Author: | Carson Gee |
---|
New in version 1.4.
Create or terminates AWS virtual private clouds. This module has a dependency on python-boto.
parameter | required | default | choices | comments |
---|---|---|---|---|
aws_access_key | no | None | AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
aws_secret_key | no | None | AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
cidr_block | yes | The cidr block representing the VPC, e.g. 10.0.0.0/16 | ||
dns_hostnames | no | yes |
|
toggles the "Enable DNS hostname support for instances" flag |
dns_support | no | yes |
|
toggles the "Enable DNS resolution" flag |
instance_tenancy | no | default |
|
The supported tenancy options for instances launched into the VPC. |
internet_gateway | no | no |
|
Toggle whether there should be an Internet gateway attached to the VPC |
region | no | region in which the resource exists. | ||
resource_tags | yes | A dictionary array of resource tags of the form: { tag1: value1, tag2: value2 }. Tags in this list are used in conjunction with CIDR block to uniquely identify a VPC in lieu of vpc_id. Therefore, if CIDR/Tag combination does not exits, a new VPC will be created. VPC tags not on this list will be ignored. Prior to 1.7, specifying a resource tag was optional. (added in Ansible 1.6) | ||
route_tables | no | A dictionary array of route tables to add of the form: { subnets: [172.22.2.0/24, 172.22.3.0/24,], routes: [{ dest: 0.0.0.0/0, gw: igw},] }. Where the subnets list is those subnets the route table should be associated with, and the routes list is a list of routes to be in the table. The special keyword for the gw of igw specifies that you should the route should go through the internet gateway attached to the VPC. gw also accepts instance-ids in addition igw. This module is currently unable to affect the "main" route table due to some limitations in boto, so you must explicitly define the associated subnets or they will be attached to the main table implicitly. | ||
state | yes | present | Create or terminate the VPC | |
subnets | no | A dictionary array of subnets to add of the form: { cidr: ..., az: ... , resource_tags: ... }. Where az is the desired availability zone of the subnet, but it is not required. Tags (i.e.: resource_tags) is also optional and use dictionary form: { "Environment":"Dev", "Tier":"Web", ...}. All VPC subnets not in this list will be removed. | ||
validate_certs | no | yes |
|
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. (added in Ansible 1.5) |
vpc_id | no | A VPC id to terminate when state=absent | ||
wait | no | no |
|
wait for the VPC to be in state 'available' before returning |
wait_timeout | no | 300 | how long before wait gives up, in seconds |
Note
Requires boto
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Basic creation example:
local_action:
module: ec2_vpc
state: present
cidr_block: 172.23.0.0/16
resource_tags: { "Environment":"Development" }
region: us-west-2
# Full creation example with subnets and optional availability zones.
# The absence or presense of subnets deletes or creates them respectively.
local_action:
module: ec2_vpc
state: present
cidr_block: 172.22.0.0/16
resource_tags: { "Environment":"Development" }
subnets:
- cidr: 172.22.1.0/24
az: us-west-2c
resource_tags: { "Environment":"Dev", "Tier" : "Web" }
- cidr: 172.22.2.0/24
az: us-west-2b
resource_tags: { "Environment":"Dev", "Tier" : "App" }
- cidr: 172.22.3.0/24
az: us-west-2a
resource_tags: { "Environment":"Dev", "Tier" : "DB" }
internet_gateway: True
route_tables:
- subnets:
- 172.22.2.0/24
- 172.22.3.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
- subnets:
- 172.22.1.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
region: us-west-2
register: vpc
# Removal of a VPC by id
local_action:
module: ec2_vpc
state: absent
vpc_id: vpc-aaaaaaa
region: us-west-2
If you have added elements not managed by this module, e.g. instances, NATs, etc then
the delete will fail until those dependencies are removed.