New in version 2015.8.0.
depends: |
---|
Create and destroy VPCs. Be aware that this interacts with Amazon's services, and so may incur charges.
This module accepts explicit vpc credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.
If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:
vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's also possible to specify key
, keyid
and region
via a profile,
either passed in as a dict, or as a string to pull from pillars or minion
config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
aws:
region:
us-east-1:
profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure VPC exists:
boto_vpc.present:
- name: myvpc
- cidr_block: 10.10.11.0/24
- dns_hostnames: True
- region: us-east-1
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
Ensure subnet exists:
boto_vpc.subnet_present:
- name: mysubnet
- vpc_id: vpc-123456
- cidr_block: 10.0.0.0/16
- region: us-east-1
- profile: myprofile
{% set profile = salt['pillar.get']('aws:region:us-east-1:profile' ) %}
Ensure internet gateway exists:
boto_vpc.internet_gateway_present:
- name: myigw
- vpc_name: myvpc
- profile: {{ profile }}
Ensure route table exists:
boto_vpc.route_table_present:
- name: my_route_table
- vpc_id: vpc-123456
- routes:
- destination_cidr_block: 0.0.0.0/0
instance_id: i-123456
- subnet_names:
- subnet1
- subnet2
- region: us-east-1
- profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
New in version 2016.11.0.
Request, accept and delete VPC peering connections. VPC peering connections can be named allowing the name to be used throughout the state file. Following example shows how to request and accept a VPC peering connection.
accept the vpc peering connection:
boto_vpc.accept_vpc_peering_connection:
- conn_name: salt_vpc_peering
- region: us-west-2
- require:
- boto_vpc: request a vpc peering connection
request a vpc peering connection:
boto_vpc.request_vpc_peering_connection:
- requester_vpc_id: vpc-4a3d522e
- peer_vpc_id: vpc-ae81e9ca
- region: us-west-2
- conn_name: salt_vpc_peering
VPC peering connections need not be named. In this case the VPC peering connection ID should be used in the state file.
accept the vpc peering connection:
boto_vpc.accept_vpc_peering_connection:
- conn_id: pcx-1873c371
- region: us-west-2
VPC peering connections can be deleted, as shown below.
delete a named vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- conn_name: salt_vpc_peering
Delete also accepts a VPC peering connection id.
delete a vpc peering connection by id:
boto_vpc.delete_vpc_peering_connection:
- conn_id: pcx-1873c371
salt.states.boto_vpc.
absent
(name, tags=None, region=None, key=None, keyid=None, profile=None)¶Ensure VPC with passed properties is absent.
salt.states.boto_vpc.
accept_vpc_peering_connection
(name=None, conn_id=None, conn_name=None, region=None, key=None, keyid=None, profile=None)¶Accept a VPC pending requested peering connection between two VPCs.
New in version 2016.11.0.
Example:
boto_vpc.accept_vpc_peering_connection:
- conn_name: salt_peering_connection
# usage with vpc peering connection id and region
boto_vpc.accept_vpc_peering_connection:
- conn_id: pbx-1873d472
- region: us-west-2
salt.states.boto_vpc.
delete_vpc_peering_connection
(name, conn_id=None, conn_name=None, region=None, key=None, keyid=None, profile=None)¶New in version 2016.11.0.
Example:
delete a vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- region: us-west-2
- conn_id: pcx-4613b12e
Connection name can be specified (instead of ID). Specifying both conn_name and conn_id will result in an error.
delete a vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- conn_name: salt_vpc_peering
salt.states.boto_vpc.
dhcp_options_absent
(name=None, dhcp_options_id=None, region=None, key=None, keyid=None, profile=None)¶Ensure a set of DHCP options with the given settings exist.
New in version 2016.3.0.
salt.states.boto_vpc.
dhcp_options_present
(name, dhcp_options_id=None, vpc_name=None, vpc_id=None, domain_name=None, domain_name_servers=None, ntp_servers=None, netbios_name_servers=None, netbios_node_type=None, tags=None, region=None, key=None, keyid=None, profile=None)¶Ensure a set of DHCP options with the given settings exist. Note that the current implementation only SETS values during option set creation. It is unable to update option sets in place, and thus merely verifies the set exists via the given name and/or dhcp_options_id param.
New in version 2016.3.0.
salt.states.boto_vpc.
internet_gateway_absent
(name, detach=False, region=None, key=None, keyid=None, profile=None)¶Ensure the named internet gateway is absent.
salt.states.boto_vpc.
internet_gateway_present
(name, vpc_name=None, vpc_id=None, tags=None, region=None, key=None, keyid=None, profile=None)¶Ensure an internet gateway exists.
salt.states.boto_vpc.
nat_gateway_absent
(name=None, subnet_name=None, subnet_id=None, region=None, key=None, keyid=None, profile=None, wait_for_delete_retries=0)¶Ensure the nat gateway in the named subnet is absent.
This function requires boto3.
New in version 2016.11.0.
salt.states.boto_vpc.
nat_gateway_present
(name, subnet_name=None, subnet_id=None, region=None, key=None, keyid=None, profile=None, allocation_id=None)¶Ensure a nat gateway exists within the specified subnet
This function requires boto3.
New in version 2016.11.0.
Example:
boto_vpc.nat_gateway_present:
- subnet_name: my-subnet
salt.states.boto_vpc.
present
(name, cidr_block, instance_tenancy=None, dns_support=None, dns_hostnames=None, tags=None, region=None, key=None, keyid=None, profile=None)¶Ensure VPC exists.
salt.states.boto_vpc.
request_vpc_peering_connection
(name, requester_vpc_id=None, requester_vpc_name=None, peer_vpc_id=None, peer_vpc_name=None, conn_name=None, peer_owner_id=None, region=None, key=None, keyid=None, profile=None)¶New in version 2016.11.0.
Example:
request a vpc peering connection:
boto_vpc.request_vpc_peering_connection:
- requester_vpc_id: vpc-4b3522e
- peer_vpc_id: vpc-ae83f9ca
- conn_name: salt_peering_connection
salt.states.boto_vpc.
route_table_absent
(name, region=None, key=None, keyid=None, profile=None)¶Ensure the named route table is absent.
salt.states.boto_vpc.
route_table_present
(name, vpc_name=None, vpc_id=None, routes=None, subnet_ids=None, subnet_names=None, tags=None, region=None, key=None, keyid=None, profile=None)¶Ensure route table with routes exists and is associated to a VPC.
This function requires boto3 to be installed if nat gatewyas are specified.
Example:
boto_vpc.route_table_present:
- name: my_route_table
- vpc_id: vpc-123456
- routes:
- destination_cidr_block: 0.0.0.0/0
internet_gateway_name: InternetGateway
- destination_cidr_block: 10.10.11.0/24
instance_id: i-123456
- destination_cidr_block: 10.10.12.0/24
interface_id: eni-123456
- destination_cidr_block: 10.10.13.0/24
instance_name: mygatewayserver
- subnet_names:
- subnet1
- subnet2
salt.states.boto_vpc.
subnet_absent
(name=None, subnet_id=None, region=None, key=None, keyid=None, profile=None)¶Ensure subnet with passed properties is absent.
salt.states.boto_vpc.
subnet_present
(name, cidr_block, vpc_name=None, vpc_id=None, availability_zone=None, tags=None, region=None, key=None, keyid=None, profile=None, route_table_id=None, route_table_name=None)¶Ensure a subnet exists.
A route table ID to explicitly associate the subnet with. If both route_table_id and route_table_name are specified, route_table_id will take precedence.
New in version 2016.11.0.
A route table name to explicitly associate the subnet with. If both route_table_id and route_table_name are specified, route_table_id will take precedence.
New in version 2016.11.0.
salt.states.boto_vpc.
vpc_peering_connection_present
(name, requester_vpc_id=None, requester_vpc_name=None, peer_vpc_id=None, peer_vpc_name=None, conn_name=None, peer_owner_id=None, region=None, key=None, keyid=None, profile=None)¶New in version 2016.11.0.
Example:
ensure peering twixt local vpc and the other guys:
boto_vpc.vpc_peering_connection_present:
- requester_vpc_name: my_local_vpc
- peer_vpc_name: some_other_guys_vpc
- conn_name: peering_from_here_to_there
- peer_owner_id: 012345654321