Merged in DCD-890-aws-tagging (pull request #73)

DCD-890: Tag EC2/ASG with runtime metadata

Approved-by: Ben Partridge <bpartridge@atlassian.com>

roles/aws_common/molecule/cw-disabled/molecule.yml

@@ -16,6 +16,8 @@ provisioner:
   name: ansible
   lint:
     name: ansible-lint
+    options:
+      x: ["303", "602"]
   inventory:
     links:
       group_vars: ../../../../group_vars/

roles/aws_common/molecule/default/molecule.yml

@@ -16,6 +16,8 @@ provisioner:
   name: ansible
   lint:
     name: ansible-lint
+    options:
+      x: ["303", "602"]
   inventory:
     links:
       group_vars: ../../../../group_vars/

roles/aws_common/molecule/logs-disabled/molecule.yml

@@ -16,6 +16,8 @@ provisioner:
   name: ansible
   lint:
     name: ansible-lint
+    options:
+      x: ["303", "602"]
   inventory:
     links:
       group_vars: ../../../../group_vars/

roles/aws_common/tasks/amazon.yml

@@ -3,9 +3,11 @@
 - name: Install AWS support packages
   yum:
     name:
-      - ec2-utils
-      - amazon-ssm-agent
       - amazon-efs-utils
+      - amazon-ssm-agent
+      - awscli
+      - git
+      - ec2-utils
 
 - name: Install CloudWatch Agent
   yum:

roles/aws_common/tasks/main.yml

@@ -24,5 +24,8 @@
   notify:
     - Restart CloudWatch Agent
 
+- name: Store some metadata about this run
+  include_tasks: "write-tags.yml"
+
 - name: Initiate the startup of any new AWS services now
   meta: flush_handlers

roles/aws_common/tasks/write-tags.yml

@@ -0,0 +1,60 @@
+---
+
+- name: Retrieve all available EC2 tags
+  ec2_tag:
+    region: "{{ ansible_ec2_placement_region }}"
+    resource: "{{ ansible_ec2_instance_id }}"
+    state: list
+  register: ec2_instance_tags
+  ignore_errors: true
+  tags:
+    - notest
+
+- name: Retrieve autoscaling group
+  set_fact:
+    ec2_autoscaling_group: "{{ ec2_tags.tags['aws:autoscaling:groupName'] | default('') }}"
+
+- block:
+    # No existing timestamp, so this is a first run. Persist some metadata into the ASG.
+    - name: Fetch the git revision for this repo
+      command:
+        cmd: git rev-parse HEAD
+      register: git_out
+
+    - name: Setup the new ASG tags
+      set_fact:
+        deployment_firstrun_meta:
+          - ResourceType: "auto-scaling-group"
+            ResourceId: "{{ ec2_autoscaling_group }}"
+            PropagateAtLaunch: true
+            Key: "atl:deployment:commit"
+            Value: "{{ git_out.stdout }}"
+
+          - ResourceType: "auto-scaling-group"
+            ResourceId: "{{ ec2_autoscaling_group }}"
+            PropagateAtLaunch: true
+            Key: "atl:deployment:first-run"
+            Value: "{{ ansible_date_time.iso8601 }}"
+
+    # Set the tags on the ASG and the local instance. We need to
+    # ignore errors as it's possible we don't have the permissions,
+    # and we can't check up-front.
+    - name: Set the first-run tags on the ASG ("FAIL" is not critical)
+      command: "aws autoscaling
+                    create-or-update-tags
+                    --region {{ ansible_ec2_placement_region }}
+                    --tags '{{ deployment_firstrun_meta | to_json }}'"
+      ignore_errors: true
+
+    - name: Set the tags on the local instance ("FAIL" is not critical)
+      ec2_tag:
+        region: "{{ ansible_ec2_placement_region }}"
+        resource: "{{ ansible_ec2_instance_id }}"
+        tags:
+          "atl:deployment:commit": "{{ git_out.stdout }}"
+          "atl:deployment:first-run": "{{ ansible_date_time.iso8601 }}"
+      ignore_errors: true
+
+  when:
+    - ec2_autoscaling_group != ''
+    - ec2_instance_tags.tags['atl:deployment:first-run'] is not defined