Try SpotterCreates and manage AWS Fargate profiles
| "added in version" 0.2.0 of amazon.cloud"
Authors: Ansible Cloud Team (@ansible-collections)
Install with ansible-galaxy collection install amazon.cloud:==0.4.0
collections:
- name: amazon.cloud
version: 0.4.0Creates and manage AWS Fargate profiles for your Amazon EKS cluster.
You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
- name: Set the cluster name
set_fact:
eks_cluster_name: '{{ _resource_prefix }}-cluster'
- name: Define EKS facts
set_fact:
eks_fargate_profile_name_a: '{{ _resource_prefix }}-fp-a'
eks_fargate_profile_name_b: '{{ _resource_prefix }}-fp-b'
eks_subnets:
- zone: a
cidr: 10.0.1.0/24
type: private
tag: internal-elb
- zone: b
cidr: 10.0.2.0/24
type: public
tag: elb
eks_security_groups:
- name: '{{ eks_cluster_name }}-control-plane-sg'
description: EKS Control Plane Security Group
rules:
- group_name: '{{ eks_cluster_name }}-workers-sg'
group_desc: EKS Worker Security Group
ports: 443
proto: tcp
rules_egress:
- group_name: '{{ eks_cluster_name }}-workers-sg'
group_desc: EKS Worker Security Group
from_port: 1025
to_port: 65535
proto: tcp
- name: '{{ eks_cluster_name }}-workers-sg'
description: EKS Worker Security Group
rules:
- group_name: '{{ eks_cluster_name }}-workers-sg'
proto: tcp
from_port: 1
to_port: 65535
- group_name: '{{ eks_cluster_name }}-control-plane-sg'
ports: 10250
proto: tcp
- name: Define selector
set_fact:
selectors:
- labels:
- key: test
value: test
namespace: fp-default
- name: Define the tags
set_fact:
tags:
Foo: foo
bar: Bar
- name: Create Fargate Profile a with wait
amazon.cloud.eks_fargate_profile:
fargate_profile_name: '{{ eks_fargate_profile_name_a }}'
state: present
cluster_name: '{{ eks_cluster_name }}'
pod_execution_role_arn: '{{ _result_create_iam_role_fp.arn }}'
subnets: "{{_result_create_subnets.results|selectattr('subnet.tags.Name', 'contains', 'private') | map(attribute='subnet.id') }}"
selectors: '{{ selectors }}'
wait: true
tags: '{{ tags }}'
register: _result_create_fp
- name: List Fargate Profiles
amazon.cloud.eks_fargate_profile:
state: list
cluster_name: '{{ eks_cluster_name }}'
register: _result_list_fp
- name: Update tags in Fargate Profile a with wait (check mode)
amazon.cloud.eks_fargate_profile:
fargate_profile_name: '{{ eks_fargate_profile_name_a }}'
state: present
cluster_name: '{{ eks_cluster_name }}'
pod_execution_role_arn: '{{ _result_create_iam_role_fp.arn }}'
subnets: "{{_result_create_subnets.results|selectattr('subnet.tags.Name', 'contains', 'private') | map(attribute='subnet.id') }}"
selectors: '{{ selectors }}'
wait: true
tags:
env: test
test: foo
check_mode: true
register: _result_update_tags_fp
- name: Delete Fargate Profile a
amazon.cloud.eks_fargate_profile:
fargate_profile_name: '{{ eks_fargate_profile_name_a }}'
cluster_name: '{{ eks_cluster_name }}'
state: absent
wait: true
wait_timeout: 900
register: _result_delete_fp
tags:
aliases:
- resource_tags
description:
- A dict of tags to apply to the resource.
- To remove all tags set I(tags={}) and I(purge_tags=true).
type: dict
wait:
default: false
description:
- Wait for operation to complete before returning.
type: bool
force:
default: false
description:
- Cancel IN_PROGRESS and PENDING resource requestes.
- Because you can only perform a single operation on a given resource at a time, there
might be cases where you need to cancel the current resource operation to make the
resource available so that another operation may be performed on it.
type: bool
state:
choices:
- present
- absent
- list
- describe
- get
default: present
description:
- Goal state for resource.
- I(state=present) creates the resource if it doesn't exist, or updates to the provided
state if the resource already exists.
- I(state=absent) ensures an existing instance is deleted.
- I(state=list) get all the existing resources.
- I(state=describe) or I(state=get) retrieves information on an existing resource.
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
subnets:
description:
- Not Provived.
elements: str
type: list
selectors:
description:
- Not Provived.
elements: dict
suboptions:
labels:
description:
- A key-value pair to associate with a pod.
elements: dict
suboptions:
key:
description:
- The key name of the label.
type: str
value:
description:
- The value for the label.
type: str
type: list
namespace:
description:
- Not Provived.
type: str
type: list
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
identifier:
description:
- For compound primary identifiers, to specify the primary identifier as a string,
list each in the order that they are specified in the identifier list definition,
separated by '|'.
- For more details, visit U(https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-identifier.html).
type: str
purge_tags:
default: true
description:
- Remove tags not listed in I(tags).
type: bool
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
cluster_name:
description:
- Name of the Cluster.
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
wait_timeout:
default: 320
description:
- How many seconds to wait for an operation to complete before timing out.
type: int
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
fargate_profile_name:
description:
- Name of FargateProfile.
type: str
pod_execution_role_arn:
description:
- The IAM policy arn for pods.
type: str
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
result:
contains:
identifier:
description: The unique identifier of the resource.
type: str
properties:
description: The resource properties.
type: dict
description:
- When I(state=list), it is a list containing dictionaries of resource information.
- Otherwise, it is a dictionary of resource information.
- When I(state=absent), it is an empty dictionary.
returned: always
type: complex