Move the vpc tasks to a role.

playbooks/edx-east/edx_vpc.yml

 ---
+# Sample command: ansible-playbook -c local -i localhost, edx_vpc.yml -e@/Users/feanil/src/edx-secure/cloud_migrations/vpcs/test.yml -vvv
 - name: Create a simple empty vpc
   hosts: all
   connection: local
   gather_facts: False
   vars:
     vpc_state: present
-  tasks:
-    # DO NOT use the subnet or route table sections of this command.
-    # They will delete any subnets or rts not defined here which is
-    # probably not what you want, since other services were added
-    # to the vpc whose subnets and rts are not enumerated here.
-    - name: create a vpc
-      local_action:
-        module: 'ec2_vpc_local'
-        resource_tags: '{{ vpc_tags }}'
-        cidr_block: '{{ vpc_cidr }}'
-        region: '{{ aws_region }}'
-        state: '{{ vpc_state }}'
-        internet_gateway: yes
-        wait: yes
-      register: created_vpc
-
-    # A default network acl is created when a vpc is created so each VPC
-    # should have one but we create one here that allows access to the
-    # outside world using the internet gateway.
-    - name: create public network acl
-      ec2_acl:
-        profile: "{{ profile }}"
-        name: "{{ vpc_public_acl.name }}"
-        vpc_id: "{{ created_vpc.vpc_id }}"
-        state: "present"
-        region: "{{ aws_region }}"
-        rules: "{{ vpc_public_acl.rules }}"
-      register: created_public_acl
-
-    - name: create public route table
-      ec2_rt:
-        profile: "{{ profile }}"
-        vpc_id: "{{ created_vpc.vpc_id }}"
-        region: "{{ aws_region }}"
-        state: "present"
-        name: "{{ vpc_name }}-public"
-        routes: "{{ vpc_public_route_table }}"
-      register: created_public_rt
-
-    - name: create public subnets
-      ec2_subnet:
-        profile: "{{ profile }}"
-        vpc_id: "{{ created_vpc.vpc_id }}"
-        region: "{{ aws_region }}"
-        state: "present"
-        name: "{{ item.name }}"
-        cidr: "{{ item.cidr }}"
-        az: "{{ item.az }}"
-        route_table_id: "{{ created_public_rt.id }}"
-        network_acl_id: "{{ created_public_acl.id }}"
-      with_items: vpc_public_subnets
-      register: created_public_subnets
-
-    - name: create NAT security group
-      ec2_group:
-        profile: "{{ profile }}"
-        vpc_id: "{{ created_vpc.vpc_id }}"
-        state: "present"
-        region: "{{ aws_region }}"
-        name: "{{ nat_security_group.name }}"
-        rules: "{{ nat_security_group.rules }}"
-        description: "{{ nat_security_group.description }}"
-        rules_egress: "{{ nat_security_group.rules_egress }}"
-      register: created_nat_security_group
-
-    - name: check to see if we already have a nat instance
-      local_action:
-        module: "ec2_lookup"
-        region: "{{ aws_region }}"
-        tags:
-          Name: "{{ vpc_name }}-nat-instance"
-      register: potential_existing_nat
-
-    - debug: msg="{{ potential_existing_nat }}"
-
-    - name: create nat instance
-      local_action:
-        module: 'ec2'
-        state: 'present'
-        wait: "yes"
-        source_dest_check: false
-        region: "{{ aws_region }}"
-        profile: "{{ profile }}"
-        group_id: "{{ created_nat_security_group.group_id }}"
-        key_name: "{{ vpc_nat_keypair }}"
-        vpc_subnet_id: "{{ created_public_subnets.results[0].subnet_id }}"
-        instance_type: "{{ vpc_nat_instance_type }}"
-        instance_tags:
-          Name: "{{ vpc_name }}-nat-instance"
-        image: "{{ vpc_nat_ami_id }}"
-      register: created_nat_instance
-      when: potential_existing_nat.instances|length == 0
-
-    - name: assign eip to nat
-      ec2_eip:
-        profile: "{{ profile }}"
-        region: "{{ aws_region }}"
-        instance_id: "{{ created_nat_instance.instances[0].id }}"
-        in_vpc: true
-        reuse_existing_ip_allowed: true
-      when: potential_existing_nat.instances|length == 0
-
-    - name: create private route table
-      ec2_rt:
-        profile: "{{ profile }}"
-        vpc_id: "{{ created_vpc.vpc_id }}"
-        region: "{{ aws_region }}"
-        state: "present"
-        name: "{{ vpc_name }}-private"
-        routes: "{{ vpc_private_route_table }}"
-      register: created_public_rt
-      when: potential_existing_nat.instances|length == 0
-
+  roles:
+    - edx_vpc

playbooks/roles/edx_vpc/defaults/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Defaults for role edx_vpc
+# 
+
+#
+# vars are namespace with the module name.
+#
+edx_vpc_role_name: edx_vpc
+
+#
+# OS packages
+#
+
+edx_vpc_debian_pkgs: []
+
+edx_vpc_redhat_pkgs: []

playbooks/roles/edx_vpc/handlers/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Handlers for role edx_vpc
+# 
+# Overview:
+# 
+#
+- name: notify me
+  debug: msg="stub handler"

playbooks/roles/edx_vpc/meta/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Role includes for role edx_vpc
+# 
+# Example:
+#
+# dependencies:
+#   - {
+#   role: my_role 
+#   my_role_var0: "foo"
+#   my_role_var1: "bar"
+# }

playbooks/roles/edx_vpc/tasks/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role edx_vpc
+# 
+# Overview:
+# 
+#
+# Dependencies:
+#
+# 
+# Example play:
+#
+#
+
+# DO NOT use the subnet or route table sections of this command.
+# They will delete any subnets or rts not defined here which is
+# probably not what you want, since other services were added
+# to the vpc whose subnets and rts are not enumerated here.
+- name: create a vpc
+  local_action:
+    module: 'ec2_vpc_local'
+    resource_tags: '{{ vpc_tags }}'
+    cidr_block: '{{ vpc_cidr }}'
+    region: '{{ aws_region }}'
+    state: '{{ vpc_state }}'
+    internet_gateway: yes
+    wait: yes
+  register: created_vpc
+
+# A default network acl is created when a vpc is created so each VPC
+# should have one but we create one here that allows access to the
+# outside world using the internet gateway.
+- name: create public network acl
+  ec2_acl:
+    profile: "{{ profile }}"
+    name: "{{ vpc_public_acl.name }}"
+    vpc_id: "{{ created_vpc.vpc_id }}"
+    state: "present"
+    region: "{{ aws_region }}"
+    rules: "{{ vpc_public_acl.rules }}"
+  register: created_public_acl
+
+- name: create public route table
+  ec2_rt:
+    profile: "{{ profile }}"
+    vpc_id: "{{ created_vpc.vpc_id }}"
+    region: "{{ aws_region }}"
+    state: "present"
+    name: "{{ vpc_name }}-public"
+    routes: "{{ vpc_public_route_table }}"
+  register: created_public_rt
+
+- name: create public subnets
+  ec2_subnet:
+    profile: "{{ profile }}"
+    vpc_id: "{{ created_vpc.vpc_id }}"
+    region: "{{ aws_region }}"
+    state: "present"
+    name: "{{ item.name }}"
+    cidr: "{{ item.cidr }}"
+    az: "{{ item.az }}"
+    route_table_id: "{{ created_public_rt.id }}"
+    network_acl_id: "{{ created_public_acl.id }}"
+  with_items: vpc_public_subnets
+  register: created_public_subnets
+
+- name: create NAT security group
+  ec2_group:
+    profile: "{{ profile }}"
+    vpc_id: "{{ created_vpc.vpc_id }}"
+    state: "present"
+    region: "{{ aws_region }}"
+    name: "{{ nat_security_group.name }}"
+    rules: "{{ nat_security_group.rules }}"
+    description: "{{ nat_security_group.description }}"
+    rules_egress: "{{ nat_security_group.rules_egress }}"
+  register: created_nat_security_group
+
+- name: check to see if we already have a nat instance
+  local_action:
+    module: "ec2_lookup"
+    region: "{{ aws_region }}"
+    tags:
+      - Name: "{{ vpc_name }}-nat-instance"
+  register: potential_existing_nat
+
+- debug: msg="{{ potential_existing_nat }}"
+
+- name: create nat instance
+  local_action:
+    module: 'ec2'
+    state: 'present'
+    wait: "yes"
+    source_dest_check: false
+    region: "{{ aws_region }}"
+    profile: "{{ profile }}"
+    group_id: "{{ created_nat_security_group.group_id }}"
+    key_name: "{{ vpc_nat_keypair }}"
+    vpc_subnet_id: "{{ created_public_subnets.results[0].subnet_id }}"
+    instance_type: "{{ vpc_nat_instance_type }}"
+    instance_tags:
+      Name: "{{ vpc_name }}-nat-instance"
+    image: "{{ vpc_nat_ami_id }}"
+  register: created_nat_instance
+  when: potential_existing_nat.instances|length == 0
+
+- name: assign eip to nat
+  ec2_eip:
+    profile: "{{ profile }}"
+    region: "{{ aws_region }}"
+    instance_id: "{{ created_nat_instance.instances[0].id }}"
+    in_vpc: true
+    reuse_existing_ip_allowed: true
+  when: potential_existing_nat.instances|length == 0
+
+- name: create private route table
+  ec2_rt:
+    profile: "{{ profile }}"
+    vpc_id: "{{ created_vpc.vpc_id }}"
+    region: "{{ aws_region }}"
+    state: "present"
+    name: "{{ vpc_name }}-private"
+    routes: "{{ vpc_private_route_table }}"
+  register: created_public_rt
+  when: potential_existing_nat.instances|length == 0