---
# vorher muss noch die Ansible Vault erzeugt werden:
#
# ansible-vault create aws_credentials.yml
# folgender Inhalt:
# ---
# AWS_ACCESS_ID: 'IhrAWSAccessID'
# AWS_ACCESS_KEY: 'IhrAWSSecretKey'
#
# das Vault Passwort sollte ebenfalls aus einer Datei gelesen werden, z.B.:
# /root/vault_pw
#
- name: Setup AWS environment using Ansible Vault
  hosts: localhost
  gather_facts: no

  vars_files:
    - aws_credentials.yml

  tasks:
    - name: Create .aws directory
      file:
        path: "{{ ansible_env.HOME }}/.aws"
        state: directory
        mode: '0755'

    - name: Set AWS region config
      copy:
        dest: "{{ ansible_env.HOME }}/.aws/config"
        content: |
          [default]
          region = eu-central-1
        mode: '0640'

    - name: Set AWS credentials from Vault
      copy:
        dest: "{{ ansible_env.HOME }}/.aws/credentials"
        content: |
          [default]
          aws_access_key_id = {{ AWS_ACCESS_ID }}
          aws_secret_access_key = {{ AWS_ACCESS_KEY }}
        mode: '0640'