salt.states.boto_vpc¶

Manage VPCs¶

Create and destroy VPCs. Be aware that this interacts with Amazon's services, and so may incur charges.

This module uses boto, which can be installed via package, or pip.

This module accepts explicit vpc credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.

If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:

vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It's also possible to specify key, keyid and region via a profile, either passed in as a dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

aws:
    region:
        us-east-1:
            profile:
                keyid: GKTADJGHEIQSXMKKRBJ08H
                key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
                region: us-east-1

Ensure VPC exists:
    boto_vpc.present:
        - name: myvpc
        - cidr_block: 10.10.11.0/24
        - dns_hostnames: True
        - region: us-east-1
        - keyid: GKTADJGHEIQSXMKKRBJ08H
        - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

Ensure subnet exists:
    boto_vpc.subnet_present:
        - name: mysubnet
        - vpc_id: vpc-123456
        - cidr_block: 10.0.0.0/16
        - region: us-east-1
        - profile: myprofile

{% set profile = salt['pillar.get']('aws:region:us-east-1:profile' ) %}
Ensure internet gateway exists:
    boto_vpc.internet_gateway_present:
        - name: myigw
        - vpc_name: myvpc
        - profile: {{ profile }}

Ensure route table exists:
    boto_vpc.route_table_present:
        - name: my_route_table
        - vpc_id: vpc-123456
        - routes:
          - destination_cidr_block: 0.0.0.0/0
            instance_id: i-123456
        - subnet_names:
          - subnet1
          - subnet2
        - region: us-east-1
        - profile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

salt.states.boto_vpc.absent(name, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure VPC with passed properties is absent.

name

Name of the VPC.

tags

A list of tags. All tags must match.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.dhcp_options_absent(name=None, dhcp_options_id=None, region=None, key=None, keyid=None, profile=None)¶

Ensure a set of DHCP options with the given settings exist.

name

(string) Name of the DHCP options set.

dhcp_options_id

(string) Id of the DHCP options set.

region

(string) Region to connect to.

key

(string) Secret key to be used.

keyid

(string) Access key to be used.

profile

(various) A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

2016.3.0 新版功能.

salt.states.boto_vpc.dhcp_options_present(name, dhcp_options_id=None, vpc_name=None, vpc_id=None, domain_name=None, domain_name_servers=None, ntp_servers=None, netbios_name_servers=None, netbios_node_type=None, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure a set of DHCP options with the given settings exist. Note that the current implementation only SETS values during option set creation. It is unable to update option sets in place, and thus merely verifies the set exists via the given name and/or dhcp_options_id param.

name

(string) Name of the DHCP options.

vpc_name

(string) Name of a VPC to which the options should be associated. Either vpc_name or vpc_id must be provided.

vpc_id

(string) Id of a VPC to which the options should be associated. Either vpc_name or vpc_id must be provided.

domain_name

(string) Domain name to be assiciated with this option set.

domain_name_servers

(list of strings) The IP address(es) of up to four domain name servers.

ntp_servers

(list of strings) The IP address(es) of up to four desired NTP servers.

netbios_name_servers

(list of strings) The IP address(es) of up to four NetBIOS name servers.

netbios_node_type

(string) The NetBIOS node type (1, 2, 4, or 8). For more information about the allowed values, see RFC 2132. The recommended is 2 at this time (broadcast and multicast are currently not supported).

tags

(dict of key:value pairs) A set of tags to be added.

region

(string) Region to connect to.

key

(string) Secret key to be used.

keyid

(string) Access key to be used.

profile

(various) A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

2016.3.0 新版功能.

salt.states.boto_vpc.internet_gateway_absent(name, detach=False, region=None, key=None, keyid=None, profile=None)¶

Ensure the named internet gateway is absent.

name

Name of the internet gateway.

detach

First detach the internet gateway from a VPC, if attached.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.internet_gateway_present(name, vpc_name=None, vpc_id=None, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure an internet gateway exists.

name

Name of the internet gateway.

vpc_name

Name of the VPC to which the internet gateway should be attached.

vpc_id

Id of the VPC to which the internet_gateway should be attached. Only one of vpc_name or vpc_id may be provided.

tags

A list of tags.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.present(name, cidr_block, instance_tenancy=None, dns_support=None, dns_hostnames=None, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure VPC exists.

name

Name of the VPC.

cidr_block

The range of IPs in CIDR format, for example: 10.0.0.0/24. Block size must be between /16 and /28 netmask.

instance_tenancy

Instances launched in this VPC will be ingle-tenant or dedicated hardware.

dns_support

Indicates whether the DNS resolution is supported for the VPC.

dns_hostnames

Indicates whether the instances launched in the VPC get DNS hostnames.

tags

A list of tags.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.route_table_absent(name, region=None, key=None, keyid=None, profile=None)¶

Ensure the named route table is absent.

name

Name of the route table.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.route_table_present(name, vpc_name=None, vpc_id=None, routes=None, subnet_ids=None, subnet_names=None, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure route table with routes exists and is associated to a VPC.

Example:

boto_vpc.route_table_present:
    - name: my_route_table
    - vpc_id: vpc-123456
    - routes:
      - destination_cidr_block: 0.0.0.0/0
        internet_gateway_name: InternetGateway
      - destination_cidr_block: 10.10.11.0/24
        instance_id: i-123456
      - destination_cidr_block: 10.10.12.0/24
        interface_id: eni-123456
      - destination_cidr_block: 10.10.13.0/24
        instance_name: mygatewayserver
    - subnet_names:
      - subnet1
      - subnet2

name

Name of the route table.

vpc_name

Name of the VPC with which the route table should be associated.

vpc_id

Id of the VPC with which the route table should be associated. Either vpc_name or vpc_id must be provided.

routes

A list of routes. Each route has a cidr and a target.

subnet_ids

A list of subnet ids to associate

subnet_names

A list of subnet names to associate

tags

A list of tags.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.subnet_absent(name=None, subnet_id=None, region=None, key=None, keyid=None, profile=None)¶

Ensure subnet with passed properties is absent.

name

Name of the subnet.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_vpc.subnet_present(name, cidr_block, vpc_name=None, vpc_id=None, availability_zone=None, tags=None, region=None, key=None, keyid=None, profile=None)¶

Ensure a subnet exists.

name

Name of the subnet.

cidr_block

The range if IPs for the subnet, in CIDR format. For example: 10.0.0.0/24. Block size must be between /16 and /28 netmask.

vpc_name

Name of the VPC in which the subnet should be placed. Either vpc_name or vpc_id must be provided.

vpc_id

Id of the VPC in which the subnet should be placed. Either vpc_name or vpc_id must be provided.

availability_zone

AZ in which the subnet should be placed.

tags

A list of tags.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.