ec2_vpc - configure AWS virtual private clouds

Author:Carson Gee

Synopsis

New in version 1.4.

Create or terminates AWS virtual private clouds. This module has a dependency on python-boto.

Options

parameter required default choices comments
aws_access_key no None
    AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
    aws_secret_key no None
      AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
      cidr_block yes
        The cidr block representing the VPC, e.g. 10.0.0.0/16
        dns_hostnames no yes
        • yes
        • no
        toggles the "Enable DNS hostname support for instances" flag
        dns_support no yes
        • yes
        • no
        toggles the "Enable DNS resolution" flag
        instance_tenancy no default
        • default
        • dedicated
        The supported tenancy options for instances launched into the VPC.
        internet_gateway no no
        • yes
        • no
        Toggle whether there should be an Internet gateway attached to the VPC
        region no
          region in which the resource exists.
          resource_tags yes
            A dictionary array of resource tags of the form: { tag1: value1, tag2: value2 }. Tags in this list are used in conjunction with CIDR block to uniquely identify a VPC in lieu of vpc_id. Therefore, if CIDR/Tag combination does not exits, a new VPC will be created. VPC tags not on this list will be ignored. Prior to 1.7, specifying a resource tag was optional. (added in Ansible 1.6)
            route_tables no
              A dictionary array of route tables to add of the form: { subnets: [172.22.2.0/24, 172.22.3.0/24,], routes: [{ dest: 0.0.0.0/0, gw: igw},] }. Where the subnets list is those subnets the route table should be associated with, and the routes list is a list of routes to be in the table. The special keyword for the gw of igw specifies that you should the route should go through the internet gateway attached to the VPC. gw also accepts instance-ids in addition igw. This module is currently unable to affect the "main" route table due to some limitations in boto, so you must explicitly define the associated subnets or they will be attached to the main table implicitly.
              state yes present
                Create or terminate the VPC
                subnets no
                  A dictionary array of subnets to add of the form: { cidr: ..., az: ... , resource_tags: ... }. Where az is the desired availability zone of the subnet, but it is not required. Tags (i.e.: resource_tags) is also optional and use dictionary form: { "Environment":"Dev", "Tier":"Web", ...}. All VPC subnets not in this list will be removed.
                  validate_certs no yes
                  • yes
                  • no
                  When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. (added in Ansible 1.5)
                  vpc_id no
                    A VPC id to terminate when state=absent
                    wait no no
                    • yes
                    • no
                    wait for the VPC to be in state 'available' before returning
                    wait_timeout no 300
                      how long before wait gives up, in seconds

                      Note

                      Requires boto

                      Examples


                      # Note: None of these examples set aws_access_key, aws_secret_key, or region.
                      # It is assumed that their matching environment variables are set.
                      
                      # Basic creation example:
                            local_action:
                              module: ec2_vpc
                              state: present
                              cidr_block: 172.23.0.0/16
                              resource_tags: { "Environment":"Development" }
                              region: us-west-2
                      # Full creation example with subnets and optional availability zones.
                      # The absence or presense of subnets deletes or creates them respectively.
                            local_action:
                              module: ec2_vpc
                              state: present
                              cidr_block: 172.22.0.0/16
                              resource_tags: { "Environment":"Development" }
                              subnets:
                                - cidr: 172.22.1.0/24
                                  az: us-west-2c
                                  resource_tags: { "Environment":"Dev", "Tier" : "Web" }
                                - cidr: 172.22.2.0/24
                                  az: us-west-2b
                                  resource_tags: { "Environment":"Dev", "Tier" : "App" }
                                - cidr: 172.22.3.0/24
                                  az: us-west-2a
                                  resource_tags: { "Environment":"Dev", "Tier" : "DB" }
                              internet_gateway: True
                              route_tables:
                                - subnets:
                                    - 172.22.2.0/24
                                    - 172.22.3.0/24
                                  routes:
                                    - dest: 0.0.0.0/0
                                      gw: igw
                                - subnets:
                                    - 172.22.1.0/24
                                  routes:
                                    - dest: 0.0.0.0/0
                                      gw: igw
                              region: us-west-2
                            register: vpc
                      
                      # Removal of a VPC by id
                            local_action:
                              module: ec2_vpc
                              state: absent
                              vpc_id: vpc-aaaaaaa
                              region: us-west-2
                      If you have added elements not managed by this module, e.g. instances, NATs, etc then
                      the delete will fail until those dependencies are removed.