Connection module for Amazon VPC
New in version 2014.7.0.
boto >= 2.8.0
boto3 >= 1.2.6
This module accepts explicit VPC credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available here.
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:
vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
A region may also be specified in the configuration:
vpc.region: us-east-1
If a region is not specified, the default is us-east-1.
It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Changed in version 2015.8.0: All methods now return a dictionary. Create and delete methods return:
created: true
or
created: false
error:
message: error message
Request methods (e.g., describe_vpc) return:
vpcs:
- {...}
- {...}
or
error:
message: error message
New in version 2016.11.0.
Functions to request, accept, delete and describe VPC peering connections. Named VPC peering connections can be requested using these modules. VPC owner accounts can accept VPC peering connections (named or otherwise).
Examples showing creation of VPC peering connection
# Create a named VPC peering connection
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da name=my_vpc_connection
# Without a name
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da
# Specify a region
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da region=us-west-2
Check to see if VPC peering connection is pending
salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc
# Specify a region
salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.is_peering_connection_pending conn_id=pcx-8a8939e3
Accept VPC peering connection
salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc
# Specify a region
salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.accept_vpc_peering_connection conn_id=pcx-8a8939e3
Deleting VPC peering connection via this module
# Delete a named VPC peering connection
salt myminion boto_vpc.delete_vpc_peering_connection name=salt-vpc
# Specify a region
salt myminion boto_vpc.delete_vpc_peering_connection name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.delete_vpc_peering_connection conn_id=pcx-8a8939e3
Request a VPC peering connection between two VPCs.
New in version 2016.11.0.
conn_id -- The ID to use. String type.
name -- The name of this VPC peering connection. String type.
region -- The AWS region to use. Type string.
key -- The key to use for this connection. Type string.
keyid -- The key id to use.
profile -- The profile to use.
dry_run -- The dry_run flag to set.
dict
Warning: Please specify either the vpc_peering_connection_id
or
name
but not both. Specifying both will result in an error!
CLI Example:
salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc
# Specify a region
salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.accept_vpc_peering_connection conn_id=pcx-8a8939e3
Given valid DHCP options id and a valid VPC id, associate the DHCP options record with the VPC.
Returns True if the DHCP options record were associated and returns False if the DHCP options record was not associated.
CLI Example:
salt myminion boto_vpc.associate_dhcp_options_to_vpc 'dhcp-a0bl34pp' 'vpc-6b1fe402'
Given a network acl and subnet ids or names, associate a network acl to a subnet.
CLI Example:
salt myminion boto_vpc.associate_network_acl_to_subnet \
network_acl_id='acl-5fb85d36' subnet_id='subnet-6a1fe403'
salt myminion boto_vpc.associate_network_acl_to_subnet \
network_acl_id='myacl' subnet_id='mysubnet'
Given a route table and subnet name or id, associates the route table with the subnet.
CLI Example:
salt myminion boto_vpc.associate_route_table 'rtb-1f382e7d' 'subnet-6a1fe403'
salt myminion boto_vpc.associate_route_table route_table_name='myrtb' \
subnet_name='mysubnet'
Check whether a VPC with the given name or id exists. Returns the vpc_id or None. Raises SaltInvocationError if both vpc_id and vpc_name are None. Optionally raise a CommandExecutionError if the VPC does not exist.
New in version 2016.3.0.
CLI Example:
salt myminion boto_vpc.check_vpc vpc_name=myvpc profile=awsprofile
Given a valid CIDR block, create a VPC.
An optional instance_tenancy argument can be provided. If provided, the valid values are 'default' or 'dedicated'
An optional vpc_name argument can be provided.
Returns {created: true} if the VPC was created and returns {created: False} if the VPC was not created.
CLI Example:
salt myminion boto_vpc.create '10.0.0.0/24'
Given a valid VPN connection type, a static IP address and a customer gateway’s Border Gateway Protocol (BGP) Autonomous System Number, create a customer gateway.
Returns the customer gateway id if the customer gateway was created and returns False if the customer gateway was not created.
CLI Example:
salt myminion boto_vpc.create_customer_gateway 'ipsec.1', '12.1.2.3', 65534
Given valid DHCP options, create a DHCP options record, optionally associating it with an existing VPC.
Returns True if the DHCP options record was created and returns False if the DHCP options record was not deleted.
Changed in version 2015.8.0: Added vpc_name and vpc_id arguments
CLI Example:
salt myminion boto_vpc.create_dhcp_options domain_name='example.com' \
domain_name_servers='[1.2.3.4]' ntp_servers='[5.6.7.8]' \
netbios_name_servers='[10.0.0.1]' netbios_node_type=1 \
vpc_name='myvpc'
Create an Internet Gateway, optionally attaching it to an existing VPC.
Returns the internet gateway id if the internet gateway was created and returns False if the internet gateways was not created.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.create_internet_gateway \
internet_gateway_name=myigw vpc_name=myvpc
Create a NAT Gateway within an existing subnet. If allocation_id is specified, the elastic IP address it references is associated with the gateway. Otherwise, a new allocation_id is created and used.
This function requires boto3 to be installed.
Returns the nat gateway id if the nat gateway was created and returns False if the nat gateway was not created.
New in version 2016.11.0.
CLI Example:
salt myminion boto_vpc.create_nat_gateway subnet_name=mysubnet
Given a vpc_id, creates a network acl.
Returns the network acl id if successful, otherwise returns False.
Changed in version 2015.8.0: Added vpc_name, subnet_id, and subnet_name arguments
CLI Example:
salt myminion boto_vpc.create_network_acl 'vpc-6b1fe402'
Creates a network acl entry.
CLI Example:
salt myminion boto_vpc.create_network_acl_entry 'acl-5fb85d36' '32767' \
'all' 'deny' '0.0.0.0/0' egress=true
Creates a route.
If a nat gateway is specified, boto3 must be installed
CLI Example:
salt myminion boto_vpc.create_route 'rtb-1f382e7d' '10.0.0.0/16' gateway_id='vgw-a1b2c3'
Creates a route table.
Changed in version 2015.8.0: Added vpc_name argument
CLI Examples:
salt myminion boto_vpc.create_route_table vpc_id='vpc-6b1fe402' \
route_table_name='myroutetable'
salt myminion boto_vpc.create_route_table vpc_name='myvpc' \
route_table_name='myroutetable'
Given a valid VPC ID or Name and a CIDR block, create a subnet for the VPC.
An optional availability zone argument can be provided.
Returns True if the VPC subnet was created and returns False if the VPC subnet was not created.
Changed in version 2015.8.0: Added vpc_name argument
CLI Examples:
salt myminion boto_vpc.create_subnet vpc_id='vpc-6b1fe402' \
subnet_name='mysubnet' cidr_block='10.0.0.0/25'
salt myminion boto_vpc.create_subnet vpc_name='myvpc' \
subnet_name='mysubnet', cidr_block='10.0.0.0/25'
Given a customer gateway ID, check if the customer gateway ID exists.
Returns True if the customer gateway ID exists; Returns False otherwise.
CLI Example:
salt myminion boto_vpc.customer_gateway_exists cgw-b6a247df
salt myminion boto_vpc.customer_gateway_exists customer_gatway_name=mycgw
Given a VPC ID or VPC name, delete the VPC.
Returns {deleted: true} if the VPC was deleted and returns {deleted: false} if the VPC was not deleted.
CLI Example:
salt myminion boto_vpc.delete vpc_id='vpc-6b1fe402'
salt myminion boto_vpc.delete name='myvpc'
Given a customer gateway ID or name, delete the customer gateway.
Returns True if the customer gateway was deleted and returns False if the customer gateway was not deleted.
Changed in version 2015.8.0: Added customer_gateway_name argument
CLI Example:
salt myminion boto_vpc.delete_customer_gateway 'cgw-b6a247df'
Delete dhcp options by id or name.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.delete_dhcp_options 'dopt-b6a247df'
Delete an internet gateway (by name or id).
Returns True if the internet gateway was deleted and otherwise False.
New in version 2015.8.0.
CLI Examples:
salt myminion boto_vpc.delete_internet_gateway internet_gateway_id=igw-1a2b3c
salt myminion boto_vpc.delete_internet_gateway internet_gateway_name=myigw
Delete a nat gateway (by id).
Returns True if the internet gateway was deleted and otherwise False.
This function requires boto3 to be installed.
New in version 2016.11.0.
Id of the NAT Gateway
whether to release the elastic IPs associated with the given NAT Gateway Id
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
whether to wait for delete of the NAT gateway to be in failed or deleted state after issuing the delete call.
NAT gateway may take some time to be go into deleted or failed state. During the deletion process, subsequent release of elastic IPs may fail; this state will automatically retry this number of times to ensure the NAT gateway is in deleted or failed state before proceeding.
CLI Examples:
salt myminion boto_vpc.delete_nat_gateway nat_gateway_id=igw-1a2b3c
Delete a network acl based on the network_acl_id or network_acl_name provided.
CLI Examples:
salt myminion boto_vpc.delete_network_acl network_acl_id='acl-5fb85d36' \
disassociate=false
salt myminion boto_vpc.delete_network_acl network_acl_name='myacl' \
disassociate=true
Deletes a network acl entry.
CLI Example:
salt myminion boto_vpc.delete_network_acl_entry 'acl-5fb85d36' '32767'
Deletes a route.
CLI Example:
salt myminion boto_vpc.delete_route 'rtb-1f382e7d' '10.0.0.0/16'
Deletes a route table.
CLI Examples:
salt myminion boto_vpc.delete_route_table route_table_id='rtb-1f382e7d'
salt myminion boto_vpc.delete_route_table route_table_name='myroutetable'
Given a subnet ID or name, delete the subnet.
Returns True if the subnet was deleted and returns False if the subnet was not deleted.
Changed in version 2015.8.0: Added subnet_name argument
CLI Example:
salt myminion boto_vpc.delete_subnet 'subnet-6a1fe403'
Delete a VPC peering connection.
New in version 2016.11.0.
The connection ID to check. Exclusive with conn_name.
The connection name to check. Exclusive with conn_id.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
If True, skip application and simply return projected status.
CLI Example:
# Create a named VPC peering connection
salt myminion boto_vpc.delete_vpc_peering_connection conn_name=salt-vpc
# Specify a region
salt myminion boto_vpc.delete_vpc_peering_connection conn_name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.delete_vpc_peering_connection conn_id=pcx-8a8939e3
Describe a VPC's properties. If no VPC ID/Name is spcified then describe the default VPC.
Returns a dictionary of interesting properties.
Changed in version 2015.8.0: Added vpc_name argument
CLI Example:
salt myminion boto_vpc.describe vpc_id=vpc-123456
salt myminion boto_vpc.describe vpc_name=myvpc
Return a description of nat gateways matching the selection criteria
This function requires boto3 to be installed.
CLI Example:
salt myminion boto_vpc.describe_nat_gateways nat_gateway_id='nat-03b02643b43216fe7'
salt myminion boto_vpc.describe_nat_gateways subnet_id='subnet-5b05942d'
Given route table properties, return details of all matching route tables.
This function requires boto3 to be installed.
New in version 2016.11.0.
CLI Example:
salt myminion boto_vpc.describe_route_tables vpc_id='vpc-a6a9efc3'
Given a subnet id or name, describe its properties.
Returns a dictionary of interesting properties.
New in version 2015.8.0.
CLI Examples:
salt myminion boto_vpc.describe_subnet subnet_id=subnet-123456
salt myminion boto_vpc.describe_subnet subnet_name=mysubnet
Given a VPC ID or subnet CIDR, returns a list of associated subnets and their details. Return all subnets if VPC ID or CIDR are not provided. If a subnet id or CIDR is provided, only its associated subnet details will be returned.
New in version 2015.8.0.
CLI Examples:
salt myminion boto_vpc.describe_subnets
salt myminion boto_vpc.describe_subnets subnet_ids=['subnet-ba1987ab', 'subnet-ba1987cd']
salt myminion boto_vpc.describe_subnets vpc_id=vpc-123456
salt myminion boto_vpc.describe_subnets cidr=10.0.0.0/21
Returns any VPC peering connection id(s) for the given VPC peering connection name.
VPC peering connection ids are only returned for connections that
are in the active
, pending-acceptance
or provisioning
state.
New in version 2016.11.0.
name -- The string name for this VPC peering connection
region -- The aws region to use
key -- Your aws key
keyid -- The key id associated with this aws account
profile -- The profile to use
dict
CLI Example:
salt myminion boto_vpc.describe_vpc_peering_connection salt-vpc
# Specify a region
salt myminion boto_vpc.describe_vpc_peering_connection salt-vpc region=us-west-2
Describe all VPCs, matching the filter criteria if provided.
Returns a list of dictionaries with interesting properties.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.describe_vpcs
Check if a dhcp option exists.
Returns True if the dhcp option exists; Returns False otherwise.
CLI Example:
salt myminion boto_vpc.dhcp_options_exists dhcp_options_id='dhcp-a0bl34pp'
Given a subnet ID, disassociates a network acl.
CLI Example:
salt myminion boto_vpc.disassociate_network_acl 'subnet-6a1fe403'
Disassociates a route table.
The Route Table Association ID to disassociate
CLI Example:
salt myminion boto_vpc.disassociate_route_table 'rtbassoc-d8ccddba'
Given a VPC ID, check to see if the given VPC ID exists.
Returns True if the given VPC ID exists and returns False if the given VPC ID does not exist.
CLI Example:
salt myminion boto_vpc.exists myvpc
Return a dict with the current values of the requested DHCP options set
CLI Example:
salt myminion boto_vpc.get_dhcp_options 'myfunnydhcpoptionsname'
New in version 2016.3.0.
Given VPC properties, return the VPC id if a match is found.
CLI Example:
salt myminion boto_vpc.get_id myvpc
Get an AWS id for a VPC resource by type and name.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.get_resource_id internet_gateway myigw
Given a subnet (aka: a vpc zone identifier) or list of subnets, returns vpc association.
Returns a VPC ID if the given subnets are associated with the same VPC ID. Returns False on an error or if the given subnets are associated with different VPC IDs.
CLI Examples:
salt myminion boto_vpc.get_subnet_association subnet-61b47516
salt myminion boto_vpc.get_subnet_association ['subnet-61b47516','subnet-2cb9785b']
Check if a VPC peering connection is in the pending state.
New in version 2016.11.0.
The connection ID to check. Exclusive with conn_name.
The connection name to check. Exclusive with conn_id.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
CLI Example:
salt myminion boto_vpc.is_peering_connection_pending conn_name=salt-vpc
# Specify a region
salt myminion boto_vpc.is_peering_connection_pending conn_name=salt-vpc region=us-west-2
# specify an id
salt myminion boto_vpc.is_peering_connection_pending conn_id=pcx-8a8939e3
Checks if a nat gateway exists.
This function requires boto3 to be installed.
New in version 2016.11.0.
CLI Example:
salt myminion boto_vpc.nat_gateway_exists nat_gateway_id='nat-03b02643b43216fe7'
salt myminion boto_vpc.nat_gateway_exists subnet_id='subnet-5b05942d'
Checks if a network acl exists.
Returns True if the network acl exists or returns False if it doesn't exist.
CLI Example:
salt myminion boto_vpc.network_acl_exists network_acl_id='acl-5fb85d36'
Check if a VPC peering connection is in the pending state, and requested from the given VPC.
New in version 2016.11.0.
The connection ID to check. Exclusive with conn_name.
The connection name to check. Exclusive with conn_id.
Is this the ID of the requesting VPC for this peering connection. Exclusive with vpc_name.
Is this the Name of the requesting VPC for this peering connection. Exclusive with vpc_id.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
CLI Example:
salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc
Replaces a network acl entry.
CLI Example:
salt myminion boto_vpc.replace_network_acl_entry 'acl-5fb85d36' '32767' \
'all' 'deny' '0.0.0.0/0' egress=true
Replaces a route.
CLI Example:
salt myminion boto_vpc.replace_route 'rtb-1f382e7d' '10.0.0.0/16' gateway_id='vgw-a1b2c3'
Replaces a route table association.
CLI Example:
salt myminion boto_vpc.replace_route_table_association 'rtbassoc-d8ccddba' 'rtb-1f382e7d'
Request a VPC peering connection between two VPCs.
New in version 2016.11.0.
ID of the requesting VPC. Exclusive with requester_vpc_name.
Name tag of the requesting VPC. Exclusive with requester_vpc_id.
ID of the VPC to create VPC peering connection with. This can be a VPC in another account. Exclusive with peer_vpc_name.
Name tag of the VPC to create VPC peering connection with. This can only be a VPC in the same account and same region, else resolving it into a vpc ID will almost certainly fail. Exclusive with peer_vpc_id.
The name to use for this VPC peering connection.
ID of the owner of the peer VPC. Defaults to your account ID, so a value is required if peering with a VPC in a different account.
Region of peer VPC. For inter-region vpc peering connections. Not required for intra-region peering connections.
New in version 3005.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
If True, skip application and return status.
CLI Example:
# Create a named VPC peering connection
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da name=my_vpc_connection
# Without a name
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da
# Specify a region
salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da region=us-west-2
Given a resource type and name, return {exists: true} if it exists, {exists: false} if it does not exist, or {error: {message: error text} on error.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.resource_exists internet_gateway myigw
Checks if a route exists.
New in version 2015.8.0.
CLI Example:
salt myminion boto_vpc.route_exists destination_cidr_block='10.0.0.0/20' gateway_id='local' route_table_name='test'
Checks if a route table exists.
CLI Example:
salt myminion boto_vpc.route_table_exists route_table_id='rtb-1f382e7d'
Check if a subnet exists.
Returns True if the subnet exists, otherwise returns False.
Changed in version 2015.8.0: Added subnet_name argument Deprecated name argument
CLI Example:
salt myminion boto_vpc.subnet_exists subnet_id='subnet-6a1fe403'