Remove lookup() usage from Ansible roles defined in this repository

[mcdonnnj]

🚀 Feature Proposal

We should remove the uses of lookup() (typically used to get AWS SSM parameters) from the Ansible roles defined in this repository and rework the values as variables to pass in through the Ansible provisioners in the Terraform configuration.

Motivation

This continues the work to make the Ansible roles defined in this project behave more like the ones defined in our GitHub organization (and based on cisagov/skeleton-ansible-role).

Example

Instead of doing

dev_users: "{{ lookup('aws_ssm', '/cyhy/dev/users').split(',') }}"

in the vars/main.yml file for a role it would instead expect that value to be passed in through the Ansible provisioner in the Terraform configuration. We can instead use a aws_ssm_parameter data source in the Terraform configuration to get the value that will be passed to the provisioner.

Example usage

Define the data source

data "aws_ssm_parameter" "dev_users" {
  name = "/cyhy/dev/users"
}

Equivalent usage in the Ansible provisioner

dev_users = split(",", data.aws_ssm_parameter.dev_users.value)

Pitch

Even though this is a legacy project we should try and keep the development practices as modern as possible.