Try SpotterManage route tables for AWS virtual private clouds
| "added in version" 2.0 of ansible.builtin"
Authors: Robert Estelle (@erydo), Rob White (@wimnat), Will Thames (@willthames)
stableinterface | supported by community
pipInstall with pip install ansible==2.9.13
Manage route tables for AWS virtual private clouds
# Note: These examples do not set authentication details, see the AWS Guide for details.
# Basic creation example:
- name: Set up public subnet route table
ec2_vpc_route_table:
vpc_id: vpc-1245678
region: us-west-1
tags:
Name: Public
subnets:
- "{{ jumpbox_subnet.subnet.id }}"
- "{{ frontend_subnet.subnet.id }}"
- "{{ vpn_subnet.subnet_id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ igw.gateway_id }}"
register: public_route_table
- name: Set up NAT-protected route table
ec2_vpc_route_table:
vpc_id: vpc-1245678
region: us-west-1
tags:
Name: Internal
subnets:
- "{{ application_subnet.subnet.id }}"
- 'Database Subnet'
- '10.0.0.0/8'
routes:
- dest: 0.0.0.0/0
instance_id: "{{ nat.instance_id }}"
register: nat_route_table
- name: delete route table
ec2_vpc_route_table:
vpc_id: vpc-1245678
region: us-west-1
route_table_id: "{{ route_table.id }}"
lookup: id
state: absent
tags:
aliases:
- resource_tags
description: 'A dictionary of resource tags of the form: { tag1: value1, tag2: value2
}. Tags are used to uniquely identify route tables within a VPC when the route_table_id
is not supplied.
'
state:
choices:
- present
- absent
default: present
description: Create or destroy the VPC route table
lookup:
choices:
- tag
- id
default: tag
description: Look up route table by either tags or by route table ID. Non-unique tag
lookup will fail. If no tags are specified then no lookup for an existing route
table is performed and a new route table will be created. To change tags of a route
table you must look up by id.
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
routes:
description: List of routes in the route table. Routes are specified as dicts containing
the keys 'dest' and one of 'gateway_id', 'instance_id', 'network_interface_id',
or 'vpc_peering_connection_id'. If 'gateway_id' is specified, you can refer to the
VPC's IGW by using the value 'igw'. Routes are required for present states.
vpc_id:
description: VPC ID of the VPC in which to create the route table.
required: true
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
subnets:
description: An array of subnets to add to this route table. Subnets may be specified
by either subnet ID, Name tag, or by a CIDR such as '10.0.0.0/24'.
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
purge_tags:
default: 'no'
description: Purge existing tags that are not found in route table
type: bool
version_added: '2.5'
version_added_collection: ansible.builtin
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
purge_routes:
default: 'yes'
description: Purge existing routes that are not found in routes.
type: bool
version_added: '2.3'
version_added_collection: ansible.builtin
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
purge_subnets:
default: 'true'
description: Purge existing subnets that are not found in subnets. Ignored unless
the subnets option is supplied.
type: bool
version_added: '2.3'
version_added_collection: ansible.builtin
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
route_table_id:
description: The ID of the route table to update or delete.
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
propagating_vgw_ids:
description: Enable route propagation from virtual gateways specified by ID.
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
route_table:
contains:
associations:
contains:
main:
description: Whether this is the main route table
returned: always
sample: false
type: bool
route_table_association_id:
description: ID of association between route table and subnet
returned: always
sample: rtbassoc-ab47cfc3
type: str
route_table_id:
description: ID of the route table
returned: always
sample: rtb-bf779ed7
type: str
subnet_id:
description: ID of the subnet
returned: always
sample: subnet-82055af9
type: str
description: List of subnets associated with the route table
returned: always
type: complex
id:
description: ID of the route table (same as route_table_id for backwards compatibility)
returned: always
sample: rtb-bf779ed7
type: str
propagating_vgws:
description: List of Virtual Private Gateways propagating routes
returned: always
sample: []
type: list
route_table_id:
description: ID of the route table
returned: always
sample: rtb-bf779ed7
type: str
routes:
contains:
destination_cidr_block:
description: CIDR block of destination
returned: always
sample: 10.228.228.0/22
type: str
gateway_id:
description: ID of the gateway
returned: when gateway is local or internet gateway
sample: local
type: str
instance_id:
description: ID of a NAT instance
returned: when the route is via an EC2 instance
sample: i-abcd123456789
type: str
instance_owner_id:
description: AWS account owning the NAT instance
returned: when the route is via an EC2 instance
sample: 123456789012
type: str
nat_gateway_id:
description: ID of the NAT gateway
returned: when the route is via a NAT gateway
sample: local
type: str
origin:
description: mechanism through which the route is in the table
returned: always
sample: CreateRouteTable
type: str
state:
description: state of the route
returned: always
sample: active
type: str
description: List of routes in the route table
returned: always
type: complex
tags:
description: Tags applied to the route table
returned: always
sample:
Name: Public route table
Public: 'true'
type: dict
vpc_id:
description: ID for the VPC in which the route lives
returned: always
sample: vpc-6e2d2407
type: str
description: Route Table result
returned: always
type: complex