prefix: "10.245.141.0/24" virtual_network: vnet-clean_room security_group: name: nsg-clean-room resource_group: rg-clean_room - name: Add subnet clean_room2 azure_rm_subnet: resource_group: "rg-clean_room" name: sn-clean_room2 address_prefix: "10.245.142.0/24" virtual_network: vnet-clean_room security_group: name: nsg-clean-room resource_group: rg-clean_room - name: Add subnet clean_room3 azure_rm_subnet: resource_group: "rg-clean_room" name: sn-clean_room3 address_prefix: "10.245.143.0/24" virtual_network: vnet-clean_room security_group: name: nsg-clean-room resource_group: rg-clean_room - name: Add subnet Azure Bastion azure_rm_subnet: resource_group: "rg-clean_room" name: AzureBastionSubnet address_prefix: "10.10.0.0/26" virtual_network: vnet-clean_room register: bastion_subnet ## create Bastion - name: Create a public ip address azure_rm_publicipaddress: resource_group: "rg-clean_room" name: bastion_pub_ip sku: "Standard" allocation_method: static - name: get pubip info azure_rm_publicipaddress_info: resource_group: "rg-clean_room" name: bastion_pub_ip register: pub_ip #domain_name: foobar - name: check if bastion host exists azure.azcollection.azure_rm_bastionhost_info: name: "Bastion-clean_room" resource_group: rg-clean_room register: bastion - name: Create Bastion host azure.azcollection.azure_rm_bastionhost: name: "Bastion-clean_room" resource_group: "rg-clean_room" ip_configurations: - name: bastion-cr_ipconfig public_ip_address: id: "{{ pub_ip.publicipaddresses[0].id }}" subnet: id: "{{bastion_subnet.state.id}}" sku: name: "Standard" state: present when: bastion == None ## create staging storage account - name: create staging storage account azure_rm_storageaccount: resource_group: "rg-clean_room" name: sacleanroomstaging type: "Standard_LRS" kind: "StorageV2" location: westeurope public_network_access: "Enabled" - name: Create container VHDS azure_rm_storageblob: resource_group: "rg-clean_room" storage_account_name: sacleanroomstaging container: vhds environment: - AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}" - AZURE_SECRET: "{{AZURE_SECRET}}" - AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}" - AZURE_TENANT: "{{AZURE_TENANT}}"