| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A dict of filters to apply.
- Each dict item consists of a filter key and a filter value.
- See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html for possible filters.
- Filter names and values are case sensitive.
- You can use underscores instead of dashes (-) in the filter keys.
- Filter keys with underscores will take precedence in case of conflict.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Configuration | -Comments | -|
|---|---|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- env:EC2_ACCESS_KEY
- env:AWS_ACCESS_KEY
- env:AWS_ACCESS_KEY_ID
- |
-
- The AWS access key to use.
- aliases: aws_access_key_id |
- |
|
-
- aws_profile
-
-
- string
-
- |
- - | -
- env:AWS_DEFAULT_PROFILE
- env:AWS_PROFILE
- |
-
- The AWS profile
- aliases: boto_profile |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- env:EC2_SECRET_KEY
- env:AWS_SECRET_KEY
- env:AWS_SECRET_ACCESS_KEY
- |
-
- The AWS secret key that corresponds to the access key.
- aliases: aws_secret_access_key |
- |
|
-
- aws_security_token
-
-
- string
-
- |
- - | -
- env:EC2_SECURITY_TOKEN
- env:AWS_SESSION_TOKEN
- env:AWS_SECURITY_TOKEN
- |
-
- The AWS security token if using temporary access and secret keys.
- |
- |
|
-
- cache
-
-
- boolean
-
- |
-
-
|
-
- ini entries:
-
- [inventory] env:ANSIBLE_INVENTORY_CACHE
- |
-
- Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.
- |
- |
|
-
- cache_connection
-
-
- string
-
- |
- - | -
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_CONNECTION
- env:ANSIBLE_INVENTORY_CACHE_CONNECTION
- |
-
- Cache connection data or path, read cache plugin documentation for specifics.
- |
- |
|
-
- cache_plugin
-
-
- string
-
- |
-
- Default: "memory"
- |
-
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN
- env:ANSIBLE_INVENTORY_CACHE_PLUGIN
- |
-
- Cache plugin to use for the inventory's source data.
- |
- |
|
-
- cache_prefix
-
-
- -
-
- |
-
- Default: "ansible_inventory_"
- |
-
- ini entries:
-
- [default] [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_PREFIX
- env:ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX
- |
-
- Prefix to use for cache plugin files/tables
- |
- |
|
-
- cache_timeout
-
-
- integer
-
- |
-
- Default: 3600
- |
-
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_TIMEOUT
- env:ANSIBLE_INVENTORY_CACHE_TIMEOUT
- |
-
- Cache duration in seconds
- |
- |
|
-
- compose
-
-
- dictionary
-
- |
-
- Default: {}
- |
- - | -
- Create vars from jinja2 expressions.
- |
- |
|
-
- exclude_filters
-
-
- list
- / elements=dictionary
-
- added in 1.5.0
- |
-
- Default: []
- |
- - | -
- A list of filters. Any instances matching one of the filters are excluded from the result.
- The filters from
- exclude_filters take priority over the include_filters and filters keysAvailable filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
- Every entry in this list triggers a search query. As such, from a performance point of view, it's better to keep the list as short as possible.
- |
- |
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
- - | -
- A dictionary of filter value pairs.
- Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
- |
- |
|
-
- groups
-
-
- dictionary
-
- |
-
- Default: {}
- |
- - | -
- Add hosts to group based on Jinja2 conditionals.
- |
- |
|
-
- hostnames
-
-
- list
- / elements=dictionary
-
- |
-
- Default: []
- |
- - | -
- A list in order of precedence for hostname variables.
- |
- |
| - |
-
- name
-
-
- string
- / required
-
- |
- - | -- | -
- Name of the host.
- Can be one of the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
- To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.
- If value provided does not exist in the above options, it will be used as a literal string.
- |
-
| - |
-
- prefix
-
-
- string
-
- |
-
- Default: ""
- |
- - | -
- Prefix to prepend to name. Same options as name.
- If prefix is specified, final hostname will be prefix + separator + name.
- |
-
| - |
-
- separator
-
-
- string
-
- |
-
- Default: "_"
- |
- - | -
- Value to separate prefix and name when prefix is specified.
- |
-
|
-
- hostvars_prefix
-
-
- string
-
- added in 3.1.0
- |
- - | -- | -
- The prefix for host variables names coming from AWS.
- |
- |
|
-
- hostvars_suffix
-
-
- string
-
- added in 3.1.0
- |
- - | -- | -
- The suffix for host variables names coming from AWS.
- |
- |
|
-
- iam_role_arn
-
-
- -
-
- |
- - | -- | -
- The ARN of the IAM role to assume to perform the inventory lookup. You should still provide AWS credentials with enough privilege to perform the AssumeRole action.
- |
- |
|
-
- include_extra_api_calls
-
-
- boolean
-
- |
-
-
|
- - | -
- Add two additional API calls for every instance to include 'persistent' and 'events' host variables.
- Spot instances may be persistent and instances may have associated events.
- |
- |
|
-
- include_filters
-
-
- list
- / elements=dictionary
-
- added in 1.5.0
- |
-
- Default: []
- |
- - | -
- A list of filters. Any instances matching at least one of the filters are included in the result.
- Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
- Every entry in this list triggers a search query. As such, from a performance point of view, it's better to keep the list as short as possible.
- |
- |
|
-
- keyed_groups
-
-
- list
- / elements=dictionary
-
- |
-
- Default: []
- |
- - | -
- Add hosts to group based on the values of a variable.
- |
- |
| - |
-
- default_value
-
-
- string
-
- added in 2.12
- |
- - | -- | -
- The default value when the host variable's value is an empty string.
- This option is mutually exclusive with
- trailing_separator. |
-
| - |
-
- key
-
-
- string
-
- |
- - | -- | -
- The key from input dictionary used to generate groups
- |
-
| - |
-
- parent_group
-
-
- string
-
- |
- - | -- | -
- parent group for keyed group
- |
-
| - |
-
- prefix
-
-
- string
-
- |
-
- Default: ""
- |
- - | -
- A keyed group name will start with this prefix
- |
-
| - |
-
- separator
-
-
- string
-
- |
-
- Default: "_"
- |
- - | -
- separator used to build the keyed group name
- |
-
| - |
-
- trailing_separator
-
-
- boolean
-
- added in 2.12
- |
-
-
|
- - | -
- Set this option to False to omit the
- separator after the host variable when the value is an empty string.This option is mutually exclusive with
- default_value. |
-
|
-
- leading_separator
-
-
- boolean
-
- added in 2.11
- |
-
- Default: "yes"
- |
- - | -
- Use in conjunction with keyed_groups.
- By default, a keyed group that does not have a prefix or a separator provided will have a name that starts with an underscore.
- This is because the default prefix is "" and the default separator is "_".
- Set this option to False to omit the leading underscore (or other separator) if no prefix is given.
- If the group name is derived from a mapping the separator is still used to concatenate the items.
- To not use a separator in the group name at all, set the separator for the keyed group to an empty string instead.
- |
- |
|
-
- plugin
-
-
- -
- / required
-
- |
-
-
|
- - | -
- Token that ensures this is a source file for the plugin.
- |
- |
|
-
- regions
-
-
- list
- / elements=string
-
- |
-
- Default: []
- |
- - | -
- A list of regions in which to describe EC2 instances.
- If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.
- |
- |
|
-
- strict
-
-
- boolean
-
- |
-
-
|
- - | -
- If
- yes make invalid entries a fatal error, otherwise skip and continue.Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.
- |
- |
|
-
- strict_permissions
-
-
- boolean
-
- |
-
-
|
- - | -
- By default if a 403 (Forbidden) error code is encountered this plugin will fail.
- You can set this option to False in the inventory config file which will allow 403 errors to be gracefully skipped.
- |
- |
|
-
- use_contrib_script_compatible_ec2_tag_keys
-
-
- boolean
-
- added in 1.5.0
- |
-
-
|
- - | -
- Expose the host tags with ec2_tag_TAGNAME keys like the old ec2.py inventory script.
- The use of this feature is discouraged and we advise to migrate to the new ``tags`` structure.
- |
- |
|
-
- use_contrib_script_compatible_sanitization
-
-
- boolean
-
- |
-
-
|
- - | -
- By default this plugin is using a general group name sanitization to create safe and usable group names for use in Ansible. This option allows you to override that, in efforts to allow migration from the old inventory script and matches the sanitization of groups when the script's ``replace_dash_in_groups`` option is set to ``False``. To replicate behavior of ``replace_dash_in_groups = True`` with constructed groups, you will need to replace hyphens with underscores via the regex_replace filter for those entries.
- For this to work you should also turn off the TRANSFORM_INVALID_GROUP_CHARS setting, otherwise the core engine will just use the standard sanitization on top.
- This is not the default as such names break certain functionality as not all characters are valid Python identifiers which group names end up being used as.
- |
- |
|
-
- use_extra_vars
-
-
- boolean
-
- added in 2.11
- |
-
-
|
-
- ini entries:
-
- [inventory_plugins] env:ANSIBLE_INVENTORY_USE_EXTRA_VARS
- |
-
- Merge extra vars into the available variables for composition (highest precedence).
- |
- |
| Parameter | -Choices/Defaults | -Configuration | -Comments | -|
|---|---|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- env:EC2_ACCESS_KEY
- env:AWS_ACCESS_KEY
- env:AWS_ACCESS_KEY_ID
- |
-
- The AWS access key to use.
- aliases: aws_access_key_id |
- |
|
-
- aws_profile
-
-
- string
-
- |
- - | -
- env:AWS_DEFAULT_PROFILE
- env:AWS_PROFILE
- |
-
- The AWS profile
- aliases: boto_profile |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- env:EC2_SECRET_KEY
- env:AWS_SECRET_KEY
- env:AWS_SECRET_ACCESS_KEY
- |
-
- The AWS secret key that corresponds to the access key.
- aliases: aws_secret_access_key |
- |
|
-
- aws_security_token
-
-
- string
-
- |
- - | -
- env:EC2_SECURITY_TOKEN
- env:AWS_SESSION_TOKEN
- env:AWS_SECURITY_TOKEN
- |
-
- The AWS security token if using temporary access and secret keys.
- |
- |
|
-
- cache
-
-
- boolean
-
- |
-
-
|
-
- ini entries:
-
- [inventory] env:ANSIBLE_INVENTORY_CACHE
- |
-
- Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.
- |
- |
|
-
- cache_connection
-
-
- string
-
- |
- - | -
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_CONNECTION
- env:ANSIBLE_INVENTORY_CACHE_CONNECTION
- |
-
- Cache connection data or path, read cache plugin documentation for specifics.
- |
- |
|
-
- cache_plugin
-
-
- string
-
- |
-
- Default: "memory"
- |
-
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN
- env:ANSIBLE_INVENTORY_CACHE_PLUGIN
- |
-
- Cache plugin to use for the inventory's source data.
- |
- |
|
-
- cache_prefix
-
-
- -
-
- |
-
- Default: "ansible_inventory_"
- |
-
- ini entries:
-
- [default] [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_PREFIX
- env:ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX
- |
-
- Prefix to use for cache plugin files/tables
- |
- |
|
-
- cache_timeout
-
-
- integer
-
- |
-
- Default: 3600
- |
-
- ini entries:
-
- [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_TIMEOUT
- env:ANSIBLE_INVENTORY_CACHE_TIMEOUT
- |
-
- Cache duration in seconds
- |
- |
|
-
- compose
-
-
- dictionary
-
- |
-
- Default: {}
- |
- - | -
- Create vars from jinja2 expressions.
- |
- |
|
-
- filters
-
-
- -
-
- |
-
- Default: {}
- |
- - | -
- A dictionary of filter value pairs. Available filters are listed here https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html#options. If you filter by db-cluster-id and include_clusters is True it will apply to clusters as well.
- |
- |
|
-
- groups
-
-
- dictionary
-
- |
-
- Default: {}
- |
- - | -
- Add hosts to group based on Jinja2 conditionals.
- |
- |
|
-
- hostvars_prefix
-
-
- string
-
- added in 3.1.0
- |
- - | -- | -
- The prefix for host variables names coming from AWS.
- |
- |
|
-
- hostvars_suffix
-
-
- string
-
- added in 3.1.0
- |
- - | -- | -
- The suffix for host variables names coming from AWS.
- |
- |
|
-
- iam_role_arn
-
-
- -
-
- |
- - | -- | -
- The ARN of the IAM role to assume to perform the inventory lookup. You should still provide AWS credentials with enough privilege to perform the AssumeRole action.
- |
- |
|
-
- include_clusters
-
-
- boolean
-
- |
-
-
|
- - | -
- Whether or not to query for Aurora clusters as well as instances
- |
- |
|
-
- keyed_groups
-
-
- list
- / elements=dictionary
-
- |
-
- Default: []
- |
- - | -
- Add hosts to group based on the values of a variable.
- |
- |
| - |
-
- default_value
-
-
- string
-
- added in 2.12
- |
- - | -- | -
- The default value when the host variable's value is an empty string.
- This option is mutually exclusive with
- trailing_separator. |
-
| - |
-
- key
-
-
- string
-
- |
- - | -- | -
- The key from input dictionary used to generate groups
- |
-
| - |
-
- parent_group
-
-
- string
-
- |
- - | -- | -
- parent group for keyed group
- |
-
| - |
-
- prefix
-
-
- string
-
- |
-
- Default: ""
- |
- - | -
- A keyed group name will start with this prefix
- |
-
| - |
-
- separator
-
-
- string
-
- |
-
- Default: "_"
- |
- - | -
- separator used to build the keyed group name
- |
-
| - |
-
- trailing_separator
-
-
- boolean
-
- added in 2.12
- |
-
-
|
- - | -
- Set this option to False to omit the
- separator after the host variable when the value is an empty string.This option is mutually exclusive with
- default_value. |
-
|
-
- leading_separator
-
-
- boolean
-
- added in 2.11
- |
-
- Default: "yes"
- |
- - | -
- Use in conjunction with keyed_groups.
- By default, a keyed group that does not have a prefix or a separator provided will have a name that starts with an underscore.
- This is because the default prefix is "" and the default separator is "_".
- Set this option to False to omit the leading underscore (or other separator) if no prefix is given.
- If the group name is derived from a mapping the separator is still used to concatenate the items.
- To not use a separator in the group name at all, set the separator for the keyed group to an empty string instead.
- |
- |
|
-
- regions
-
-
- -
-
- |
-
- Default: []
- |
- - | -
- A list of regions in which to describe RDS instances and clusters. Available regions are listed here https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
- |
- |
|
-
- statuses
-
-
- list
- / elements=string
-
- |
-
- Default: ["creating", "available"]
- |
- - | -
- A list of desired states for instances/clusters to be added to inventory. Set to ['all'] as a shorthand to find everything.
- |
- |
|
-
- strict
-
-
- boolean
-
- |
-
-
|
- - | -
- If
- yes make invalid entries a fatal error, otherwise skip and continue.Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.
- |
- |
|
-
- strict_permissions
-
-
- boolean
-
- |
-
-
|
- - | -
- By default if an AccessDenied exception is encountered this plugin will fail. You can set strict_permissions to False in the inventory config file which will allow the restrictions to be gracefully skipped.
- |
- |
|
-
- use_extra_vars
-
-
- boolean
-
- added in 2.11
- |
-
-
|
-
- ini entries:
-
- [inventory_plugins] env:ANSIBLE_INVENTORY_USE_EXTRA_VARS
- |
-
- Merge extra vars into the available variables for composition (highest precedence).
- |
- |
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- bucket
-
-
- string
- / required
-
- |
- - | -
- Bucket name.
- |
- |
|
-
- content
-
-
- string
-
- added in 1.3.0
- |
- - | -
- The content to
- PUT into an object.The parameter value will be treated as a string and converted to UTF-8 before sending it to S3. To send binary data, use the content_base64 parameter instead.
- Either content, content_base64 or src must be specified for a
- PUT operation. Ignored otherwise. |
- |
|
-
- content_base64
-
-
- string
-
- added in 1.3.0
- |
- - | -
- The base64-encoded binary data to
- PUT into an object.Use this if you need to put raw binary data, and don't forget to encode in base64.
- Either content, content_base64 or src must be specified for a
- PUT operation. Ignored otherwise. |
- |
|
-
- copy_src
-
-
- dictionary
-
- added in 2.0.0
- |
- - | -
- The source details of the object to copy.
- Required if mode is
- copy. |
- |
| - |
-
- bucket
-
-
- string
- / required
-
- |
- - | -
- The name of the source bucket.
- |
-
| - |
-
- object
-
-
- string
- / required
-
- |
- - | -
- key name of the source object.
- |
-
| - |
-
- version_id
-
-
- string
-
- |
- - | -
- version ID of the source object.
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- dest
-
-
- path
-
- |
- - | -
- The destination file path when downloading an object/key with a
- GET operation. |
- |
|
-
- dualstack
-
-
- boolean
-
- |
-
-
|
-
- Enables Amazon S3 Dual-Stack Endpoints, allowing S3 communications using both IPv4 and IPv6.
- |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- encrypt
-
-
- boolean
-
- |
-
-
|
-
- When set for PUT/COPY mode, asks for server-side encryption.
- |
- |
|
-
- encryption_kms_key_id
-
-
- string
-
- |
- - | -
- KMS key id to use when encrypting objects using encrypting=aws:kms. Ignored if encryption is not
- aws:kms. |
- |
|
-
- encryption_mode
-
-
- string
-
- |
-
-
|
-
- What encryption mode to use if encrypt=true.
- |
- |
|
-
- expiry
-
-
- integer
-
- |
-
- Default: 600
- |
-
- Time limit (in seconds) for the URL generated and returned by S3/Walrus when performing a mode=put or mode=geturl operation.
- aliases: expiration |
- |
|
-
- headers
-
-
- dictionary
-
- |
- - | -
- Custom headers for
- PUT operation, as a dictionary of key=value and key=value,key=value. |
- |
|
-
- ignore_nonexistent_bucket
-
-
- boolean
-
- |
-
-
|
-
- Overrides initial bucket lookups in case bucket or iam policies are restrictive. Example: a user may have the
- GetObject permission but no other permissions. In this case using the option mode: get will fail without specifying ignore_nonexistent_bucket=true. |
- |
|
-
- marker
-
-
- string
-
- |
- - | -
- Specifies the key to start with when using list mode. Object keys are returned in alphabetical order, starting with key after the marker in order.
- |
- |
|
-
- max_keys
-
-
- integer
-
- |
-
- Default: 1000
- |
-
- Max number of results to return in list mode, set this if you want to retrieve fewer than the default 1000 keys.
- |
- |
|
-
- metadata
-
-
- dictionary
-
- |
- - | -
- Metadata for PUT/COPY operation, as a dictionary of
- key=value and key=value,key=value. |
- |
|
-
- mode
-
-
- string
- / required
-
- |
-
-
|
-
- Switches the module behaviour between
- PUT: uploadGET: downloadgeturl: return download URLgetstr: download object as stringlist: list keyscreate: create bucketdelete: delete bucketdelobj: delete objectcopy: copy object that is already stored in another bucket |
- |
|
-
- object
-
-
- string
-
- |
- - | -
- Keyname of the object inside the bucket. Can be used to create "virtual directories", see examples.
- |
- |
|
-
- overwrite
-
-
- string
-
- |
-
- Default: "always"
- |
-
- Force overwrite either locally on the filesystem or remotely with the object/key. Used with
- PUT and GET operations.Must be a Boolean,
- always, never, different or latest.true is the same as always.false is equal to never.When this is set to
- different the MD5 sum of the local file is compared with the 'ETag' of the object/key in S3. The ETag may or may not be an MD5 digest of the object data. See the ETag response header here https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html.(
- GET mode only) When this is set to latest the last modified timestamp of local file is compared with the 'LastModified' of the object/key in S3.aliases: force |
- |
|
-
- permission
-
-
- list
- / elements=string
-
- |
-
- Default: ["private"]
- |
-
- This option lets the user set the canned permissions on the object/bucket that are created. The permissions that can be set are
- private, public-read, public-read-write, authenticated-read for a bucket or private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control for an object. Multiple permissions can be specified as a list; although only the first one will be used during the initial upload of the file |
- |
|
-
- prefix
-
-
- string
-
- |
-
- Default: ""
- |
-
- Limits the response to keys that begin with the specified prefix for list mode.
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- purge_tags
-
-
- boolean
-
- added in 2.0.0
- |
-
-
|
-
- Whether or not to remove tags assigned to the S3 object if not specified in the playbook.
- To remove all tags set tags to an empty dictionary in conjunction with this.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- retries
-
-
- integer
-
- |
-
- Default: 0
- |
-
- On recoverable failure, how many times to retry before actually failing.
- aliases: retry |
- |
|
-
- rgw
-
-
- boolean
-
- |
-
-
|
-
- Enable Ceph RGW S3 support. This option requires an explicit url via s3_url.
- |
- |
|
-
- s3_url
-
-
- string
-
- |
- - | -
- S3 URL endpoint for usage with Ceph, Eucalyptus and fakes3 etc. Otherwise assumes AWS.
- aliases: S3_URL |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- src
-
-
- path
-
- |
- - | -
- The source file path when performing a
- PUT operation.Either content, content_base64 or src must be specified for a
- PUT operation. Ignored otherwise. |
- |
|
-
- tags
-
-
- dictionary
-
- added in 2.0.0
- |
- - | -
- Tags dict to apply to the S3 object.
- |
- |
|
-
- validate_bucket_name
-
-
- boolean
-
- added in 3.1.0
- |
-
-
|
-
- Whether the bucket name should be validated to conform to AWS S3 naming rules.
- On by default, this may be disabled for S3 backends that do not enforce these rules.
- See https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
- |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- version
-
-
- string
-
- |
- - | -
- Version ID of the object inside the bucket. Can be used to get a specific version of a file if versioning is enabled in the target bucket.
- |
- |
| Key | -Returned | -Description | -
|---|---|---|
|
-
- _raw
-
-
- -
-
- |
- - |
- Returns the value of the secret stored in AWS Secrets Manager.
- - |
-
| Key | -Returned | -Description | -
|---|---|---|
|
-
- _raw
-
-
- -
-
- |
- - |
- comma-separated list of CIDR ranges
- - |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- all_facts
-
-
- boolean
-
- |
-
-
|
-
- Get all stack information for the stack.
- |
-
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- stack_change_sets
-
-
- boolean
-
- |
-
-
|
-
- Get stack change sets for the stack
- |
-
|
-
- stack_events
-
-
- boolean
-
- |
-
-
|
-
- Get stack events for the stack.
- |
-
|
-
- stack_name
-
-
- string
-
- |
- - | -
- The name or id of the CloudFormation stack. Gathers information on all stacks by default.
- |
-
|
-
- stack_policy
-
-
- boolean
-
- |
-
-
|
-
- Get stack policy for the stack.
- |
-
|
-
- stack_resources
-
-
- boolean
-
- |
-
-
|
-
- Get stack resources for the stack.
- |
-
|
-
- stack_template
-
-
- boolean
-
- |
-
-
|
-
- Get stack template body for the stack.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- backoff_delay
-
-
- integer
-
- |
-
- Default: 3
- |
-
- Number of seconds to wait for the next retry.
- |
-
|
-
- backoff_max_delay
-
-
- integer
-
- |
-
- Default: 30
- |
-
- Maximum amount of time to wait between retries.
- |
-
|
-
- backoff_retries
-
-
- integer
-
- |
-
- Default: 10
- |
-
- Number of times to retry operation.
- AWS API throttling mechanism fails CloudFormation module so we have to retry a couple of times.
- |
-
|
-
- capabilities
-
-
- list
- / elements=string
-
- |
-
- Default: ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
- |
-
- Specify capabilities that stack template contains.
- Valid values are
- CAPABILITY_IAM, CAPABILITY_NAMED_IAM and CAPABILITY_AUTO_EXPAND. |
-
|
-
- changeset_name
-
-
- string
-
- |
- - | -
- Name given to the changeset when creating a changeset.
- Only used when create_changeset=true.
- By default a name prefixed with Ansible-STACKNAME is generated based on input parameters. See the AWS Change Sets docs for more information https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html
- |
-
|
-
- create_changeset
-
-
- boolean
-
- |
-
-
|
-
- If stack already exists create a changeset instead of directly applying changes. See the AWS Change Sets docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html.
- WARNING: if the stack does not exist, it will be created without changeset. If state=absent, the stack will be deleted immediately with no changeset.
- |
-
|
-
- create_timeout
-
-
- integer
-
- |
- - | -
- The amount of time (in minutes) that can pass before the stack status becomes CREATE_FAILED
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- disable_rollback
-
-
- boolean
-
- |
-
-
|
-
- If a stacks fails to form, rollback will remove the stack.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- events_limit
-
-
- integer
-
- |
-
- Default: 200
- |
-
- Maximum number of CloudFormation events to fetch from a stack when creating or updating it.
- |
-
|
-
- notification_arns
-
-
- string
-
- |
- - | -
- A comma separated list of Simple Notification Service (SNS) topic ARNs to publish stack related events.
- |
-
|
-
- on_create_failure
-
-
- string
-
- |
-
-
|
-
- Action to take upon failure of stack creation. Incompatible with the disable_rollback option.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- role_arn
-
-
- string
-
- |
- - | -
- The role that AWS CloudFormation assumes to create the stack. See the AWS CloudFormation Service Role docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- stack_name
-
-
- string
- / required
-
- |
- - | -
- Name of the CloudFormation stack.
- |
-
|
-
- stack_policy
-
-
- string
-
- |
- - | -
- The path of the file containing the CloudFormation stack policy. A policy cannot be removed once placed, but it can be modified. for instance, allow all updates https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html#d0e9051
- |
-
|
-
- stack_policy_body
-
-
- json
-
- added in 1.5.0
- |
- - | -
- The CloudFormation stack policy in JSON. A policy cannot be removed once placed, but it can be modified. for instance, allow all updates https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html#d0e9051
- |
-
|
-
- stack_policy_on_update_body
-
-
- json
-
- added in 1.5.0
- |
- - | -
- the body of the cloudformation stack policy only applied during this update.
- |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- If state=present, stack will be created.
- If state=present and if stack exists and template has changed, it will be updated.
- If state=absent, stack will be removed.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- Dictionary of tags to associate with stack and its resources during stack creation.
- Can be updated later, updating tags removes previous entries.
- |
-
|
-
- template
-
-
- path
-
- |
- - | -
- The local path of the CloudFormation template.
- This must be the full path to the file, relative to the working directory. If using roles this may look like
- roles/cloudformation/files/cloudformation-example.json.If state=present and the stack does not exist yet, either template, template_body or template_url must be specified (but only one of them).
- If state=present, the stack does exist, and neither template, template_body nor template_url are specified, the previous template will be reused.
- |
-
|
-
- template_body
-
-
- string
-
- |
- - | -
- Template body. Use this to pass in the actual body of the CloudFormation template.
- If state=present and the stack does not exist yet, either template, template_body or template_url must be specified (but only one of them).
- If state=present, the stack does exist, and neither template, template_body nor template_url are specified, the previous template will be reused.
- |
-
|
-
- template_format
-
-
- string
-
- |
- - | -
- This parameter is ignored since Ansible 2.3 and will be removed after 2022-06-01.
- Templates are now passed raw to CloudFormation regardless of format.
- |
-
|
-
- template_parameters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A list of hashes of all the template variables for the stack. The value can be a string or a dict.
- Dict can be used to set additional template parameter attributes like UsePreviousValue (see example).
- |
-
|
-
- template_url
-
-
- string
-
- |
- - | -
- Location of file containing the template body. The URL must point to a template (max size 307,200 bytes) located in an S3 bucket in the same region as the stack.
- If state=present and the stack does not exist yet, either template, template_body or template_url must be specified (but only one of them).
- If state=present, the stack does exist, and neither template, template_body nor template_url are specified, the previous template will be reused.
- |
-
|
-
- termination_protection
-
-
- boolean
-
- |
-
-
|
-
- Enable or disable termination protection on the stack.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- describe_image_attributes
-
-
- boolean
-
- |
-
-
|
-
- Describe attributes (like launchPermission) of the images found.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- executable_users
-
-
- list
- / elements=string
-
- |
- - | -
- Filter images by users with explicit launch permissions. Valid options are an AWS account ID, self, or all (public AMIs).
- aliases: executable_user |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value.
- See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html for possible filters.
- Filter names and values are case sensitive.
- |
-
|
-
- image_ids
-
-
- list
- / elements=string
-
- |
- - | -
- One or more image IDs.
- aliases: image_id |
-
|
-
- owners
-
-
- list
- / elements=string
-
- |
- - | -
- Filter the images by the owner. Valid options are an AWS account ID, self, or an AWS owner alias ( amazon | aws-marketplace | microsoft ).
- aliases: owner |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- architecture
-
-
- string
-
- |
-
- Default: "x86_64"
- |
-
- The target architecture of the image to register
- |
- |
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- billing_products
-
-
- list
- / elements=string
-
- |
- - | -
- A list of valid billing codes. To be used with valid accounts by aws marketplace vendors.
- |
- |
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- delete_snapshot
-
-
- boolean
-
- |
-
-
|
-
- Delete snapshots when deregistering the AMI.
- |
- |
|
-
- description
-
-
- string
-
- |
- - | -
- Human-readable string describing the contents and purpose of the AMI.
- |
- |
|
-
- device_mapping
-
-
- list
- / elements=dictionary
-
- |
- - | -
- List of device hashes/dictionaries with custom configurations (same block-device-mapping parameters).
- |
- |
| - |
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- Whether the device should be automatically deleted when the Instance is terminated.
- |
-
| - |
-
- device_name
-
-
- string
- / required
-
- |
- - | -
- The device name. For example
- /dev/sda.aliases: DeviceName |
-
| - |
-
- encrypted
-
-
- boolean
-
- |
-
-
|
-
- Whether the volume should be encrypted.
- |
-
| - |
-
- iops
-
-
- integer
-
- |
- - | -
- When using an
- io1 volume_type this sets the number of IOPS provisioned for the volume |
-
| - |
-
- no_device
-
-
- boolean
-
- |
-
-
|
-
- Suppresses the specified device included in the block device mapping of the AMI.
- Alias
- NoDevice has been deprecated and will be removed after 2022-06-01.aliases: NoDevice |
-
| - |
-
- snapshot_id
-
-
- string
-
- |
- - | -
- The ID of the Snapshot.
- |
-
| - |
-
- virtual_name
-
-
- string
-
- |
- - | -
- The virtual name for the device.
- See the AWS documentation for more detail https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html.
- Alias
- VirtualName has been deprecated and will be removed after 2022-06-01.aliases: VirtualName |
-
| - |
-
- volume_size
-
-
- integer
-
- |
- - | -
- The size of the volume (in GiB)
- aliases: size |
-
| - |
-
- volume_type
-
-
- string
-
- |
- - | -
- The volume type. Defaults to
- gp2 when not set. |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- enhanced_networking
-
-
- boolean
-
- |
-
-
|
-
- A boolean representing whether enhanced networking with ENA is enabled or not.
- |
- |
|
-
- image_id
-
-
- string
-
- |
- - | -
- Image ID to be deregistered.
- |
- |
|
-
- image_location
-
-
- string
-
- |
- - | -
- The s3 location of an image to use for the AMI.
- |
- |
|
-
- instance_id
-
-
- string
-
- |
- - | -
- Instance ID to create the AMI from.
- |
- |
|
-
- kernel_id
-
-
- string
-
- |
- - | -
- The target kernel id of the image to register.
- |
- |
|
-
- launch_permissions
-
-
- dictionary
-
- |
- - | -
- Users and groups that should be able to launch the AMI. Expects dictionary with a key of user_ids and/or group_names. user_ids should be a list of account ids. group_name should be a list of groups, "all" is the only acceptable value currently.
- You must pass all desired launch permissions if you wish to modify existing launch permissions (passing just groups will remove all users)
- |
- |
|
-
- name
-
-
- string
-
- |
- - | -
- The name of the new AMI.
- |
- |
|
-
- no_reboot
-
-
- boolean
-
- |
-
-
|
-
- Flag indicating that the bundling process should not attempt to shutdown the instance before bundling. If this flag is True, the responsibility of maintaining file system integrity is left to the owner of the instance.
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Whether to remove existing tags that aren't passed in the
- tags parameter |
- |
|
-
- ramdisk_id
-
-
- string
-
- |
- - | -
- The ID of the RAM disk.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- root_device_name
-
-
- string
-
- |
- - | -
- The root device name of the image to register.
- |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- sriov_net_support
-
-
- string
-
- |
- - | -
- Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI.
- |
- |
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Register or deregister an AMI.
- |
- |
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of tags to add to the new image; '{"key":"value"}' and '{"key":"value","key":"value"}'
- |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- virtualization_type
-
-
- string
-
- |
-
- Default: "hvm"
- |
-
- The virtualization type of the image to register.
- |
- |
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- Wait for the AMI to be in state 'available' before returning.
- |
- |
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 1200
- |
-
- How long before wait gives up, in seconds.
- |
- |
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- eni_id
-
-
- string
-
- added in 1.3.0
- |
- - | -
- The ID of the ENI.
- This option is mutually exclusive of filters.
- |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html for possible filters.
- This option is mutually exclusive of eni_id.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- allow_reassignment
-
-
- boolean
-
- |
-
-
|
-
- Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface.
- |
-
|
-
- attached
-
-
- boolean
-
- |
-
-
|
-
- Specifies if network interface should be attached or detached from instance. If omitted, attachment status won't change
- |
-
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- Delete the interface when the instance it is attached to is terminated. You can only specify this flag when the interface is being modified, not on creation.
- |
-
|
-
- description
-
-
- string
-
- |
- - | -
- Optional description of the ENI.
- |
-
|
-
- device_index
-
-
- integer
-
- |
-
- Default: 0
- |
-
- The index of the device for the network interface attachment on the instance.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- eni_id
-
-
- string
-
- |
- - | -
- The ID of the ENI (to modify).
- If eni_id=None and state=present, a new eni will be created.
- |
-
|
-
- force_detach
-
-
- boolean
-
- |
-
-
|
-
- Force detachment of the interface. This applies either when explicitly detaching the interface by setting instance_id=None or when deleting an interface with state=absent.
- |
-
|
-
- instance_id
-
-
- string
-
- |
- - | -
- Instance ID that you wish to attach ENI to.
- Since version 2.2, use the attached parameter to attach or detach an ENI. Prior to 2.2, to detach an ENI from an instance, use
- None. |
-
|
-
- name
-
-
- string
-
- |
- - | -
- Name for the ENI. This will create a tag called "Name" with the value assigned here.
- This can be used in conjunction with subnet_id as another means of identifiying a network interface.
- AWS does not enforce unique Name tags, so duplicate names are possible if you configure it that way. If that is the case, you will need to provide other identifying information such as private_ip_address or eni_id.
- |
-
|
-
- private_ip_address
-
-
- string
-
- |
- - | -
- Private IP address.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_secondary_private_ip_addresses
-
-
- boolean
-
- |
-
-
|
-
- To be used with secondary_private_ip_addresses to determine whether or not to remove any secondary IP addresses other than those specified.
- Set secondary_private_ip_addresses=[] to purge all secondary addresses.
- |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 1.3.0
- |
-
-
|
-
- Indicates whether to remove tags not specified in tags or name. This means you have to specify all the desired tags on each task affecting a network interface.
- If tags is omitted or None this option is disregarded.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- secondary_private_ip_address_count
-
-
- integer
-
- |
- - | -
- The number of secondary IP addresses to assign to the network interface. This option is mutually exclusive of secondary_private_ip_addresses
- |
-
|
-
- secondary_private_ip_addresses
-
-
- list
- / elements=string
-
- |
- - | -
- A list of IP addresses to assign as secondary IP addresses to the network interface. This option is mutually exclusive of secondary_private_ip_address_count
- |
-
|
-
- security_groups
-
-
- list
- / elements=string
-
- |
- - | -
- List of security groups associated with the interface. Only used when state=present.
- Since version 2.2, you can specify security groups by ID or by name or a combination of both. Prior to 2.2, you can specify only by ID.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- source_dest_check
-
-
- boolean
-
- |
-
-
|
-
- By default, interfaces perform source/destination checks. NAT instances however need this check to be disabled. You can only specify this flag when the interface is being modified, not on creation.
- |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or delete ENI.
- |
-
|
-
- subnet_id
-
-
- string
-
- |
- - | -
- ID of subnet in which to create the ENI.
- |
-
|
-
- tags
-
-
- dictionary
-
- added in 1.3.0
- |
- - | -
- A hash/dictionary of tags to add to the new ENI or to add/remove from an existing one. Please note that the name field sets the "Name" tag.
- To clear all tags, set this option to an empty dictionary to use in conjunction with purge_tags. If you provide name, that tag will not be removed.
- To prevent removing any tags set purge_tags to false.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html for possible filters. Filter names and values are case sensitive. You can also use underscores (_) instead of dashes (-) in the filter keys, which will take precedence in case of conflict.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- description
-
-
- string
-
- |
- - | -
- Description of the security group. Required when
- state is present. |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- group_id
-
-
- string
-
- |
- - | -
- Id of group to delete (works only with absent).
- One of and only one of name or group_id is required.
- |
- |
|
-
- name
-
-
- string
-
- |
- - | -
- Name of the security group.
- One of and only one of name or group_id is required.
- Required if state=present.
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- purge_rules
-
-
- boolean
-
- |
-
-
"true"
- |
-
- Purge existing rules on security group that are not found in rules.
- |
- |
|
-
- purge_rules_egress
-
-
- boolean
-
- |
-
-
"true"
- |
-
- Purge existing rules_egress on security group that are not found in rules_egress.
- |
- |
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- If yes, existing tags will be purged from the resource to match exactly what is defined by tags parameter. If the tags parameter is not set then tags will not be modified.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- rules
-
-
- list
- / elements=dictionary
-
- |
- - | -
- List of firewall inbound rules to enforce in this group (see example). If none are supplied, no inbound rules will be enabled. Rules list may include its own name in group_name. This allows idempotent loopback additions (e.g. allow group to access itself). Rule sources list support was added in version 2.4. This allows to define multiple sources per source type as well as multiple source types per rule. Prior to 2.4 an individual source is allowed. In version 2.5 support for rule descriptions was added.
- |
- |
| - |
-
- cidr_ip
-
-
- string
-
- |
- - | -
- The IPv4 CIDR range traffic is coming from.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- cidr_ipv6
-
-
- string
-
- |
- - | -
- The IPv6 CIDR range traffic is coming from.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- from_port
-
-
- integer
-
- |
- - | -
- The start of the range of ports that traffic is coming from.
- A value can be between
- 0 to 65535.A value of
- -1 indicates all ports (only supported when proto=icmp). |
-
| - |
-
- group_desc
-
-
- string
-
- |
- - | -
- If the group_name is set and the Security Group doesn't exist a new Security Group will be created with group_desc as the description.
- |
-
| - |
-
- group_id
-
-
- string
-
- |
- - | -
- The ID of the Security Group that traffic is coming from.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- group_name
-
-
- string
-
- |
- - | -
- Name of the Security Group that traffic is coming from.
- If the Security Group doesn't exist a new Security Group will be created with group_desc as the description.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- ip_prefix
-
-
- string
-
- |
- - | -
- The IP Prefix https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-prefix-lists.html that traffic is coming from.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- proto
-
-
- string
-
- |
- - | -
- The IP protocol name (
- tcp, udp, icmp, icmpv6) or number (https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) |
-
| - |
-
- rule_desc
-
-
- string
-
- |
- - | -
- A description for the rule.
- |
-
| - |
-
- to_port
-
-
- integer
-
- |
- - | -
- The end of the range of ports that traffic is coming from.
- A value can be between
- 0 to 65535.A value of
- -1 indicates all ports (only supported when proto=icmp). |
-
|
-
- rules_egress
-
-
- list
- / elements=dictionary
-
- |
- - | -
- List of firewall outbound rules to enforce in this group (see example). If none are supplied, a default all-out rule is assumed. If an empty list is supplied, no outbound rules will be enabled. Rule Egress sources list support was added in version 2.4. In version 2.5 support for rule descriptions was added.
- |
- |
| - |
-
- cidr_ip
-
-
- string
-
- |
- - | -
- The IPv4 CIDR range traffic is going to.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- cidr_ipv6
-
-
- string
-
- |
- - | -
- The IPv6 CIDR range traffic is going to.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- from_port
-
-
- integer
-
- |
- - | -
- The start of the range of ports that traffic is going to.
- A value can be between
- 0 to 65535.A value of
- -1 indicates all ports (only supported when proto=icmp). |
-
| - |
-
- group_desc
-
-
- string
-
- |
- - | -
- If the group_name is set and the Security Group doesn't exist a new Security Group will be created with group_desc as the description.
- |
-
| - |
-
- group_id
-
-
- string
-
- |
- - | -
- The ID of the Security Group that traffic is going to.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- group_name
-
-
- string
-
- |
- - | -
- Name of the Security Group that traffic is going to.
- If the Security Group doesn't exist a new Security Group will be created with group_desc as the description.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- ip_prefix
-
-
- string
-
- |
- - | -
- The IP Prefix https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-prefix-lists.html that traffic is going to.
- You can specify only one of cidr_ip, cidr_ipv6, ip_prefix, group_id and group_name.
- |
-
| - |
-
- proto
-
-
- string
-
- |
- - | -
- The IP protocol name (
- tcp, udp, icmp, icmpv6) or number (https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) |
-
| - |
-
- rule_desc
-
-
- string
-
- |
- - | -
- A description for the rule.
- |
-
| - |
-
- to_port
-
-
- integer
-
- |
- - | -
- The end of the range of ports that traffic is going to.
- A value can be between
- 0 to 65535.A value of
- -1 indicates all ports (only supported when proto=icmp). |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or delete a security group.
- |
- |
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of one or more tags to assign to the security group.
- aliases: resource_tags |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- vpc_id
-
-
- string
-
- |
- - | -
- ID of the VPC to create the group in.
- |
- |
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html for possible filters. Filter names and values are case sensitive.
- |
-
|
-
- instance_ids
-
-
- list
- / elements=string
-
- |
- - | -
- If you specify one or more instance IDs, only instances that have the specified IDs are returned.
- |
-
|
-
- minimum_uptime
-
-
- integer
-
- |
- - | -
- Minimum running uptime in minutes of instances. For example if uptime is
- 60 return all instances that have run more than 60 minutes.aliases: uptime |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- availability_zone
-
-
- string
-
- |
- - | -
- Specify an availability zone to use the default subnet it. Useful if not specifying the vpc_subnet_id parameter.
- If no subnet, ENI, or availability zone is provided, the default subnet in the default VPC will be used in the first AZ (alphabetically sorted).
- |
- |
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- count
-
-
- integer
-
- added in 2.2.0
- |
- - | -
- Number of instances to launch.
- Setting this value will result in always launching new instances.
- Mutually exclusive with exact_count.
- |
- |
|
-
- cpu_credit_specification
-
-
- string
-
- |
-
-
|
-
- For T series instances, choose whether to allow increased charges to buy CPU credits if the default pool is depleted.
- Choose unlimited to enable buying additional CPU credits.
- |
- |
|
-
- cpu_options
-
-
- dictionary
-
- |
- - | -
- Reduce the number of vCPU exposed to the instance.
- Those parameters can only be set at instance launch. The two suboptions threads_per_core and core_count are mandatory.
- See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html for combinations available.
- |
- |
| - |
-
- core_count
-
-
- integer
- / required
-
- |
- - | -
- Set the number of core to enable.
- |
-
| - |
-
- threads_per_core
-
-
- integer
- / required
-
- |
-
-
|
-
- Select the number of threads per core to enable. Disable or Enable Intel HT.
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- detailed_monitoring
-
-
- boolean
-
- |
-
-
|
-
- Whether to allow detailed cloudwatch metrics to be collected, enabling more detailed alerting.
- |
- |
|
-
- ebs_optimized
-
-
- boolean
-
- |
-
-
|
-
- Whether instance is should use optimized EBS volumes, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html.
- |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- exact_count
-
-
- integer
-
- added in 2.2.0
- |
- - | -
- An integer value which indicates how many instances that match the filters parameter should be running.
- Instances are either created or terminated based on this value.
- If termination takes place, least recently created instances will be terminated based on Launch Time.
- Mutually exclusive with count, instance_ids.
- |
- |
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply when deciding whether existing instances match and should be altered. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html. for possible filters. Filter names and values are case sensitive.
- By default, instances are filtered for counting by their "Name" tag, base AMI, state (running, by default), and subnet ID. Any queryable filter can be used. Good candidates are specific tags, SSH keys, or security groups.
- |
- |
|
-
- image
-
-
- dictionary
-
- |
- - | -
- An image to use for the instance. The amazon.aws.ec2_ami_info module may be used to retrieve images. One of image or image_id are required when instance is not already present.
- |
- |
| - |
-
- id
-
-
- string
-
- |
- - | -
- The AMI ID.
- |
-
| - |
-
- kernel
-
-
- -
-
- |
- - | -
- a string AKI to override the AMI kernel.
- |
-
| - |
-
- ramdisk
-
-
- string
-
- |
- - | -
- Overrides the AMI's default ramdisk ID.
- |
-
|
-
- image_id
-
-
- string
-
- |
- - | -
- ami ID to use for the instance. One of image or image_id are required when instance is not already present.
- This is an alias for image.id.
- |
- |
|
-
- instance_ids
-
-
- list
- / elements=string
-
- |
- - | -
- If you specify one or more instance IDs, only instances that have the specified IDs are returned.
- Mutually exclusive with exact_count.
- |
- |
|
-
- instance_initiated_shutdown_behavior
-
-
- string
-
- |
-
-
|
-
- Whether to stop or terminate an instance upon shutdown.
- |
- |
|
-
- instance_role
-
-
- string
-
- |
- - | -
- The ARN or name of an EC2-enabled instance role to be used. If a name is not provided in arn format then the ListInstanceProfiles permission must also be granted. https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html If no full ARN is provided, the role with a matching name will be used from the active AWS account.
- |
- |
|
-
- instance_type
-
-
- string
-
- |
- - | -
- Instance type to use for the instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html Only required when instance is not already present.
- If not specified, t2.micro will be used.
- |
- |
|
-
- key_name
-
-
- string
-
- |
- - | -
- Name of the SSH access key to assign to the instance - must exist in the region the instance is created.
- |
- |
|
-
- launch_template
-
-
- dictionary
-
- |
- - | -
- The EC2 launch template to base instance configuration on.
- |
- |
| - |
-
- id
-
-
- string
-
- |
- - | -
- the ID of the launch template (optional if name is specified).
- |
-
| - |
-
- name
-
-
- string
-
- |
- - | -
- the pretty name of the launch template (optional if id is specified).
- |
-
| - |
-
- version
-
-
- -
-
- |
- - | -
- the specific version of the launch template to use. If unspecified, the template default is chosen.
- |
-
|
-
- metadata_options
-
-
- dictionary
-
- added in 2.0.0
- |
- - | -
- Modify the metadata options for the instance.
- See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html for more information.
- The two suboptions http_endpoint and http_tokens are supported.
- |
- |
| - |
-
- http_endpoint
-
-
- string
-
- |
-
-
|
-
- Enables or disables the HTTP metadata endpoint on instances.
- If specified a value of disabled, metadata of the instance will not be accessible.
- |
-
| - |
-
- http_tokens
-
-
- string
-
- |
-
-
|
-
- Set the state of token usage for instance metadata requests.
- If the state is optional (v1 and v2), instance metadata can be retrieved with or without a signed token header on request.
- If the state is required (v2), a signed token header must be sent with any instance metadata retrieval requests.
- |
-
|
-
- name
-
-
- string
-
- |
- - | -
- The Name tag for the instance.
- |
- |
|
-
- network
-
-
- dictionary
-
- |
- - | -
- Either a dictionary containing the key 'interfaces' corresponding to a list of network interface IDs or containing specifications for a single network interface.
- Use the amazon.aws.ec2_eni module to create ENIs with special settings.
- |
- |
| - |
-
- assign_public_ip
-
-
- boolean
-
- |
-
-
|
-
- when true assigns a public IP address to the interface
- |
-
| - |
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- Delete the interface when the instance it is attached to is terminated.
- |
-
| - |
-
- description
-
-
- string
-
- |
- - | -
- a description for the network interface
- |
-
| - |
-
- device_index
-
-
- integer
-
- |
- - | -
- The index of the interface to modify
- |
-
| - |
-
- groups
-
-
- list
- / elements=string
-
- |
- - | -
- a list of security group IDs to attach to the interface
- |
-
| - |
-
- interfaces
-
-
- list
- / elements=string
-
- |
- - | -
- a list of ENI IDs (strings) or a list of objects containing the key id.
- |
-
| - |
-
- ipv6_addresses
-
-
- list
- / elements=string
-
- |
- - | -
- a list of IPv6 addresses to assign to the network interface
- |
-
| - |
-
- private_ip_address
-
-
- string
-
- |
- - | -
- an IPv4 address to assign to the interface
- |
-
| - |
-
- private_ip_addresses
-
-
- list
- / elements=string
-
- |
- - | -
- a list of IPv4 addresses to assign to the network interface
- |
-
| - |
-
- source_dest_check
-
-
- boolean
-
- |
-
-
|
-
- controls whether source/destination checking is enabled on the interface
- |
-
| - |
-
- subnet_id
-
-
- string
-
- |
- - | -
- the subnet to connect the network interface to
- |
-
|
-
- placement_group
-
-
- string
-
- |
- - | -
- The placement group that needs to be assigned to the instance
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Delete any tags not specified in the task that are on the instance. This means you have to specify all the desired tags on each task affecting an instance.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- security_group
-
-
- string
-
- |
- - | -
- A security group ID or name. Mutually exclusive with security_groups.
- |
- |
|
-
- security_groups
-
-
- list
- / elements=string
-
- |
- - | -
- A list of security group IDs or names (strings). Mutually exclusive with security_group.
- |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Goal state for the instances.
- state=present: ensures instances exist, but does not guarantee any state (e.g. running). Newly-launched instances will be run by EC2.
- state=running: state=present + ensures the instances are running
- state=started: state=running + waits for EC2 status checks to report OK if wait=true
- state=stopped: ensures an existing instance is stopped.
- state=rebooted: convenience alias for state=stopped immediately followed by state=running
- state=restarted: convenience alias for state=stopped immediately followed by state=started
- state=terminated: ensures an existing instance is terminated.
- state=absent: alias for state=terminated
- |
- |
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A hash/dictionary of tags to add to the new instance or to add/remove from an existing one.
- |
- |
|
-
- tenancy
-
-
- string
-
- |
-
-
|
-
- What type of tenancy to allow an instance to use. Default is shared tenancy. Dedicated tenancy will incur additional charges.
- |
- |
|
-
- termination_protection
-
-
- boolean
-
- |
-
-
|
-
- Whether to enable termination protection. This module will not terminate an instance with termination protection active, it must be turned off first.
- |
- |
|
-
- tower_callback
-
-
- dictionary
-
- |
- - | -
- Preconfigured user-data to enable an instance to perform a Tower callback (Linux only).
- Mutually exclusive with user_data.
- For Windows instances, to enable remote access via Ansible set tower_callback.windows to true, and optionally set an admin password.
- If using 'windows' and 'set_password', callback to Tower will not be performed but the instance will be ready to receive winrm connections from Ansible.
- |
- |
| - |
-
- host_config_key
-
-
- string
-
- |
- - | -
- Host configuration secret key generated by the Tower job template.
- |
-
| - |
-
- job_template_id
-
-
- string
-
- |
- - | -
- Either the integer ID of the Tower Job Template, or the name (name supported only for Tower 3.2+).
- |
-
| - |
-
- tower_address
-
-
- string
-
- |
- - | -
- IP address or DNS name of Tower server. Must be accessible via this address from the VPC that this instance will be launched in.
- |
-
|
-
- user_data
-
-
- string
-
- |
- - | -
- Opaque blob of data which is made available to the ec2 instance
- |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- volumes
-
-
- list
- / elements=dictionary
-
- |
- - | -
- A list of block device mappings, by default this will always use the AMI root device so the volumes option is primarily for adding more storage.
- A mapping contains the (optional) keys device_name, virtual_name, ebs.volume_type, ebs.volume_size, ebs.kms_key_id, ebs.iops, and ebs.delete_on_termination.
- Set ebs.throughput value requires botocore>=1.19.27.
- For more information about each parameter, see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html.
- |
- |
|
-
- vpc_subnet_id
-
-
- string
-
- |
- - | -
- The subnet ID in which to launch the instance (VPC) If none is provided, amazon.aws.ec2_instance will chose the default zone of the default VPC.
- aliases: subnet_id |
- |
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- Whether or not to wait for the desired state (use wait_timeout to customize this).
- |
- |
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 600
- |
-
- How long to wait (in seconds) for the instance to finish booting/terminating.
- |
- |
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- force
-
-
- boolean
-
- |
-
-
|
-
- Force overwrite of already existing key pair if key has changed.
- |
-
|
-
- key_material
-
-
- string
-
- |
- - | -
- Public key material.
- |
-
|
-
- key_type
-
-
- string
-
- added in 3.1.0
- |
-
-
|
-
- The type of key pair to create.
- Note that ED25519 keys are not supported for Windows instances, EC2 Instance Connect, and EC2 Serial Console.
- By default Amazon will create an RSA key.
- Mutually exclusive with parameter key_material.
- Requires at least botocore version 1.21.23.
- |
-
|
-
- name
-
-
- string
- / required
-
- |
- - | -
- Name of the key pair.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 2.1.0
- |
-
-
|
-
- Delete any tags not specified in tags.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- create or delete keypair
- |
-
|
-
- tags
-
-
- dictionary
-
- added in 2.1.0
- |
- - | -
- A dictionary of tags to set on the key pair.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- This option has no effect since version 2.5 and will be removed after 2022-06-01.
- |
-
|
-
- wait_timeout
-
-
- integer
-
- |
- - | -
- This option has no effect since version 2.5 and will be removed after 2022-06-01.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- assign_public_ip
-
-
- boolean
-
- |
-
-
|
-
- When provisioning within vpc, assign a public IP address. Boto library must be 2.13.0+.
- |
- |
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- count
-
-
- integer
-
- |
-
- Default: 1
- |
-
- Number of instances to launch.
- |
- |
|
-
- count_tag
-
-
- raw
-
- |
- - | -
- Used with exact_count to determine how many nodes based on a specific tag criteria should be running. This can be expressed in multiple ways and is shown in the EXAMPLES section. For instance, one can request 25 servers that are tagged with
- class=webserver. The specified tag must already exist or be passed in as the instance_tags option. |
- |
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- ebs_optimized
-
-
- boolean
-
- |
-
-
|
-
- Whether instance is using optimized EBS volumes, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html.
- |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- exact_count
-
-
- integer
-
- |
- - | -
- An integer value which indicates how many instances that match the 'count_tag' parameter should be running. Instances are either created or terminated based on this value.
- |
- |
|
-
- group
-
-
- list
- / elements=string
-
- |
- - | -
- Security group (or list of groups) to use with the instance.
- aliases: groups |
- |
|
-
- group_id
-
-
- list
- / elements=string
-
- |
- - | -
- Security group id (or list of ids) to use with the instance.
- |
- |
|
-
- id
-
-
- string
-
- |
- - | -
- Identifier for this instance or set of instances, so that the module will be idempotent with respect to EC2 instances.
- This identifier is valid for at least 24 hours after the termination of the instance, and should not be reused for another call later on.
- For details, see the description of client token at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html.
- |
- |
|
-
- image
-
-
- string
-
- |
- - | -
- ami ID to use for the instance.
- Required when state=present.
- |
- |
|
-
- instance_ids
-
-
- list
- / elements=string
-
- |
- - | -
- list of instance ids, currently used for states: absent, running, stopped
- aliases: instance_id |
- |
|
-
- instance_initiated_shutdown_behavior
-
-
- string
-
- |
-
-
|
-
- Set whether AWS will Stop or Terminate an instance on shutdown. This parameter is ignored when using instance-store. images (which require termination on shutdown).
- |
- |
|
-
- instance_profile_name
-
-
- string
-
- |
- - | -
- Name of the IAM instance profile (i.e. what the EC2 console refers to as an "IAM Role") to use. Boto library must be 2.5.0+.
- |
- |
|
-
- instance_tags
-
-
- dictionary
-
- |
- - | -
- A hash/dictionary of tags to add to the new instance or for instances to start/stop by tag. For example
- {"key":"value"} or {"key":"value","key2":"value2"}. |
- |
|
-
- instance_type
-
-
- string
-
- |
- - | -
- Instance type to use for the instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html.
- Required when creating a new instance.
- aliases: type |
- |
|
-
- kernel
-
-
- string
-
- |
- - | -
- Kernel eki to use for the instance.
- |
- |
|
-
- key_name
-
-
- string
-
- |
- - | -
- Key pair to use on the instance.
- The SSH key must already exist in AWS in order to use this argument.
- Keys can be created / deleted using the amazon.aws.ec2_key module.
- aliases: keypair |
- |
|
-
- monitoring
-
-
- boolean
-
- |
-
-
|
-
- Enable detailed monitoring (CloudWatch) for the instance.
- |
- |
|
-
- network_interfaces
-
-
- list
- / elements=string
-
- |
- - | -
- A list of existing network interfaces to attach to the instance at launch. When specifying existing network interfaces, none of the assign_public_ip, private_ip, vpc_subnet_id, group, or group_id parameters may be used. (Those parameters are for creating a new network interface at launch.)
- aliases: network_interface |
- |
|
-
- placement_group
-
-
- string
-
- |
- - | -
- Placement group for the instance when using EC2 Clustered Compute.
- |
- |
|
-
- private_ip
-
-
- string
-
- |
- - | -
- The private ip address to assign the instance (from the vpc subnet).
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- ramdisk
-
-
- string
-
- |
- - | -
- Ramdisk eri to use for the instance.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- source_dest_check
-
-
- boolean
-
- |
-
-
|
-
- Enable or Disable the Source/Destination checks (for NAT instances and Virtual Routers). When initially creating an instance the EC2 API defaults this to
- True. |
- |
|
-
- spot_launch_group
-
-
- string
-
- |
- - | -
- Launch group for spot requests, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-spot-instances-work.html#spot-launch-group.
- |
- |
|
-
- spot_price
-
-
- string
-
- |
- - | -
- Maximum spot price to bid. If not set, a regular on-demand instance is requested.
- A spot request is made with this maximum bid. When it is filled, the instance is started.
- |
- |
|
-
- spot_type
-
-
- string
-
- |
-
-
|
-
- The type of spot request.
- After being interrupted a
- persistent spot instance will be started once there is capacity to fill the request again. |
- |
|
-
- spot_wait_timeout
-
-
- integer
-
- |
-
- Default: 600
- |
-
- How long to wait for the spot instance request to be fulfilled. Affects 'Request valid until' for setting spot request lifespan.
- |
- |
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create, terminate, start, stop or restart instances.
- When state=absent, instance_ids is required.
- When state=running, state=stopped or state=restarted then either instance_ids or instance_tags is required.
- |
- |
|
-
- tenancy
-
-
- string
-
- |
-
-
|
-
- An instance with a tenancy of
- dedicated runs on single-tenant hardware and can only be launched into a VPC.Note that to use dedicated tenancy you MUST specify a vpc_subnet_id as well.
- Dedicated tenancy is not available for EC2 "micro" instances.
- |
- |
|
-
- termination_protection
-
-
- boolean
-
- |
-
-
|
-
- Enable or Disable the Termination Protection.
- Defaults to
- false. |
- |
|
-
- user_data
-
-
- string
-
- |
- - | -
- Opaque blob of data which is made available to the EC2 instance.
- |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- volumes
-
-
- list
- / elements=dictionary
-
- |
- - | -
- A list of hash/dictionaries of volumes to add to the new instance.
- |
- |
| - |
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- Whether the volume should be automatically deleted when the instance is terminated.
- |
-
| - |
-
- device_name
-
-
- string
- / required
-
- |
- - | -
- A name for the device (For example
- /dev/sda). |
-
| - |
-
- encrypted
-
-
- boolean
-
- |
-
-
|
-
- Whether the volume should be encrypted using the 'aws/ebs' KMS CMK.
- |
-
| - |
-
- ephemeral
-
-
- string
-
- |
- - | -
- Whether the volume should be ephemeral.
- Data on ephemeral volumes is lost when the instance is stopped.
- Mutually exclusive with the snapshot parameter.
- |
-
| - |
-
- iops
-
-
- integer
-
- |
- - | -
- The number of IOPS per second to provision for the volume.
- Required when volume_type=io1.
- |
-
| - |
-
- snapshot
-
-
- string
-
- |
- - | -
- The ID of an EBS snapshot to copy when creating the volume.
- Mutually exclusive with the ephemeral parameter.
- |
-
| - |
-
- volume_size
-
-
- integer
-
- |
- - | -
- The size of the volume (in GiB).
- |
-
| - |
-
- volume_type
-
-
- string
-
- |
- - | -
- The type of volume to create.
- See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for more information on the available volume types.
- |
-
|
-
- vpc_subnet_id
-
-
- string
-
- |
- - | -
- The subnet ID in which to launch the instance (VPC).
- |
- |
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- Wait for the instance to reach its desired state before returning.
- Does not wait for SSH, see the 'wait_for_connection' example for details.
- |
- |
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 300
- |
-
- How long before wait gives up, in seconds.
- |
- |
|
-
- zone
-
-
- string
-
- |
- - | -
- AWS availability zone in which to launch the instance.
- aliases: aws_zone, ec2_zone |
- |
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html for possible filters. Filter names and values are case sensitive.
- |
-
|
-
- max_results
-
-
- integer
-
- |
- - | -
- The maximum number of snapshot results returned in paginated output.
- When used only a single page along with a
- next_token_id response element will be returned.The remaining results of the initial request can be seen by sending another request with the returned
- next_token_id value.This value can be between 5 and 1000; if next_token_id is given a value larger than 1000, only 1000 results are returned.
- If this parameter is not used, then DescribeSnapshots returns all results.
- This parameter is mutually exclusive with snapshot_ids.
- |
-
|
-
- next_token_id
-
-
- string
-
- |
- - | -
- Contains the value returned from a previous paginated request where max_results was used and the results exceeded the value of that parameter.
- Pagination continues from the end of the previous results that returned the next_token_id value.
- This parameter is mutually exclusive with snapshot_ids
- |
-
|
-
- owner_ids
-
-
- list
- / elements=string
-
- |
-
- Default: []
- |
-
- If you specify one or more snapshot owners, only snapshots from the specified owners and for which you have access are returned.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- restorable_by_user_ids
-
-
- list
- / elements=string
-
- |
-
- Default: []
- |
-
- If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- snapshot_ids
-
-
- list
- / elements=string
-
- |
-
- Default: []
- |
-
- If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- description
-
-
- string
-
- |
- - | -
- Description to be applied to the snapshot.
- |
-
|
-
- device_name
-
-
- string
-
- |
- - | -
- Device name of a mounted volume to be snapshotted.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- instance_id
-
-
- string
-
- |
- - | -
- Instance that has the required volume to snapshot mounted.
- |
-
|
-
- last_snapshot_min_age
-
-
- integer
-
- |
-
- Default: 0
- |
-
- If the volume's most recent snapshot has started less than last_snapshot_min_age minutes ago, a new snapshot will not be created.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- snapshot_id
-
-
- string
-
- |
- - | -
- Snapshot id to remove.
- |
-
|
-
- snapshot_tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of tags to add to the snapshot.
- If the volume has a
- Name tag this will be automatically added to the snapshot. |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Whether to add or create a snapshot.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- volume_id
-
-
- string
-
- |
- - | -
- Volume from which to take the snapshot.
- |
-
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- Wait for the snapshot to be ready.
- |
-
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 600
- |
-
- How long before wait gives up, in seconds.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- A dict of filters to apply. Each dict item consists of a filter key and a filter value.
- Filter names and values are case sensitive.
- See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSpotInstanceRequests.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- spot_instance_request_ids
-
-
- list
- / elements=string
-
- |
- - | -
- One or more Spot Instance request IDs.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|||
|---|---|---|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |||
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |||
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |||
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |||
|
-
- client_token
-
-
- string
-
- |
- - | -
- The idempotency token you provided when you launched the instance, if applicable.
- |
- |||
|
-
- count
-
-
- integer
-
- |
-
- Default: 1
- |
-
- Number of instances to launch.
- |
- |||
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |||
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |||
|
-
- interruption
-
-
- string
-
- |
-
-
|
-
- The behavior when a Spot Instance is interrupted.
- |
- |||
|
-
- launch_group
-
-
- string
-
- |
- - | -
- Launch group for spot requests, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-spot-instances-work.html#spot-launch-group.
- |
- |||
|
-
- launch_specification
-
-
- dictionary
-
- |
- - | -
- The launch specification.
- |
- |||
| - |
-
- block_device_mappings
-
-
- list
- / elements=dictionary
-
- |
- - | -
- A list of hash/dictionaries of volumes to add to the new instance.
- |
- ||
| - | - |
-
- device_name
-
-
- string
-
- |
- - | -
- The device name (for example, /dev/sdh or xvdh ).
- |
- |
| - | - |
-
- ebs
-
-
- dictionary
-
- |
- - | -
- Parameters used to automatically set up EBS volumes when the instance is launched, see https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.request_spot_instances
- |
- |
| - | - |
-
- no_device
-
-
- string
-
- |
- - | -
- To omit the device from the block device mapping, specify an empty string.
- |
- |
| - | - |
-
- virtual_name
-
-
- string
-
- |
- - | -
- The virtual device name
- |
- |
| - |
-
- ebs_optimized
-
-
- boolean
-
- |
-
-
|
-
- Whether instance is using optimized EBS volumes, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html.
- |
- ||
| - |
-
- iam_instance_profile
-
-
- dictionary
-
- |
- - | -
- The IAM instance profile.
- |
- ||
| - | - |
-
- arn
-
-
- string
-
- |
- - | -
- The Amazon Resource Name (ARN) of the instance profile.
- Only one of arn or name may be specified.
- |
- |
| - | - |
-
- name
-
-
- string
-
- |
- - | -
- The name of the instance profile.
- Only one of arn or name may be specified.
- |
- |
| - |
-
- image_id
-
-
- string
-
- |
- - | -
- The ID of the AMI.
- |
- ||
| - |
-
- instance_type
-
-
- string
-
- |
- - | -
- Instance type to use for the instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html.
- Required when creating a new instance.
- |
- ||
| - |
-
- kernel_id
-
-
- string
-
- |
- - | -
- The ID of the kernel.
- |
- ||
| - |
-
- key_name
-
-
- string
-
- |
- - | -
- Key to use on the instance.
- The SSH key must already exist in AWS in order to use this argument.
- Keys can be created / deleted using the amazon.aws.ec2_key module.
- |
- ||
| - |
-
- monitoring
-
-
- dictionary
-
- |
- - | -
- Indicates whether basic or detailed monitoring is enabled for the instance.
- |
- ||
| - | - |
-
- enabled
-
-
- boolean
-
- |
-
-
|
-
- Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.
- |
- |
| - |
-
- network_interfaces
-
-
- list
- / elements=dictionary
-
- |
- - | -
- One or more network interfaces. If you specify a network interface, you must specify subnet IDs and security group IDs using the network interface.
- |
- ||
| - | - |
-
- associate_carrier_ip_address
-
-
- boolean
-
- |
-
-
|
-
- Indicates whether to assign a carrier IP address to the network interface.
- |
- |
| - | - |
-
- associate_public_ip_address
-
-
- boolean
-
- |
-
-
|
-
- Indicates whether to assign a public IPv4 address to an instance you launch in a VPC.
- |
- |
| - | - |
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- If set to true , the interface is deleted when the instance is terminated. You can specify true only if creating a new network interface when launching an instance.
- |
- |
| - | - |
-
- description
-
-
- string
-
- |
- - | -
- The description of the network interface. Applies only if creating a network interface when launching an instance.
- |
- |
| - | - |
-
- device_index
-
-
- integer
-
- |
- - | -
- The position of the network interface in the attachment order. A primary network interface has a device index of 0.
- If you specify a network interface when launching an instance, you must specify the device index.
- |
- |
| - | - |
-
- groups
-
-
- list
- / elements=string
-
- |
- - | -
- The IDs of the security groups for the network interface. Applies only if creating a network interface when launching an instance.
- |
- |
| - | - |
-
- interface_type
-
-
- string
-
- |
-
-
|
-
- The type of network interface.
- |
- |
| - | - |
-
- ipv4_prefix_count
-
-
- integer
-
- |
- - | -
- The number of IPv4 delegated prefixes to be automatically assigned to the network interface
- |
- |
| - | - |
-
- ipv4_prefixes
-
-
- list
- / elements=dictionary
-
- |
- - | -
- One or more IPv4 delegated prefixes to be assigned to the network interface.
- |
- |
| - | - |
-
- ipv6_address_count
-
-
- integer
-
- |
- - | -
- A number of IPv6 addresses to assign to the network interface
- |
- |
| - | - |
-
- ipv6_addresses
-
-
- list
- / elements=dictionary
-
- |
- - | -
- One or more IPv6 addresses to assign to the network interface.
- |
- |
| - | - | - |
-
- ipv6address
-
-
- string
-
- |
- - | -
- The IPv6 address.
- |
-
| - | - |
-
- ipv6_prefix_count
-
-
- integer
-
- |
- - | -
- The number of IPv6 delegated prefixes to be automatically assigned to the network interface
- |
- |
| - | - |
-
- ipv6_prefixes
-
-
- list
- / elements=dictionary
-
- |
- - | -
- One or more IPv6 delegated prefixes to be assigned to the network interface
- |
- |
| - | - |
-
- network_card_index
-
-
- integer
-
- |
- - | -
- The index of the network card.
- |
- |
| - | - |
-
- network_interface_id
-
-
- string
-
- |
- - | -
- The ID of the network interface.
- |
- |
| - | - |
-
- private_ip_address
-
-
- string
-
- |
- - | -
- The private IPv4 address of the network interface
- |
- |
| - | - |
-
- private_ip_addresses
-
-
- list
- / elements=dictionary
-
- |
- - | -
- One or more private IPv4 addresses to assign to the network interface
- |
- |
| - | - |
-
- secondary_private_ip_address_count
-
-
- integer
-
- |
- - | -
- The number of secondary private IPv4 addresses.
- |
- |
| - | - |
-
- subnet_id
-
-
- string
-
- |
- - | -
- The ID of the subnet associated with the network interface
- |
- |
| - |
-
- placement
-
-
- dictionary
-
- |
- - | -
- The placement information for the instance.
- |
- ||
| - | - |
-
- availability_zone
-
-
- string
-
- |
- - | -
- The Availability Zone.
- |
- |
| - | - |
-
- group_name
-
-
- string
-
- |
- - | -
- The name of the placement group.
- |
- |
| - | - |
-
- tenancy
-
-
- string
-
- |
-
-
|
-
- the tenancy of the host
- |
- |
| - |
-
- ramdisk_id
-
-
- string
-
- |
- - | -
- The ID of the RAM disk.
- |
- ||
| - |
-
- security_group_ids
-
-
- list
- / elements=string
-
- |
- - | -
- Security group id (or list of ids) to use with the instance.
- |
- ||
| - |
-
- security_groups
-
-
- list
- / elements=string
-
- |
- - | -
- Security group name (or list of group names) to use with the instance.
- Only supported with EC2 Classic. To launch in a VPC, use
- group_id |
- ||
| - |
-
- subnet_id
-
-
- string
-
- |
- - | -
- The ID of the subnet in which to launch the instance.
- |
- ||
| - |
-
- user_data
-
-
- string
-
- |
- - | -
- The base64-encoded user data for the instance. User data is limited to 16 KB.
- |
- ||
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |||
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |||
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |||
|
-
- spot_instance_request_ids
-
-
- list
- / elements=string
-
- |
-
- Default: []
- |
-
- List of strings with IDs of spot requests to be cancelled
- |
- |||
|
-
- spot_price
-
-
- string
-
- |
- - | -
- Maximum spot price to bid. If not set, a regular on-demand instance is requested.
- A spot request is made with this maximum bid. When it is filled, the instance is started.
- |
- |||
|
-
- spot_type
-
-
- string
-
- |
-
-
|
-
- The type of spot request.
- After being interrupted a
- persistent spot instance will be started once there is capacity to fill the request again. |
- |||
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Whether the spot request should be created or removed.
- When state=present, launch_specification is required.
- When state=absent, spot_instance_request_ids is required.
- |
- |||
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of key-value pairs for tagging the Spot Instance request on creation.
- |
- |||
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |||
|
-
- zone_group
-
-
- string
-
- |
- - | -
- Name for logical grouping of spot requests.
- All spot instances in the request are launched in the same availability zone.
- |
- |||
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- resource
-
-
- string
- / required
-
- |
- - | -
- The EC2 resource id (for example i-XXXXXX or vpc-XXXXXX).
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Key | -Returned | -Description | -
|---|---|---|
|
-
- tags
-
-
- dictionary
-
- |
- always | -
- A dict containing the tags on the resource
- - |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Whether unspecified tags should be removed from the resource.
- Note that when combined with state=absent, specified tags with non-matching values are not purged.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- resource
-
-
- string
- / required
-
- |
- - | -
- The EC2 resource id.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Whether the tags should be present or absent on the resource.
- The use of state=list to interrogate the tags of an instance has been deprecated and will be removed after 2022-06-01. The 'list' functionality has been moved to a dedicated module amazon.aws.ec2_tag_info.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of tags to add or remove from the resource.
- If the value provided for a key is not set and state=absent, the tag will be removed regardless of its current value.
- Required when state=present or state=absent.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value.
- See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- delete_on_termination
-
-
- boolean
-
- |
-
-
|
-
- When set to
- true, the volume will be deleted upon instance termination. |
-
|
-
- device_name
-
-
- string
-
- |
- - | -
- Device id to override device mapping. Assumes /dev/sdf for Linux/UNIX and /dev/xvdf for Windows.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- encrypted
-
-
- boolean
-
- |
-
-
|
-
- Enable encryption at rest for this volume.
- |
-
|
-
- id
-
-
- string
-
- |
- - | -
- Volume id if you wish to attach an existing volume (requires instance) or remove an existing volume
- |
-
|
-
- instance
-
-
- string
-
- |
- - | -
- Instance ID if you wish to attach the volume. Since 1.9 you can set to None to detach.
- |
-
|
-
- iops
-
-
- integer
-
- |
- - | -
- The provisioned IOPs you want to associate with this volume (integer).
- |
-
|
-
- kms_key_id
-
-
- string
-
- |
- - | -
- Specify the id of the KMS key to use.
- |
-
|
-
- modify_volume
-
-
- boolean
-
- added in 1.4.0
- |
-
-
|
-
- The volume won't be modified unless this key is
- true. |
-
|
-
- multi_attach
-
-
- boolean
-
- added in 2.0.0
- |
-
-
|
-
- If set to
- yes, Multi-Attach will be enabled when creating the volume.When you create a new volume, Multi-Attach is disabled by default.
- This parameter is supported with io1 and io2 volumes only.
- |
-
|
-
- name
-
-
- string
-
- |
- - | -
- Volume Name tag if you wish to attach an existing volume (requires instance)
- |
-
|
-
- outpost_arn
-
-
- string
-
- added in 3.1.0
- |
- - | -
- The Amazon Resource Name (ARN) of the Outpost.
- If set, allows to create volume in an Outpost.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 1.5.0
- |
-
-
|
-
- Whether to remove existing tags that aren't passed in the tags parameter
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- snapshot
-
-
- string
-
- |
- - | -
- Snapshot ID on which to base the volume.
- |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Whether to ensure the volume is present or absent.
- The use of state=list to interrogate the volume has been deprecated and will be removed after 2022-06-01. The 'list' functionality has been moved to a dedicated module amazon.aws.ec2_vol_info.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
-
- Default: {}
- |
-
- tag:value pairs to add to the volume after creation.
- |
-
|
-
- throughput
-
-
- integer
-
- added in 1.4.0
- |
- - | -
- Volume throughput in MB/s.
- This parameter is only valid for gp3 volumes.
- Valid range is from 125 to 1000.
- Requires at least botocore version 1.19.27.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- volume_size
-
-
- integer
-
- |
- - | -
- Size of volume (in GiB) to create.
- |
-
|
-
- volume_type
-
-
- string
-
- |
-
-
|
-
- Type of EBS volume; standard (magnetic), gp2 (SSD), gp3 (SSD), io1 (Provisioned IOPS), io2 (Provisioned IOPS), st1 (Throughput Optimized HDD), sc1 (Cold HDD). "Standard" is the old EBS default and continues to remain the Ansible default for backwards compatibility.
- |
-
|
-
- zone
-
-
- string
-
- |
- - | -
- Zone in which to create the volume, if unset uses the zone the instance is in (if set).
- aliases: availability_zone, aws_zone, ec2_zone |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- dhcp_options_ids
-
-
- list
- / elements=string
-
- |
- - | -
- Get details of specific DHCP Option IDs.
- aliases: DhcpOptionIds |
-
|
-
- dry_run
-
-
- boolean
-
- |
-
-
|
-
- Checks whether you have the required permissions to view the DHCP Options.
- aliases: DryRun |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- delete_old
-
-
- boolean
-
- |
-
-
|
-
- Whether to delete the old VPC DHCP option set when associating a new one. This is primarily useful for debugging/development purposes when you want to quickly roll back to the old option set. Note that this setting will be ignored, and the old DHCP option set will be preserved, if it is in use by any other VPC. (Otherwise, AWS will return an error.)
- |
-
|
-
- dhcp_options_id
-
-
- string
-
- |
- - | -
- The resource_id of an existing DHCP options set. If this is specified, then it will override other settings, except tags (which will be updated to match)
- |
-
|
-
- dns_servers
-
-
- list
- / elements=string
-
- |
- - | -
- A list of hosts to set the DNS servers for the VPC to. (Should be a list of IP addresses rather than host names.)
- |
-
|
-
- domain_name
-
-
- string
-
- |
- - | -
- The domain name to set in the DHCP option sets
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- inherit_existing
-
-
- boolean
-
- |
-
-
|
-
- For any DHCP options not specified in these parameters, whether to inherit them from the options set already applied to vpc_id, or to reset them to be empty.
- |
-
|
-
- netbios_name_servers
-
-
- list
- / elements=string
-
- |
- - | -
- List of hosts to advertise as NetBIOS servers.
- |
-
|
-
- netbios_node_type
-
-
- integer
-
- |
- - | -
- NetBIOS node type to advertise in the DHCP options. The AWS recommendation is to use 2 (when using netbios name services) https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
- |
-
|
-
- ntp_servers
-
-
- list
- / elements=string
-
- |
- - | -
- List of hosts to advertise as NTP servers for the VPC.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 2.0.0
- |
-
-
|
-
- Remove tags not listed in tags.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- create/assign or remove the DHCP options. If state is set to absent, then a DHCP options set matched either by id, or tags and options will be removed if possible.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- Tags to be applied to a VPC options set if a new one is created, or if the resource_id is provided. (options must match)
- aliases: resource_tags |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_id
-
-
- string
-
- |
- - | -
- VPC ID to associate with the requested DHCP option set. If no vpc id is provided, and no matching option set is found then a new DHCP option set is created.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- query
-
-
- string
-
- |
-
-
|
-
- Defaults to
- endpoints.Specifies the query action to take.
- query=endpoints returns information about AWS VPC endpoints.
- Retrieving information about services using query=services has been deprecated in favour of the amazon.aws.ec2_vpc_endpoint_service_info module.
- The query option has been deprecated and will be removed after 2022-12-01.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_endpoint_ids
-
-
- list
- / elements=string
-
- |
- - | -
- The IDs of specific endpoints to retrieve the details of.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- client_token
-
-
- string
-
- |
- - | -
- Optional client token to ensure idempotency
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- policy
-
-
- json
-
- |
- - | -
- A properly formatted json policy as string, see https://github.com/ansible/ansible/issues/7005#issuecomment-42894813. Cannot be used with policy_file.
- Option when creating an endpoint. If not provided AWS will utilise a default policy which provides full access to the service.
- |
-
|
-
- policy_file
-
-
- path
-
- |
- - | -
- The path to the properly json formatted policy file, see https://github.com/ansible/ansible/issues/7005#issuecomment-42894813 on how to use it properly. Cannot be used with policy.
- Option when creating an endpoint. If not provided AWS will utilise a default policy which provides full access to the service.
- This option has been deprecated and will be removed after 2022-12-01 to maintain the existing functionality please use the policy option and a file lookup.
- aliases: policy_path |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 1.5.0
- |
-
-
|
-
- Delete any tags not specified in the task that are on the instance. This means you have to specify all the desired tags on each task affecting an instance.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- route_table_ids
-
-
- list
- / elements=string
-
- |
- - | -
- List of one or more route table ids to attach to the endpoint. A route is added to the route table with the destination of the endpoint if provided.
- Route table ids are only valid for gateway type endpoints.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- service
-
-
- string
-
- |
- - | -
- An AWS supported vpc endpoint service. Use the amazon.aws.ec2_vpc_endpoint_info module to describe the supported endpoint services.
- Required when creating an endpoint.
- |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- present to ensure resource is created.
- absent to remove resource
- |
-
|
-
- tags
-
-
- dictionary
-
- added in 1.5.0
- |
- - | -
- A dict of tags to apply to the internet gateway.
- To remove all tags set tags={} and purge_tags=true.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_endpoint_id
-
-
- string
-
- |
- - | -
- One or more vpc endpoint ids to remove from the AWS account
- |
-
|
-
- vpc_endpoint_security_groups
-
-
- list
- / elements=string
-
- added in 2.1.0
- |
- - | -
- The list of security groups to attach to the endpoint.
- Requires vpc_endpoint_type=GatewayLoadBalancer or vpc_endpoint_type=Interface.
- |
-
|
-
- vpc_endpoint_subnets
-
-
- list
- / elements=string
-
- added in 2.1.0
- |
- - | -
- The list of subnets to attach to the endpoint.
- Requires vpc_endpoint_type=GatewayLoadBalancer or vpc_endpoint_type=Interface.
- |
-
|
-
- vpc_endpoint_type
-
-
- string
-
- added in 1.5.0
- |
-
-
|
-
- The type of endpoint.
- |
-
|
-
- vpc_id
-
-
- string
-
- |
- - | -
- Required when creating a VPC endpoint.
- |
-
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- When specified, will wait for either available status for state present. Unfortunately this is ignored for delete actions due to a difference in behaviour from AWS.
- |
-
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 320
- |
-
- Used in conjunction with wait. Number of seconds to wait for status. Unfortunately this is ignored for delete actions due to a difference in behaviour from AWS.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply.
- Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- service_names
-
-
- list
- / elements=string
-
- |
- - | -
- A list of service names which can be used to narrow the search results.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- convert_tags
-
-
- boolean
-
- added in 1.3.0
- |
-
-
|
-
- Convert tags from boto3 format (list of dictionaries) to the standard dictionary format.
- This currently defaults to
- False. The default will be changed to True after 2022-06-22. |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html for possible filters.
- |
-
|
-
- internet_gateway_ids
-
-
- list
- / elements=string
-
- |
- - | -
- Get details of specific Internet Gateway ID. Provide this value as a list.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 1.3.0
- |
-
-
|
-
- Remove tags not listed in tags.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or terminate the IGW
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dict of tags to apply to the internet gateway.
- To remove all tags set tags={} and purge_tags=true.
- aliases: resource_tags |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_id
-
-
- string
- / required
-
- |
- - | -
- The VPC ID for the VPC in which to manage the Internet Gateway.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html for possible filters.
- |
-
|
-
- nat_gateway_ids
-
-
- list
- / elements=string
-
- |
- - | -
- List of specific nat gateway IDs to fetch details for.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Key | -Returned | -Description | -||
|---|---|---|---|---|
|
-
- changed
-
-
- boolean
-
- |
- always | -
- True if listing the internet gateways succeeds
- - |
- ||
|
-
- result
-
-
- list
-
- |
- suceess | -
- The result of the describe, converted to ansible snake case style.
- See also http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_nat_gateways
- - |
- ||
| - |
-
- create_time
-
-
- string
-
- |
- always | -
- The date and time the NAT gateway was created
- - Sample:
- 2021-03-11T22:43:25+00:00
- |
- |
| - |
-
- delete_time
-
-
- string
-
- |
- when the NAT gateway has been deleted | -
- The date and time the NAT gateway was deleted
- - Sample:
- 2021-03-11T22:43:25+00:00
- |
- |
| - |
-
- nat_gateway_addresses
-
-
- dictionary
-
- |
- always | -
- List containing a dictionary with the IP addresses and network interface associated with the NAT gateway
- - |
- |
| - | - |
-
- allocation_id
-
-
- string
-
- |
- always | -
- The allocation ID of the Elastic IP address that's associated with the NAT gateway
- - Sample:
- eipalloc-0853e66a40803da76
- |
-
| - | - |
-
- network_interface_id
-
-
- string
-
- |
- always | -
- The ID of the network interface associated with the NAT gateway
- - Sample:
- eni-0a37acdbe306c661c
- |
-
| - | - |
-
- private_ip
-
-
- string
-
- |
- always | -
- The private IP address associated with the Elastic IP address
- - Sample:
- 10.0.238.227
- |
-
| - | - |
-
- public_ip
-
-
- string
-
- |
- always | -
- The Elastic IP address associated with the NAT gateway
- - Sample:
- 34.204.123.52
- |
-
| - |
-
- nat_gateway_id
-
-
- string
-
- |
- always | -
- The ID of the NAT gateway
- - Sample:
- nat-0c242a2397acf6173
- |
- |
| - |
-
- state
-
-
- string
-
- |
- always | -
- state of the NAT gateway
- - Sample:
- available
- |
- |
| - |
-
- subnet_id
-
-
- string
-
- |
- always | -
- The ID of the subnet in which the NAT gateway is located
- - Sample:
- subnet-098c447465d4344f9
- |
- |
| - |
-
- tags
-
-
- dictionary
-
- |
- always | -
- Tags applied to the NAT gateway
- - Sample:
- {'Tag1': 'tag1', 'Tag_2': 'tag_2'}
- |
- |
| - |
-
- vpc_id
-
-
- string
-
- |
- always | -
- The ID of the VPC in which the NAT gateway is located
- - Sample:
- vpc-02f37f48438ab7d4c
- |
- |
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- allocation_id
-
-
- string
-
- |
- - | -
- The id of the elastic IP allocation. If this is not passed and the eip_address is not passed. An EIP is generated for this NAT Gateway.
- |
-
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- client_token
-
-
- string
-
- |
- - | -
- Optional unique token to be used during create to ensure idempotency. When specifying this option, ensure you specify the eip_address parameter as well otherwise any subsequent runs will fail.
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- eip_address
-
-
- string
-
- |
- - | -
- The elastic IP address of the EIP you want attached to this NAT Gateway. If this is not passed and the allocation_id is not passed, an EIP is generated for this NAT Gateway.
- |
-
|
-
- if_exist_do_not_create
-
-
- boolean
-
- |
-
-
|
-
- if a NAT Gateway exists already in the subnet_id, then do not create a new one.
- |
-
|
-
- nat_gateway_id
-
-
- string
-
- |
- - | -
- The id AWS dynamically allocates to the NAT Gateway on creation. This is required when the absent option is present.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- added in 1.4.0
- |
-
-
|
-
- Remove tags not listed in tags.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- release_eip
-
-
- boolean
-
- |
-
-
|
-
- Deallocate the EIP from the VPC.
- Option is only valid with the absent state.
- You should use this with the wait option. Since you can not release an address while a delete operation is happening.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Ensure NAT Gateway is present or absent.
- |
-
|
-
- subnet_id
-
-
- string
-
- |
- - | -
- The id of the subnet to create the NAT Gateway in. This is required with the present option.
- |
-
|
-
- tags
-
-
- dictionary
-
- added in 1.4.0
- |
- - | -
- A dict of tags to apply to the NAT gateway.
- To remove all tags set tags={} and purge_tags=true.
- aliases: resource_tags |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- Wait for operation to complete before returning.
- |
-
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 320
- |
-
- How many seconds to wait for an operation to complete before timing out.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_ids
-
-
- list
- / elements=string
-
- |
- - | -
- A list of VPC IDs that exist in your account.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- cidr_block
-
-
- list
- / elements=string
- / required
-
- |
- - | -
- The primary CIDR of the VPC. After 2.5 a list of CIDRs can be provided. The first in the list will be used as the primary CIDR and is used in conjunction with the
- name to ensure idempotence. |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- dhcp_opts_id
-
-
- string
-
- |
- - | -
- The id of the DHCP options to use for this VPC.
- |
-
|
-
- dns_hostnames
-
-
- boolean
-
- |
-
-
|
-
- Whether to enable AWS hostname support.
- |
-
|
-
- dns_support
-
-
- boolean
-
- |
-
-
|
-
- Whether to enable AWS DNS support.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- ipv6_cidr
-
-
- boolean
-
- |
-
-
|
-
- Request an Amazon-provided IPv6 CIDR block with /56 prefix length. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.
- Default value is
- false when creating a new VPC. |
-
|
-
- multi_ok
-
-
- boolean
-
- |
-
-
|
-
- By default the module will not create another VPC if there is another VPC with the same name and CIDR block. Specify this as true if you want duplicate VPCs created.
- |
-
|
-
- name
-
-
- string
- / required
-
- |
- - | -
- The name to give your VPC. This is used in combination with
- cidr_block to determine if a VPC already exists. |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_cidrs
-
-
- boolean
-
- |
-
-
|
-
- Remove CIDRs that are associated with the VPC and are not specified in
- cidr_block. |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- The state of the VPC. Either absent or present.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- The tags you want attached to the VPC. This is independent of the name value, note if you pass a 'Name' key it would override the Name of the VPC if it's different.
- aliases: resource_tags |
-
|
-
- tenancy
-
-
- string
-
- |
-
-
|
-
- Whether to be default or dedicated tenancy. This cannot be changed after the VPC has been created.
- |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- gateway_id
-
-
- string
-
- added in 3.2.0
- |
- - | -
- The ID of the gateway to associate with the route table.
- If gateway_id is
- 'None' or '', gateway will be disassociated with the route table. |
-
|
-
- lookup
-
-
- string
-
- |
-
-
|
-
- Look up route table by either tags or by route table ID. Non-unique tag lookup will fail. If no tags are specified then no lookup for an existing route table is performed and a new route table will be created. To change tags of a route table you must look up by id.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- propagating_vgw_ids
-
-
- list
- / elements=string
-
- |
- - | -
- Enable route propagation from virtual gateways specified by ID.
- |
-
|
-
- purge_routes
-
-
- boolean
-
- |
-
-
|
-
- Purge existing routes that are not found in routes.
- |
-
|
-
- purge_subnets
-
-
- boolean
-
- |
-
-
|
-
- Purge existing subnets that are not found in subnets. Ignored unless the subnets option is supplied.
- |
-
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Purge existing tags that are not found in route table.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- route_table_id
-
-
- string
-
- |
- - | -
- The ID of the route table to update or delete.
- Required when lookup=id.
- |
-
|
-
- routes
-
-
- list
- / elements=dictionary
-
- |
- - | -
- List of routes in the route table.
- Routes are specified as dicts containing the keys
- dest and one of gateway_id, instance_id, network_interface_id, or vpc_peering_connection_id.The value of
- dest is used for the destination match. It may be a IPv4 CIDR block or a IPv6 CIDR block.If gateway_id is specified, you can refer to the VPC's IGW by using the value
- igw.Routes are required for present states.
- |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or destroy the VPC route table.
- |
-
|
-
- subnets
-
-
- list
- / elements=string
-
- |
- - | -
- An array of subnets to add to this route table. Subnets may be specified by either subnet ID, Name tag, or by a CIDR such as '10.0.0.0/24' or 'fd00::/8'.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of resource tags of the form:
- { tag1: value1, tag2: value2 }. Tags are used to uniquely identify route tables within a VPC when the route_table_id is not supplied.aliases: resource_tags |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_id
-
-
- string
-
- |
- - | -
- VPC ID of the VPC in which to create the route table.
- Required when state=present or lookup=tag.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- filters
-
-
- dictionary
-
- |
- - | -
- A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html for possible filters.
- |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- subnet_ids
-
-
- list
- / elements=string
-
- |
- - | -
- A list of subnet IDs to gather information for.
- aliases: subnet_id |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
| Parameter | -Choices/Defaults | -Comments | -
|---|---|---|
|
-
- assign_instances_ipv6
-
-
- boolean
-
- |
-
-
|
-
- Specify
- yes to indicate that instances launched into the subnet should be automatically assigned an IPv6 address. |
-
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
-
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
-
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
-
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
-
|
-
- az
-
-
- string
-
- |
- - | -
- The availability zone for the subnet.
- |
-
|
-
- cidr
-
-
- string
- / required
-
- |
- - | -
- The CIDR block for the subnet. E.g. 192.0.2.0/24.
- |
-
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
-
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
-
|
-
- ipv6_cidr
-
-
- string
-
- |
- - | -
- The IPv6 CIDR block for the subnet. The VPC must have a /56 block assigned and this value must be a valid IPv6 /64 that falls in the VPC range.
- Required if assign_instances_ipv6=true
- |
-
|
-
- map_public
-
-
- boolean
-
- |
-
-
|
-
- Specify
- yes to indicate that instances launched into the subnet should be assigned public IP address by default. |
-
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
-
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Whether or not to remove tags that do not appear in the tags list.
- |
-
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
-
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
-
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or remove the subnet.
- |
-
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dict of tags to apply to the subnet. Any tags currently applied to the subnet and not present here will be removed.
- aliases: resource_tags |
-
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
-
|
-
- vpc_id
-
-
- string
- / required
-
- |
- - | -
- VPC ID of the VPC in which to create or delete the subnet.
- |
-
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- When wait=true and state=present, module will wait for subnet to be in available state before continuing.
- |
-
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 300
- |
-
- Number of seconds to wait for subnet to become available wait=True.
- |
-
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- access_logs
-
-
- dictionary
-
- |
- - | -
- A dictionary of access logs configuration settings (see examples).
- |
- |
| - |
-
- enabled
-
-
- boolean
-
- |
-
-
|
-
- When set to
- True will configure delivery of access logs to an S3 bucket.When set to
- False will disable delivery of access logs. |
-
| - |
-
- interval
-
-
- integer
-
- |
-
-
|
-
- The interval for publishing the access logs to S3.
- |
-
| - |
-
- s3_location
-
-
- string
-
- |
- - | -
- The S3 bucket to deliver access logs to.
- See https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html for more information about the necessary S3 bucket policies.
- Required when enabled=True.
- |
-
| - |
-
- s3_prefix
-
-
- string
-
- |
-
- Default: ""
- |
-
- Where in the S3 bucket to deliver the logs.
- If the prefix is not provided or set to
- "", the log is placed at the root level of the bucket. |
-
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- connection_draining_timeout
-
-
- integer
-
- |
- - | -
- Wait a specified timeout allowing connections to drain before terminating an instance.
- Set to
- 0 to disable connection draining. |
- |
|
-
- cross_az_load_balancing
-
-
- boolean
-
- |
-
-
|
-
- Distribute load across all configured Availability Zones.
- Defaults to
- false. |
- |
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- health_check
-
-
- dictionary
-
- |
- - | -
- A dictionary of health check configuration settings (see examples).
- |
- |
| - |
-
- healthy_threshold
-
-
- integer
- / required
-
- |
- - | -
- The number of consecutive health checks successes required before moving the instance to the Healthy state.
- |
-
| - |
-
- interval
-
-
- integer
- / required
-
- |
- - | -
- The approximate interval, in seconds, between health checks of an individual instance.
- |
-
| - |
-
- ping_path
-
-
- string
-
- |
- - | -
- The URI path which the ELB health check will query when performing a health check.
- Required when ping_protocol=HTTP or ping_protocol=HTTPS.
- |
-
| - |
-
- ping_port
-
-
- integer
- / required
-
- |
- - | -
- The TCP port to which the ELB will connect when performing a health check.
- |
-
| - |
-
- ping_protocol
-
-
- string
- / required
-
- |
- - | -
- The protocol which the ELB health check will use when performing a health check.
- Valid values are
- 'HTTP', 'HTTPS', 'TCP' and 'SSL'. |
-
| - |
-
- timeout
-
-
- integer
- / required
-
- |
- - | -
- The amount of time, in seconds, after which no response means a failed health check.
- aliases: response_timeout |
-
| - |
-
- unhealthy_threshold
-
-
- integer
- / required
-
- |
- - | -
- The number of consecutive health check failures required before moving the instance to the Unhealthy state.
- |
-
|
-
- idle_timeout
-
-
- integer
-
- |
- - | -
- ELB connections from clients and to servers are timed out after this amount of time.
- |
- |
|
-
- instance_ids
-
-
- list
- / elements=string
-
- |
- - | -
- List of instance ids to attach to this ELB.
- |
- |
|
-
- listeners
-
-
- list
- / elements=dictionary
-
- |
- - | -
- List of ports/protocols for this ELB to listen on (see examples).
- Required when state=present and the ELB doesn't exist.
- |
- |
| - |
-
- instance_port
-
-
- integer
- / required
-
- |
- - | -
- The port on which the instance is listening.
- |
-
| - |
-
- instance_protocol
-
-
- string
-
- |
- - | -
- The protocol to use for routing traffic to instances.
- Valid values are
- HTTP, HTTPS, TCP, or SSL, |
-
| - |
-
- load_balancer_port
-
-
- integer
- / required
-
- |
- - | -
- The port on which the load balancer will listen.
- |
-
| - |
-
- protocol
-
-
- string
- / required
-
- |
- - | -
- The transport protocol to use for routing.
- Valid values are
- HTTP, HTTPS, TCP, or SSL. |
-
| - |
-
- proxy_protocol
-
-
- boolean
-
- |
-
-
|
-
- Enable proxy protocol for the listener.
- Beware, ELB controls for the proxy protocol are based on the instance_port. If you have multiple listeners talking to the same instance_port, this will affect all of them.
- |
-
| - |
-
- ssl_certificate_id
-
-
- string
-
- |
- - | -
- The Amazon Resource Name (ARN) of the SSL certificate.
- |
-
|
-
- name
-
-
- string
- / required
-
- |
- - | -
- The name of the ELB.
- The name of an ELB must be less than 32 characters and unique per-region per-account.
- |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- purge_instance_ids
-
-
- boolean
-
- |
-
-
|
-
- Purge existing instance ids on ELB that are not found in instance_ids.
- |
- |
|
-
- purge_listeners
-
-
- boolean
-
- |
-
-
|
-
- Purge existing listeners on ELB that are not found in listeners.
- |
- |
|
-
- purge_subnets
-
-
- boolean
-
- |
-
-
|
-
- Purge existing subnets on the ELB that are not found in subnets.
- Because it is not permitted to add multiple subnets from the same availability zone, subnets to be purged will be removed before new subnets are added. This may cause a brief outage if you try to replace all subnets at once.
- |
- |
|
-
- purge_tags
-
-
- boolean
-
- added in 2.1.0
- |
-
-
|
-
- Whether to remove existing tags that aren't passed in the tags parameter.
- |
- |
|
-
- purge_zones
-
-
- boolean
-
- |
-
-
|
-
- Purge existing availability zones on ELB that are not found in zones.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- scheme
-
-
- string
-
- |
-
-
|
-
- The scheme to use when creating the ELB.
- For a private VPC-visible ELB use
- internal.If you choose to update your scheme with a different value the ELB will be destroyed and a new ELB created.
- Defaults to scheme=internet-facing.
- |
- |
|
-
- security_group_ids
-
-
- list
- / elements=string
-
- |
- - | -
- A list of security groups to apply to the ELB.
- |
- |
|
-
- security_group_names
-
-
- list
- / elements=string
-
- |
- - | -
- A list of security group names to apply to the ELB.
- |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- state
-
-
- string
- / required
-
- |
-
-
|
-
- Create or destroy the ELB.
- |
- |
|
-
- stickiness
-
-
- dictionary
-
- |
- - | -
- A dictionary of stickiness policy settings.
- Policy will be applied to all listeners (see examples).
- |
- |
| - |
-
- cookie
-
-
- string
-
- |
- - | -
- The name of the application cookie used for stickiness.
- Required if enabled=true and type=application.
- Ignored if enabled=false.
- |
-
| - |
-
- enabled
-
-
- boolean
-
- |
-
-
|
-
- When enabled=false session stickiness will be disabled for all listeners.
- |
-
| - |
-
- expiration
-
-
- integer
-
- |
- - | -
- The time period, in seconds, after which the cookie should be considered stale.
- If this parameter is not specified, the stickiness session lasts for the duration of the browser session.
- Ignored if enabled=false.
- |
-
| - |
-
- type
-
-
- string
-
- |
-
-
|
-
- The type of stickiness policy to apply.
- Required if enabled=true.
- Ignored if enabled=false.
- |
-
|
-
- subnets
-
-
- list
- / elements=string
-
- |
- - | -
- A list of VPC subnets to use when creating the ELB.
- Mutually exclusive with zones.
- |
- |
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- A dictionary of tags to apply to the ELB.
- To delete all tags supply an empty dict (
- {}) and set purge_tags=true. |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- wait
-
-
- boolean
-
- |
-
-
|
-
- When creating, deleting, or adding instances to an ELB, if wait=true Ansible will wait for both the load balancer and related network interfaces to finish creating/deleting.
- Support for waiting when adding instances was added in release 2.1.0.
- |
- |
|
-
- wait_timeout
-
-
- integer
-
- |
-
- Default: 180
- |
-
- Used in conjunction with wait. Number of seconds to wait for the ELB to be terminated.
- A maximum of 600 seconds (10 minutes) is allowed.
- |
- |
|
-
- zones
-
-
- list
- / elements=string
-
- |
- - | -
- List of availability zones to enable on this ELB.
- Mutually exclusive with subnets.
- |
- |
| Parameter | -Choices/Defaults | -Comments | -|
|---|---|---|---|
|
-
- acl
-
-
- string
-
- added in 3.1.0
- |
-
-
|
-
- The canned ACL to apply to the bucket.
- If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
- |
- |
|
-
- aws_access_key
-
-
- string
-
- |
- - | -
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_access_key, access_key |
- |
|
-
- aws_ca_bundle
-
-
- path
-
- |
- - | -
- The location of a CA Bundle to use when validating SSL certificates.
- Not used by boto 2 based modules.
- Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
- |
- |
|
-
- aws_config
-
-
- dictionary
-
- |
- - | -
- A dictionary to modify the botocore configuration.
- Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
- Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
- |
- |
|
-
- aws_secret_key
-
-
- string
-
- |
- - | -
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.If profile is set this parameter is ignored.
- Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- aliases: ec2_secret_key, secret_key |
- |
|
-
- ceph
-
-
- boolean
-
- |
-
-
|
-
- Enable API compatibility with Ceph. It takes into account the S3 API subset working with Ceph in order to provide the same module behaviour where possible.
- |
- |
|
-
- debug_botocore_endpoint_logs
-
-
- boolean
-
- |
-
-
|
-
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
- |
- |
|
-
- delete_object_ownership
-
-
- boolean
-
- added in 2.0.0
- |
-
-
|
-
- Delete bucket's ownership controls.
- This option cannot be used together with a object_ownership definition.
- |
- |
|
-
- delete_public_access
-
-
- boolean
-
- added in 1.3.0
- |
-
-
|
-
- Delete public access block configuration from bucket.
- This option cannot be used together with a public_access definition.
- |
- |
|
-
- ec2_url
-
-
- string
-
- |
- - | -
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
- aliases: aws_endpoint_url, endpoint_url |
- |
|
-
- encryption
-
-
- string
-
- |
-
-
|
-
- Describes the default server-side encryption to apply to new objects in the bucket. In order to remove the server-side encryption, the encryption needs to be set to 'none' explicitly.
- |
- |
|
-
- encryption_key_id
-
-
- string
-
- |
- - | -
- KMS master key ID to use for the default encryption. This parameter is allowed if encryption is
- aws:kms. If not specified then it will default to the AWS provided KMS key. |
- |
|
-
- force
-
-
- boolean
-
- |
-
-
|
-
- When trying to delete a bucket, delete all keys (including versions and delete markers) in the bucket first (an S3 bucket must be empty for a successful deletion).
- |
- |
|
-
- name
-
-
- string
- / required
-
- |
- - | -
- Name of the S3 bucket.
- |
- |
|
-
- object_ownership
-
-
- string
-
- added in 2.0.0
- |
-
-
|
-
- Allow bucket's ownership controls.
- BucketOwnerEnforced - ACLs are disabled and no longer affect access permissions to your bucket. Requests to set or update ACLs fail. However, requests to read ACLs are supported. Bucket owner has full ownership and control. Object writer no longer has full ownership and control.BucketOwnerPreferred - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL.ObjectWriter - The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.This option cannot be used together with a delete_object_ownership definition.
- BucketOwnerEnforced has been added in version 3.2.0. |
- |
|
-
- policy
-
-
- json
-
- |
- - | -
- The JSON policy as a string. Set to the string
- "null" to force the absence of a policy. |
- |
|
-
- profile
-
-
- string
-
- |
- - | -
- Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
- aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
- aliases: aws_profile |
- |
|
-
- public_access
-
-
- dictionary
-
- added in 1.3.0
- |
- - | -
- Configure public access block for S3 bucket.
- This option cannot be used together with delete_public_access.
- |
- |
| - |
-
- block_public_acls
-
-
- boolean
-
- |
-
-
|
-
- Sets BlockPublicAcls value.
- |
-
| - |
-
- block_public_policy
-
-
- boolean
-
- |
-
-
|
-
- Sets BlockPublicPolicy value.
- |
-
| - |
-
- ignore_public_acls
-
-
- boolean
-
- |
-
-
|
-
- Sets IgnorePublicAcls value.
- |
-
| - |
-
- restrict_public_buckets
-
-
- boolean
-
- |
-
-
|
-
- Sets RestrictPublicAcls value.
- |
-
|
-
- purge_tags
-
-
- boolean
-
- |
-
-
|
-
- Whether to remove tags that aren't present in the tags parameter.
- |
- |
|
-
- region
-
-
- string
-
- |
- - | -
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
- aliases: aws_region, ec2_region |
- |
|
-
- requester_pays
-
-
- boolean
-
- |
-
-
|
-
- With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the request and the data download from the bucket.
- |
- |
|
-
- s3_url
-
-
- string
-
- |
- - | -
- S3 URL endpoint for usage with DigitalOcean, Ceph, Eucalyptus and FakeS3 etc.
- Assumes AWS if not specified.
- For Walrus, use FQDN of the endpoint without scheme nor path.
- aliases: S3_URL |
- |
|
-
- security_token
-
-
- string
-
- |
- - | -
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.If profile is set this parameter is ignored.
- Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
- Aliases aws_session_token and session_token have been added in version 3.2.0.
- aliases: aws_session_token, session_token, aws_security_token, access_token |
- |
|
-
- state
-
-
- string
-
- |
-
-
|
-
- Create or remove the S3 bucket.
- |
- |
|
-
- tags
-
-
- dictionary
-
- |
- - | -
- Tags dict to apply to bucket.
- |
- |
|
-
- validate_bucket_name
-
-
- boolean
-
- added in 3.1.0
- |
-
-
|
-
- Whether the bucket name should be validated to conform to AWS S3 naming rules.
- On by default, this may be disabled for S3 backends that do not enforce these rules.
- See https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
- |
- |
|
-
- validate_certs
-
-
- boolean
-
- |
-
-
|
-
- When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
- |
- |
|
-
- versioning
-
-
- boolean
-
- |
-
-
|
-
- Whether versioning is enabled or disabled (note that once versioning is enabled, it can only be suspended).
- |
- |