Try SpotterManage AWS VPC NAT Gateways.
| "added in version" 2.2 of ansible.builtin"
Authors: Allen Sanabria (@linuxdynasty), Jon Hadfield (@jonhadfield), Karen Cheng (@Etherdaemon)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Ensure the state of AWS VPC NAT Gateways based on their id, allocation and subnet ids.
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Create new nat gateway with client token.
ec2_vpc_nat_gateway:
state: present
subnet_id: subnet-12345678
eip_address: 52.1.1.1
region: ap-southeast-2
client_token: abcd-12345678
register: new_nat_gateway
- name: Create new nat gateway using an allocation-id.
ec2_vpc_nat_gateway:
state: present
subnet_id: subnet-12345678
allocation_id: eipalloc-12345678
region: ap-southeast-2
register: new_nat_gateway
- name: Create new nat gateway, using an EIP address and wait for available status.
ec2_vpc_nat_gateway:
state: present
subnet_id: subnet-12345678
eip_address: 52.1.1.1
wait: yes
region: ap-southeast-2
register: new_nat_gateway
- name: Create new nat gateway and allocate new EIP.
ec2_vpc_nat_gateway:
state: present
subnet_id: subnet-12345678
wait: yes
region: ap-southeast-2
register: new_nat_gateway
- name: Create new nat gateway and allocate new EIP if a nat gateway does not yet exist in the subnet.
ec2_vpc_nat_gateway:
state: present
subnet_id: subnet-12345678
wait: yes
region: ap-southeast-2
if_exist_do_not_create: true
register: new_nat_gateway
- name: Delete nat gateway using discovered nat gateways from facts module.
ec2_vpc_nat_gateway:
state: absent
region: ap-southeast-2
wait: yes
nat_gateway_id: "{{ item.NatGatewayId }}"
release_eip: yes
register: delete_nat_gateway_result
loop: "{{ gateways_to_remove.result }}"
- name: Delete nat gateway and wait for deleted status.
ec2_vpc_nat_gateway:
state: absent
nat_gateway_id: nat-12345678
wait: yes
wait_timeout: 500
region: ap-southeast-2
- name: Delete nat gateway and release EIP.
ec2_vpc_nat_gateway:
state: absent
nat_gateway_id: nat-12345678
release_eip: yes
wait: yes
wait_timeout: 300
region: ap-southeast-2
wait:
default: 'no'
description:
- Wait for operation to complete before returning.
type: bool
state:
choices:
- present
- absent
default: present
description:
- Ensure NAT Gateway is present or absent.
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
ec2_url:
aliases:
- aws_endpoint_url
- endpoint_url
description:
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
profile:
aliases:
- aws_profile
description:
- Using I(profile) will override I(aws_access_key), I(aws_secret_key) and I(security_token)
and support for passing them at the same time as I(profile) has been deprecated.
- I(aws_access_key), I(aws_secret_key) and I(security_token) will be made mutually
exclusive with I(profile) after 2022-06-01.
type: str
subnet_id:
description:
- The id of the subnet to create the NAT Gateway in. This is required with the present
option.
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
- Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto)
for more boto configuration.
type: dict
eip_address:
description:
- The elastic IP address of the EIP you want attached to this NAT Gateway. If this
is not passed and the allocation_id is not passed, an EIP is generated for this
NAT Gateway.
release_eip:
default: 'yes'
description:
- Deallocate the EIP from the VPC.
- Option is only valid with the absent state.
- You should use this with the wait option. Since you can not release an address while
a delete operation is happening.
type: bool
client_token:
description:
- Optional unique token to be used during create to ensure idempotency. When specifying
this option, ensure you specify the eip_address parameter as well otherwise any
subsequent runs will fail.
wait_timeout:
default: 300
description:
- How many seconds to wait for an operation to complete before timing out.
allocation_id:
description:
- The id of the elastic IP allocation. If this is not passed and the eip_address is
not passed. An EIP is generated for this NAT Gateway.
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
from the controller if not run locally.'
type: path
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY)
or C(EC2_ACCESS_KEY) environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(aws_access_key) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY),
or C(EC2_SECRET_KEY) environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(aws_secret_key) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
nat_gateway_id:
description:
- The id AWS dynamically allocates to the NAT Gateway on creation. This is required
when the absent option is present.
security_token:
aliases:
- aws_security_token
- access_token
description:
- C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN)
or C(EC2_SECURITY_TOKEN) environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(security_token) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for communication with
the AWS APIs.
type: bool
if_exist_do_not_create:
default: false
description:
- if a NAT Gateway exists already in the subnet_id, then do not create a new one.
required: false
type: bool
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool
create_time:
description: The ISO 8601 date time format in UTC.
returned: In all cases.
sample: 2016-03-05T05:19:20.282000+00:00'
type: str
nat_gateway_addresses:
description: List of dictionaries containing the public_ip, network_interface_id,
private_ip, and allocation_id.
returned: In all cases.
sample:
- allocation_id: eipalloc-12345
network_interface_id: eni-12345
private_ip: 10.0.0.100
public_ip: 52.52.52.52
type: str
nat_gateway_id:
description: id of the VPC NAT Gateway
returned: In all cases.
sample: nat-0d1e3a878585988f8
type: str
state:
description: The current state of the NAT Gateway.
returned: In all cases.
sample: available
type: str
subnet_id:
description: id of the Subnet
returned: In all cases.
sample: subnet-12345
type: str
vpc_id:
description: id of the VPC.
returned: In all cases.
sample: vpc-12345
type: str