Try SpotterRemoved in 2.5
Reason:Replaced by dedicated modules. | Alternative:Use M(ec2_vpc_net) along with supporting modules including M(ec2_vpc_igw), M(ec2_vpc_route_table), M(ec2_vpc_subnet), M(ec2_vpc_dhcp_option), M(ec2_vpc_nat_gateway), M(ec2_vpc_nacl).
configure AWS virtual private clouds
| "added in version" 1.4 of ansible.builtin"
Authors: Carson Gee (@carsongee)
deprecated | supported by certified
pipInstall with pip install ansible==2.6.20
Create or terminates AWS virtual private clouds. This module has a dependency on python-boto.
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Basic creation example:
- ec2_vpc:
state: present
cidr_block: 172.23.0.0/16
resource_tags: { "Environment":"Development" }
region: us-west-2
# Full creation example with subnets and optional availability zones.
# The absence or presence of subnets deletes or creates them respectively.
- ec2_vpc:
state: present
cidr_block: 172.22.0.0/16
resource_tags: { "Environment":"Development" }
subnets:
- cidr: 172.22.1.0/24
az: us-west-2c
resource_tags: { "Environment":"Dev", "Tier" : "Web" }
- cidr: 172.22.2.0/24
az: us-west-2b
resource_tags: { "Environment":"Dev", "Tier" : "App" }
- cidr: 172.22.3.0/24
az: us-west-2a
resource_tags: { "Environment":"Dev", "Tier" : "DB" }
internet_gateway: True
route_tables:
- subnets:
- 172.22.2.0/24
- 172.22.3.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
- subnets:
- 172.22.1.0/24
routes:
- dest: 0.0.0.0/0
gw: igw
region: us-west-2
register: vpc
# Removal of a VPC by id
- ec2_vpc:
state: absent
vpc_id: vpc-aaaaaaa
region: us-west-2
wait:
default: 'no'
description:
- Wait for the VPC to be in state 'available' before returning.
type: bool
state:
choices:
- present
- absent
description:
- Create or terminate the VPC.
required: true
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
vpc_id:
description:
- A VPC id to terminate when I(state=absent).
profile:
aliases:
- aws_profile
description:
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
subnets:
description:
- 'A dictionary array of subnets to add of the form C({ cidr: ..., az: ... , resource_tags:
... }).'
- Where C(az) is the desired availability zone of the subnet, optional.
- Tags C(resource_tags) use dictionary form C({ "Environment":"Dev", "Tier":"Web",
...}), optional.
- C(resource_tags) see resource_tags for VPC below. The main difference is subnet
tags not specified here will be deleted.
- All VPC subnets not in this list will be removed as well.
- As of 1.8, if the subnets parameter is not specified, no existing subnets will be
modified.'
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
cidr_block:
description:
- The cidr block representing the VPC, e.g. C(10.0.0.0/16), required when I(state=present).
dns_support:
default: 'yes'
description:
- Toggles the "Enable DNS resolution" flag.
type: bool
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
route_tables:
description:
- 'A dictionary array of route tables to add of the form: C({ subnets: [172.22.2.0/24,
172.22.3.0/24,], routes: [{ dest: 0.0.0.0/0, gw: igw},], resource_tags: ... }).
Where the subnets list is those subnets the route table should be associated with,
and the routes list is a list of routes to be in the table. The special keyword
for the gw of igw specifies that you should the route should go through the internet
gateway attached to the VPC. gw also accepts instance-ids, interface-ids, and vpc-peering-connection-ids
in addition igw. resource_tags is optional and uses dictionary form: C({ "Name":
"public", ... }). This module is currently unable to affect the "main" route table
due to some limitations in boto, so you must explicitly define the associated subnets
or they will be attached to the main table implicitly. As of 1.8, if the route_tables
parameter is not specified, no existing routes will be modified.
'
wait_timeout:
default: 300
description:
- How long before wait gives up, in seconds.
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
from the controller if not run locally.'
type: path
dns_hostnames:
default: 'yes'
description:
- Toggles the "Enable DNS hostname support for instances" flag.
type: bool
resource_tags:
description:
- 'A dictionary array of resource tags of the form C({ tag1: value1, tag2: value2
}). - Tags in this list are used in conjunction with CIDR block to uniquely identify
a VPC in lieu of vpc_id. Therefore, if CIDR/Tag combination does not exist, a new
VPC will be created. VPC tags not on this list will be ignored. Prior to 1.7, specifying
a resource tag was optional.'
required: true
version_added: '1.6'
version_added_collection: ansible.builtin
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY)
or C(EC2_ACCESS_KEY) environment variable is used.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY),
or C(EC2_SECRET_KEY) environment variable is used.
- The I(aws_secret_key) and I(profile) options are mutually exclusive.
type: str
security_token:
aliases:
- aws_session_token
- session_token
- aws_security_token
- access_token
description:
- C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN)
or C(EC2_SECURITY_TOKEN) environment variable is used.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) have been added in version 3.2.0.
type: str
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for communication with
the AWS APIs.
type: bool
instance_tenancy:
choices:
- default
- dedicated
default: default
description:
- The supported tenancy options for instances launched into the VPC.
internet_gateway:
default: 'no'
description:
- Toggle whether there should be an Internet gateway attached to the VPC.
type: bool
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool