Skip to content

Commit

Permalink
ec2_vpc_endpoint - Add vpc_endpint_subnets and vpc_endpoint_security_…
Browse files Browse the repository at this point in the history
…groups parameters. (#544)

ec2_vpc_endpoint - Add vpc_endpint_subnets and vpc_endpoint_security_groups parameters.

SUMMARY
Add support for setting the subnet and security group used by the Endpoint
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
ec2_vpc_endpoint
ADDITIONAL INFORMATION
Originally submitted as ansible-collections/community.aws#589

Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
  • Loading branch information
tremble authored Oct 25, 2021
1 parent 8213151 commit f8a830b
Show file tree
Hide file tree
Showing 3 changed files with 87 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
minor_changes:
- ec2_vpc_endpoint - added ``vpc_endpoint_subnets`` parameter to support defining the subnet attached to an interface or gateway endpoint (https://github.com/ansible-collections/amazon.aws/pull/544).
- ec2_vpc_endpoint - added ``vpc_endpoint_security_groups`` parameter to support defining the security group attached to an interface endpoint (https://github.com/ansible-collections/amazon.aws/pull/544).
39 changes: 39 additions & 0 deletions plugins/modules/ec2_vpc_endpoint.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,22 @@
choices: [ "Interface", "Gateway", "GatewayLoadBalancer" ]
type: str
version_added: 1.5.0
vpc_endpoint_subnets:
description:
- The list of subnets to attach to the endpoint.
- Requires I(vpc_endpoint_type=GatewayLoadBalancer) or I(vpc_endpoint_type=Interface).
required: false
type: list
elements: str
version_added: 2.1.0
vpc_endpoint_security_groups:
description:
- The list of security groups to attach to the endpoint.
- Requires I(vpc_endpoint_type=GatewayLoadBalancer) or I(vpc_endpoint_type=Interface).
required: false
type: list
elements: str
version_added: 2.1.0
service:
description:
- An AWS supported vpc endpoint service. Use the M(amazon.aws.ec2_vpc_endpoint_info)
Expand Down Expand Up @@ -301,6 +317,12 @@ def create_vpc_endpoint(client, module):
if module.params.get('route_table_ids'):
params['RouteTableIds'] = module.params.get('route_table_ids')

if module.params.get('vpc_endpoint_subnets'):
params['SubnetIds'] = module.params.get('vpc_endpoint_subnets')

if module.params.get('vpc_endpoint_security_groups'):
params['SecurityGroupIds'] = module.params.get('vpc_endpoint_security_groups')

if module.params.get('client_token'):
token_provided = True
request_time = datetime.datetime.utcnow()
Expand Down Expand Up @@ -398,6 +420,8 @@ def main():
argument_spec = dict(
vpc_id=dict(),
vpc_endpoint_type=dict(default='Gateway', choices=['Interface', 'Gateway', 'GatewayLoadBalancer']),
vpc_endpoint_security_groups=dict(type='list', elements='str'),
vpc_endpoint_subnets=dict(type='list', elements='str'),
service=dict(),
policy=dict(type='json'),
policy_file=dict(type='path', aliases=['policy_path']),
Expand Down Expand Up @@ -428,6 +452,21 @@ def main():
' will be removed after 2022-12-01',
date='2022-12-01', collection_name='amazon.aws')

if module.params.get('vpc_endpoint_type'):
if module.params.get('vpc_endpoint_type') == 'Gateway':
if module.params.get('vpc_endpoint_subnets') or module.params.get('vpc_endpoint_security_groups'):
module.fail_json(msg="Parameter vpc_endpoint_subnets and/or vpc_endpoint_security_groups can't be used with Gateway endpoint type")

if module.params.get('vpc_endpoint_type') == 'GatewayLoadBalancer':
if module.params.get('vpc_endpoint_security_groups'):
module.fail_json(msg="Parameter vpc_endpoint_security_groups can't be used with GatewayLoadBalancer endpoint type")

if module.params.get('vpc_endpoint_type') == 'Interface':
if module.params.get('vpc_endpoint_subnets') and not module.params.get('vpc_endpoint_security_groups'):
module.fail_json(msg="Parameter vpc_endpoint_security_groups must be set when endpoint type is Interface and vpc_endpoint_subnets is defined")
if not module.params.get('vpc_endpoint_subnets') and module.params.get('vpc_endpoint_security_groups'):
module.fail_json(msg="Parameter vpc_endpoint_subnets must be set when endpoint type is Interface and vpc_endpoint_security_groups is defined")

try:
ec2 = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff())
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
Expand Down
45 changes: 45 additions & 0 deletions tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -754,6 +754,51 @@
that:
- interface_endpoint_delete_check is changed

- name: Create a subnet
ec2_vpc_subnet:
state: present
vpc_id: '{{ vpc_id }}'
az: "{{ aws_region}}a"
cidr: "{{ vpc_cidr }}"
register: interface_endpoint_create_subnet_check

- name: Create a security group
ec2_group:
name: securitygroup-prodext
description: "security group for Ansible interface endpoint"
state: present
vpc_id: "{{ vpc.vpc.id }}"
rules:
- proto: tcp
from_port: 1
to_port: 65535
cidr_ip: 0.0.0.0/0
register: interface_endpoint_create_sg_check

- name: Create interface endpoint attached to a subnet
ec2_vpc_endpoint:
state: present
vpc_id: '{{ vpc_id }}'
service: '{{ endpoint_service_a }}'
vpc_endpoint_type: Interface
vpc_endpoint_subnets: "{{ interface_endpoint_create_subnet_check.subnet.id') }}"
vpc_endpoint_security_groups: "{{ interface_endpoint_create_sg_check.group_id }}"
register: create_interface_endpoint_with_sg_subnets
- name: Check that the interface endpoint was created properly
assert:
that:
- create_interface_endpoint_with_sg_subnets is changed
- create_interface_endpoint_with_sg_subnets.result.vpc_endpoint_type == "Interface"

- name: Delete interface endpoint
ec2_vpc_endpoint:
state: absent
vpc_endpoint_id: "{{ create_interface_endpoint_with_sg_subnets.result.vpc_endpoint_id }}"
register: create_interface_endpoint_with_sg_subnets_delete_check
- assert:
that:
- create_interface_endpoint_with_sg_subnets_delete_check is changed

# ============================================================
# BEGIN POST-TEST CLEANUP
always:
Expand Down

0 comments on commit f8a830b

Please sign in to comment.