ec2_vpc_vpn - Create, modify, and delete EC2 VPN connections.
New in version 2.4.
Synopsis
- This module creates, modifies, and deletes VPN connections. Idempotence is achieved by using the filters option or specifying the VPN connection identifier.
Requirements (on host that executes module)
- boto3
- botocore
Options
parameter | required | default | choices | comments | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
connection_type | no | ipsec.1 |
| The type of VPN connection. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
customer_gateway_id | no | The ID of the customer gateway. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filters | no | An alternative to using vpn_connection_id. If multiple matches are found, vpn_connection_id is required. If one of the following suboptions is a list of items to filter by, only one item needs to match to find the VPN that correlates. e.g. if the filter 'cidr' is ['194.168.2.0/24', '192.168.2.0/24'] and the VPN route only has the destination cidr block of '192.168.2.0/24' it will be found with this filter (assuming there are not multiple VPNs that are matched). Another example, if the filter 'vpn' is equal to ['vpn-ccf7e7ad', 'vpn-cb0ae2a2'] and one of of the VPNs has the state deleted (exists but is unmodifiable) and the other exists and is not deleted, it will be found via this filter. See examples. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
purge_routes | no | Whether or not to delete VPN connections routes that are not specified in the task. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
purge_tags | no |
| Whether or not to delete VPN connections tags that are associated with the connection but not specified in the task. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
routes | no | Routes to add to the connection. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
state | no | present |
| The desired state of the VPN connection. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
static_only | no | Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
tags | no | Tags to attach to the VPN connection. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vpn_connection_id | no | The ID of the VPN connection. Required to modify or delete a connection if the filters option does not provide a unique match. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vpn_gateway_id | no | The ID of the virtual private gateway. |
Examples
# Note: None of these examples set aws_access_key, aws_secret_key, or region. # It is assumed that their matching environment variables are set. - name: create a VPN connection ec2_vpc_vpn: state: present vpn_gateway_id: vgw-XXXXXXXX customer_gateway_id: cgw-XXXXXXXX - name: modify VPN connection tags ec2_vpc_vpn: state: present vpn_connection_id: vpn-XXXXXXXX tags: Name: ansible-tag-1 Other: ansible-tag-2 - name: delete a connection ec2_vpc_vpn: vpn_connection_id: vpn-XXXXXXXX state: absent - name: modify VPN tags (identifying VPN by filters) ec2_vpc_vpn: state: present filters: cidr: 194.168.1.0/24 tag-keys: - Ansible - Other tags: New: Tag purge_tags: true static_only: true - name: add routes and remove any preexisting ones ec2_vpc_vpn: state: present filters: vpn: vpn-XXXXXXXX routes: - 195.168.2.0/24 - 196.168.2.0/24 purge_routes: true - name: remove all routes ec2_vpc_vpn: state: present vpn_connection_id: vpn-XXXXXXXX routes: [] purge_routes: true - name: delete a VPN identified by filters ec2_vpc_vpn: state: absent filters: tags: Ansible: Tag
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
changed | If the VPN connection has changed. | always | bool | {'changed': True} | ||||||||||
customer_gateway_configuration | The configuration of the VPN connection. | I(state=present) | str | |||||||||||
customer_gateway_id | The customer gateway connected via the connection. | I(state=present) | str | {'customer_gateway_id': 'cgw-1220c87b'} | ||||||||||
options | The VPN connection options (currently only containing static_routes_only). | I(state=present) | complex | |||||||||||
contains: |
| |||||||||||||
routes | The routes of the VPN connection. | I(state=present) | list | {'routes': [{'state': 'available', 'destination_cidr_block': '192.168.1.0/24'}]} | ||||||||||
state | The status of the VPN connection. | I(state=present) | string | {'state': 'available'} | ||||||||||
tags | The tags associated with the connection. | I(state=present) | dict | {'tags': {'other': 'tag', 'name': 'ansible-test'}} | ||||||||||
type | The type of VPN connection (currently only ipsec.1 is available). | I(state=present) | str | {'type': 'ipsec.1'} | ||||||||||
vgw_telemetry | The telemetry for the VPN tunnel. | I(state=present) | list | {'vgw_telemetry': [{'status': 'up', 1: None, 'last_status_change': 'datetime(2015', 'outside_ip_address': 'string', '1)': None, 'status_message': 'string', 'accepted_route_count': 123}]} | ||||||||||
vpn_connection_id | The identifier for the VPN connection. | I(state=present) | str | {'vpn_connection_id': 'vpn-781e0e19'} | ||||||||||
vpn_gateway_id | The virtual private gateway connected via the connection. | I(state=present) | str | {'vpn_gateway_id': 'vgw-cb0ae2a2'} |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ec2_vpc_vpn_module.html