New in version 2015.8.0.
boto >= 2.8.0
boto3 >= 1.2.6
Create and destroy VPCs. Be aware that this interacts with Amazon's services, and so may incur charges.
This module accepts explicit vpc credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.
If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:
vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's also possible to specify key
, keyid
and region
via a profile,
either passed in as a dict, or as a string to pull from pillars or minion
config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
aws:
region:
us-east-1:
profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure VPC exists:
boto_vpc.present:
- name: myvpc
- cidr_block: 10.10.11.0/24
- dns_hostnames: True
- region: us-east-1
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
Ensure subnet exists:
boto_vpc.subnet_present:
- name: mysubnet
- vpc_id: vpc-123456
- cidr_block: 10.0.0.0/16
- region: us-east-1
- profile: myprofile
{% set profile = salt['pillar.get']('aws:region:us-east-1:profile' ) %}
Ensure internet gateway exists:
boto_vpc.internet_gateway_present:
- name: myigw
- vpc_name: myvpc
- profile: {{ profile }}
Ensure route table exists:
boto_vpc.route_table_present:
- name: my_route_table
- vpc_id: vpc-123456
- routes:
- destination_cidr_block: 0.0.0.0/0
instance_id: i-123456
- subnet_names:
- subnet1
- subnet2
- region: us-east-1
- profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
New in version 2016.11.0.
Request, accept and delete VPC peering connections. VPC peering connections can be named allowing the name to be used throughout the state file. Following example shows how to request and accept a VPC peering connection.
accept the vpc peering connection:
boto_vpc.accept_vpc_peering_connection:
- conn_name: salt_vpc_peering
- region: us-west-2
- require:
- boto_vpc: request a vpc peering connection
request a vpc peering connection:
boto_vpc.request_vpc_peering_connection:
- requester_vpc_id: vpc-4a3d522e
- peer_vpc_id: vpc-ae81e9ca
- region: us-west-2
- conn_name: salt_vpc_peering
VPC peering connections need not be named. In this case the VPC peering connection ID should be used in the state file.
accept the vpc peering connection:
boto_vpc.accept_vpc_peering_connection:
- conn_id: pcx-1873c371
- region: us-west-2
VPC peering connections can be deleted, as shown below.
delete a named vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- conn_name: salt_vpc_peering
Delete also accepts a VPC peering connection id.
delete a vpc peering connection by id:
boto_vpc.delete_vpc_peering_connection:
- conn_id: pcx-1873c371
Ensure VPC with passed properties is absent.
Name of the VPC.
A list of tags. All tags must match.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Accept a VPC pending requested peering connection between two VPCs.
Name of this state
The connection ID to accept. Exclusive with conn_name. String type.
The name of the VPC peering connection to accept. Exclusive with conn_id. String type.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.11.0.
Example:
boto_vpc.accept_vpc_peering_connection:
- conn_name: salt_peering_connection
# usage with vpc peering connection id and region
boto_vpc.accept_vpc_peering_connection:
- conn_id: pbx-1873d472
- region: us-west-2
Name of the state
ID of the peering connection to delete. Exclusive with conn_name.
The name of the peering connection to delete. Exclusive with conn_id.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.11.0.
Example:
delete a vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- region: us-west-2
- conn_id: pcx-4613b12e
Connection name can be specified (instead of ID). Specifying both conn_name and conn_id will result in an error.
delete a vpc peering connection:
boto_vpc.delete_vpc_peering_connection:
- conn_name: salt_vpc_peering
Ensure a set of DHCP options with the given settings exist.
(string) Name of the DHCP options set.
(string) Id of the DHCP options set.
(string) Region to connect to.
(string) Secret key to be used.
(string) Access key to be used.
(various) A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.3.0.
Ensure a set of DHCP options with the given settings exist. Note that the current implementation only SETS values during option set creation. It is unable to update option sets in place, and thus merely verifies the set exists via the given name and/or dhcp_options_id param.
(string) Name of the DHCP options.
(string) Name of a VPC to which the options should be associated. Either vpc_name or vpc_id must be provided.
(string) Id of a VPC to which the options should be associated. Either vpc_name or vpc_id must be provided.
(string) Domain name to be assiciated with this option set.
(list of strings) The IP address(es) of up to four domain name servers.
(list of strings) The IP address(es) of up to four desired NTP servers.
(list of strings) The IP address(es) of up to four NetBIOS name servers.
(string) The NetBIOS node type (1, 2, 4, or 8). For more information about the allowed values, see RFC 2132. The recommended is 2 at this time (broadcast and multicast are currently not supported).
(dict of key:value pairs) A set of tags to be added.
(string) Region to connect to.
(string) Secret key to be used.
(string) Access key to be used.
(various) A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.3.0.
Ensure the named internet gateway is absent.
Name of the internet gateway.
First detach the internet gateway from a VPC, if attached.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure an internet gateway exists.
Name of the internet gateway.
Name of the VPC to which the internet gateway should be attached.
Id of the VPC to which the internet_gateway should be attached. Only one of vpc_name or vpc_id may be provided.
A list of tags.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure the nat gateway in the named subnet is absent.
This function requires boto3.
New in version 2016.11.0.
Name of the state.
Name of the subnet within which the nat gateway should exist
Id of the subnet within which the nat gateway should exist. Either subnet_name or subnet_id must be provided.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
NAT gateway may take some time to be go into deleted or failed state. During the deletion process, subsequent release of elastic IPs may fail; this state will automatically retry this number of times to ensure the NAT gateway is in deleted or failed state before proceeding. Default is set to 0 for backward compatibility.
Ensure a nat gateway exists within the specified subnet
This function requires boto3.
New in version 2016.11.0.
Example:
boto_vpc.nat_gateway_present:
- subnet_name: my-subnet
Name of the state
Name of the subnet within which the nat gateway should exist
Id of the subnet within which the nat gateway should exist. Either subnet_name or subnet_id must be provided.
If specified, the elastic IP address referenced by the ID is associated with the gateway. Otherwise, a new allocation_id is created and used.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure VPC exists.
Name of the VPC.
The range of IPs in CIDR format, for example: 10.0.0.0/24. Block size must be between /16 and /28 netmask.
Instances launched in this VPC will be ingle-tenant or dedicated hardware.
Indicates whether the DNS resolution is supported for the VPC.
Indicates whether the instances launched in the VPC get DNS hostnames.
A list of tags.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Name of the state
ID of the requesting VPC. Exclusive with requester_vpc_name. String type.
Name tag of the requesting VPC. Exclusive with requester_vpc_id. String type.
ID of the VPC tp crete VPC peering connection with. This can be a VPC in another account. Exclusive with peer_vpc_name. String type.
Name tag of the VPC tp crete VPC peering connection with. This can only be a VPC the same account and region. Exclusive with peer_vpc_id. String type.
The (optional) name to use for this VPC peering connection. String type.
ID of the owner of the peer VPC. String type. If this isn't supplied AWS uses your account ID. Required if peering to a different account.
Region of peer VPC. For inter-region vpc peering connections. Not required for intra-region peering connections.
New in version 3005.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.11.0.
Example:
request a vpc peering connection:
boto_vpc.request_vpc_peering_connection:
- requester_vpc_id: vpc-4b3522e
- peer_vpc_id: vpc-ae83f9ca
- conn_name: salt_peering_connection
Ensure the named route table is absent.
Name of the route table.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure route table with routes exists and is associated to a VPC.
This function requires boto3 to be installed if nat gatewyas are specified.
Example:
boto_vpc.route_table_present:
- name: my_route_table
- vpc_id: vpc-123456
- routes:
- destination_cidr_block: 0.0.0.0/0
internet_gateway_name: InternetGateway
- destination_cidr_block: 10.10.11.0/24
instance_id: i-123456
- destination_cidr_block: 10.10.12.0/24
interface_id: eni-123456
- destination_cidr_block: 10.10.13.0/24
instance_name: mygatewayserver
- subnet_names:
- subnet1
- subnet2
Name of the route table.
Name of the VPC with which the route table should be associated.
Id of the VPC with which the route table should be associated. Either vpc_name or vpc_id must be provided.
A list of routes. Each route has a cidr and a target.
A list of subnet ids to associate
A list of subnet names to associate
A list of tags.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure subnet with passed properties is absent.
Name of the subnet.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Ensure a subnet exists.
Name of the subnet.
The range if IPs for the subnet, in CIDR format. For example: 10.0.0.0/24. Block size must be between /16 and /28 netmask.
Name of the VPC in which the subnet should be placed. Either vpc_name or vpc_id must be provided.
Id of the VPC in which the subnet should be placed. Either vpc_name or vpc_id must be provided.
AZ in which the subnet should be placed.
A list of tags.
A route table ID to explicitly associate the subnet with. If both route_table_id and route_table_name are specified, route_table_id will take precedence.
New in version 2016.11.0.
A route table name to explicitly associate the subnet with. If both route_table_id and route_table_name are specified, route_table_id will take precedence.
New in version 2016.11.0.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
Name of the state
ID of the requesting VPC. Exclusive with requester_vpc_name.
Name tag of the requesting VPC. Exclusive with requester_vpc_id.
ID of the VPC tp crete VPC peering connection with. This can be a VPC in another account. Exclusive with peer_vpc_name.
Name tag of the VPC tp crete VPC peering connection with. This can only be a VPC in the same account, else resolving it into a vpc ID will fail. Exclusive with peer_vpc_id.
The name to use for this VPC peering connection.
ID of the owner of the peer VPC. Defaults to your account ID, so a value is required if peering with a VPC in a different account.
Region of peer VPC. For inter-region vpc peering connections. Not required for intra-region peering connections.
New in version 3005.
Region to connect to.
Secret key to be used.
Access key to be used.
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
New in version 2016.11.0.
Example:
ensure peering twixt local vpc and the other guys:
boto_vpc.vpc_peering_connection_present:
- requester_vpc_name: my_local_vpc
- peer_vpc_name: some_other_guys_vpc
- conn_name: peering_from_here_to_there
- peer_owner_id: 012345654321