ec2_vpc_vpn - Create, modify, and delete EC2 VPN connections.

New in version 2.4.

Synopsis

  • This module creates, modifies, and deletes VPN connections. Idempotence is achieved by using the filters option or specifying the VPN connection identifier.

Requirements (on host that executes module)

  • boto3
  • botocore

Options

parameter required default choices comments
connection_type
no ipsec.1
  • ipsec.1
The type of VPN connection.
customer_gateway_id
no
The ID of the customer gateway.
filters
no
An alternative to using vpn_connection_id. If multiple matches are found, vpn_connection_id is required. If one of the following suboptions is a list of items to filter by, only one item needs to match to find the VPN that correlates. e.g. if the filter 'cidr' is ['194.168.2.0/24', '192.168.2.0/24'] and the VPN route only has the destination cidr block of '192.168.2.0/24' it will be found with this filter (assuming there are not multiple VPNs that are matched). Another example, if the filter 'vpn' is equal to ['vpn-ccf7e7ad', 'vpn-cb0ae2a2'] and one of of the VPNs has the state deleted (exists but is unmodifiable) and the other exists and is not deleted, it will be found via this filter. See examples.
Dictionary object filters
parameter required default choices comments
cgw-config
no
The customer gateway configuration of the VPN as a string (in the format of the return value) or a list of those strings.
vpn
no
The VPN connection id as a string or a list of those strings.
tag-keys
no
The key of a tag as a string or a list of those strings.
static-routes-only
no
The type of routing; true or false.
tags
no
A dict of key value pairs.
bgp
no
The BGP ASN number associated with a BGP device. Only works if the connection is attached. This filtering option is currently not working.
tag-values
no
The value of a tag as a string or a list of those strings.
cidr
no
The destination cidr of the VPN's route as a string or a list of those strings.
vgw
no
The virtual private gateway as a string or a list of those strings.
cgw
no
The customer gateway id as a string or a list of those strings.
purge_routes
no
Whether or not to delete VPN connections routes that are not specified in the task.
purge_tags
no
  • yes
  • no
Whether or not to delete VPN connections tags that are associated with the connection but not specified in the task.
routes
no
Routes to add to the connection.
state
no present
  • present
  • absent
The desired state of the VPN connection.
static_only
no
Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.
tags
no
Tags to attach to the VPN connection.
vpn_connection_id
no
The ID of the VPN connection. Required to modify or delete a connection if the filters option does not provide a unique match.
vpn_gateway_id
no
The ID of the virtual private gateway.

Examples

# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.

- name: create a VPN connection
  ec2_vpc_vpn:
    state: present
    vpn_gateway_id: vgw-XXXXXXXX
    customer_gateway_id: cgw-XXXXXXXX

- name: modify VPN connection tags
  ec2_vpc_vpn:
    state: present
    vpn_connection_id: vpn-XXXXXXXX
    tags:
      Name: ansible-tag-1
      Other: ansible-tag-2

- name: delete a connection
  ec2_vpc_vpn:
    vpn_connection_id: vpn-XXXXXXXX
    state: absent

- name: modify VPN tags (identifying VPN by filters)
  ec2_vpc_vpn:
    state: present
    filters:
      cidr: 194.168.1.0/24
      tag-keys:
        - Ansible
        - Other
    tags:
      New: Tag
    purge_tags: true
    static_only: true

- name: add routes and remove any preexisting ones
  ec2_vpc_vpn:
    state: present
    filters:
      vpn: vpn-XXXXXXXX
    routes:
      - 195.168.2.0/24
      - 196.168.2.0/24
    purge_routes: true

- name: remove all routes
  ec2_vpc_vpn:
    state: present
    vpn_connection_id: vpn-XXXXXXXX
    routes: []
    purge_routes: true

- name: delete a VPN identified by filters
  ec2_vpc_vpn:
    state: absent
    filters:
      tags:
        Ansible: Tag

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
changed
If the VPN connection has changed.
always bool {'changed': True}
customer_gateway_configuration
The configuration of the VPN connection.
I(state=present) str
customer_gateway_id
The customer gateway connected via the connection.
I(state=present) str {'customer_gateway_id': 'cgw-1220c87b'}
options
The VPN connection options (currently only containing static_routes_only).
I(state=present) complex
contains:
name description returned type sample
static_routes_only
If the VPN connection only allows static routes.
I(state=present) str {'static_routes_only': True}
routes
The routes of the VPN connection.
I(state=present) list {'routes': [{'state': 'available', 'destination_cidr_block': '192.168.1.0/24'}]}
state
The status of the VPN connection.
I(state=present) string {'state': 'available'}
tags
The tags associated with the connection.
I(state=present) dict {'tags': {'other': 'tag', 'name': 'ansible-test'}}
type
The type of VPN connection (currently only ipsec.1 is available).
I(state=present) str {'type': 'ipsec.1'}
vgw_telemetry
The telemetry for the VPN tunnel.
I(state=present) list {'vgw_telemetry': [{'status': 'up', 1: None, 'last_status_change': 'datetime(2015', 'outside_ip_address': 'string', '1)': None, 'status_message': 'string', 'accepted_route_count': 123}]}
vpn_connection_id
The identifier for the VPN connection.
I(state=present) str {'vpn_connection_id': 'vpn-781e0e19'}
vpn_gateway_id
The virtual private gateway connected via the connection.
I(state=present) str {'vpn_gateway_id': 'vgw-cb0ae2a2'}

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ec2_vpc_vpn_module.html