From 65a6e592d1fc371063613bdbd0d9ec81cadb490a Mon Sep 17 00:00:00 2001 From: jillr Date: Tue, 27 Apr 2021 22:22:29 +0000 Subject: [PATCH] Prepare 1.5.0 release Run add_docs, generate changelog, and update galaxy.yml for 1.5.0 collection release --- CHANGELOG.rst | 131 ++ README.md | 13 +- changelogs/changelog.yaml | 246 +++ changelogs/fragments/162-vgw-retries.yml | 3 - .../fragments/23-kinesis_stream-changed.yml | 5 - .../230-ec2_launch_template-None-types.yml | 2 - ...-fully-support-mixed-instances-policy.yaml | 2 - .../233-info-about-asg-lifecycle-hooks.yaml | 2 - .../260-extending-s3_bucket_info-module.yml | 3 - ...do-not-mark-as-changed-no-enc-actions.yaml | 2 - .../fragments/278-aws_ssm-profile-support.yml | 2 - ...functions_state_machine-ARN-not-change.yml | 2 - .../305-aws-ssm-parameter-tier-option.yml | 2 - ...2_launch_template-add-metadata_options.yml | 2 - .../346-ec2_vpc_endpoint_service_info.yml | 6 - .../353-add_platform_to_ecs_service.yml | 2 - .../355-ec2_vpc_peer_improvements.yml | 2 - .../fragments/359-fix-ec2_vpc_route_table.yml | 2 - .../fragments/369-iam-return-values.yml | 2 - .../370_add_attributes_glue_module.yaml | 3 - .../371-ec2_launch_template-profile-arn.yml | 2 - .../389-sqs-queue-UnboundLocalError.yml | 2 - .../fragments/395_add_assign_public_ip.yaml | 3 - changelogs/fragments/396-lambda_alias.yml | 4 - .../fragments/398-ec2-vpc-nacl-add-ipv6.yaml | 2 - ...406-elb_classic_info-return-empty-list.yml | 2 - .../fragments/406-route53-state-get.yml | 2 - .../fragments/410-elasticache-fixes.yml | 5 - ...nstance-tags-on-creation-from-snapshot.yml | 2 - .../419-iam_saml_federation-results.yml | 2 - .../421-ec2_vpc_egress_igw-retry.yml | 2 - .../fragments/422-aws_region_info-retry.yml | 2 - .../427-ec2_vpc_nat_gateway-stability.yml | 3 - .../442-ec2_vpc_route_table-stability.yml | 4 - .../445-ec2_vpc_nat_gateway-cleanup.yml | 5 - ...446-ec2_vpc_nat_gateway_info_stability.yml | 2 - changelogs/fragments/447-s3_logging-boto3.yml | 3 - .../fragments/448-s3_lifecycle-stability.yml | 4 - ...pic_fix_sms_endpoint_canonicalization.yaml | 2 - .../460-add-support-for-vpc-endpoint-type.yml | 2 - .../470-ec2_metric_alarm-unit-optional.yml | 3 - changelogs/fragments/471-no_log.yml | 2 - ...472-ec2_vpc_nat_gateway_info-stability.yml | 5 - .../473-ec2_vpc_endpoint_stabilization.yml | 4 - changelogs/fragments/475-no_log-missing.yml | 4 - ...x_key_error_when_instance_has_no_tags.yaml | 2 - .../fragments/493-ec2_asg_tg_updates.yaml | 2 - .../497-s3_sync-add-storage_class.yaml | 2 - .../500-rds_instance-purge-sg-option.yml | 2 - .../fragments/501-vpc_peering_connections.yml | 5 - changelogs/fragments/502-route53-aliases.yml | 2 - ...3-aws_glue_connection-types-check-mode.yml | 3 - .../505-ec2_instance-terminate_protection.yml | 2 - ...ways_reporting_changed_with_kms_alias.yaml | 3 - .../510-fix-route53-private-zone-vpc.yaml | 3 - .../fragments/515-rds_snapshot-aws-group.yml | 2 - .../521-ec2_instance_info-retries.yml | 2 - .../525-route53-idempotency-regressions.yml | 3 - .../fragments/528-route_53-return-values.yml | 2 - .../532-ec2_instance-wait-status.yml | 2 - .../fragments/532-rds_param_group-fix.yml | 4 - ...ecs_taskdefinition-depends_on-feature.yaml | 2 - .../535-aws-ssm-session-token-missing.yml | 2 - .../536-ec2_vpc_peering_info-retry.yml | 2 - .../537-ec2_vpc_endpoint_info-retries.yml | 3 - ...sure-ssm-plugin-terminates-connections.yml | 2 - .../548-elb-target-group-app-stickiness.yaml | 2 - ...fig_aggregator-fix-organization-source.yml | 2 - changelogs/fragments/ignore_212.yml | 2 - docs/community.aws.aws_acm_module.rst | 2 +- ...mmunity.aws.aws_config_recorder_module.rst | 4 +- ...mmunity.aws.aws_glue_connection_module.rst | 40 +- docs/community.aws.aws_glue_job_module.rst | 54 + ...ommunity.aws.aws_s3_bucket_info_module.rst | 1473 ++++++++++++++- docs/community.aws.aws_ssm_connection.rst | 19 + ...ity.aws.aws_ssm_parameter_store_module.rst | 29 + docs/community.aws.ec2_asg_info_module.rst | 17 + docs/community.aws.ec2_asg_module.rst | 252 ++- ...mmunity.aws.ec2_launch_template_module.rst | 75 + ...unity.aws.ec2_vpc_endpoint_info_module.rst | 11 +- .../community.aws.ec2_vpc_endpoint_module.rst | 58 + ...s.ec2_vpc_endpoint_service_info_module.rst | 544 ++++++ .../community.aws.ec2_vpc_igw_info_module.rst | 100 +- docs/community.aws.ec2_vpc_igw_module.rst | 18 +- docs/community.aws.ec2_vpc_nacl_module.rst | 7 +- ...ty.aws.ec2_vpc_nat_gateway_info_module.rst | 244 ++- ...mmunity.aws.ec2_vpc_nat_gateway_module.rst | 20 +- docs/community.aws.ec2_vpc_peer_module.rst | 512 ++++- ...munity.aws.ec2_vpc_peering_info_module.rst | 489 ++++- ...ty.aws.ec2_vpc_route_table_info_module.rst | 479 +++++ docs/community.aws.ecs_service_module.rst | 17 + docs/community.aws.ecs_task_module.rst | 37 + ...ommunity.aws.ecs_taskdefinition_module.rst | 1668 ++++++++++++++++- docs/community.aws.elasticache_module.rst | 3 +- .../community.aws.elb_target_group_module.rst | 43 +- docs/community.aws.lambda_alias_module.rst | 17 + docs/community.aws.rds_instance_module.rst | 30 + docs/community.aws.route53_module.rst | 5 + docs/community.aws.s3_lifecycle_module.rst | 73 +- docs/community.aws.s3_sync_module.rst | 33 + ...community.aws.wafv2_ip_set_info_module.rst | 391 ++++ docs/community.aws.wafv2_ip_set_module.rst | 508 +++++ ...munity.aws.wafv2_resources_info_module.rst | 323 ++++ docs/community.aws.wafv2_resources_module.rst | 359 ++++ ...unity.aws.wafv2_rule_group_info_module.rst | 429 +++++ .../community.aws.wafv2_rule_group_module.rst | 633 +++++++ ...ommunity.aws.wafv2_web_acl_info_module.rst | 409 ++++ docs/community.aws.wafv2_web_acl_module.rst | 685 +++++++ galaxy.yml | 4 +- tests/requirements.yml | 4 +- 110 files changed, 10241 insertions(+), 442 deletions(-) delete mode 100644 changelogs/fragments/162-vgw-retries.yml delete mode 100644 changelogs/fragments/23-kinesis_stream-changed.yml delete mode 100644 changelogs/fragments/230-ec2_launch_template-None-types.yml delete mode 100644 changelogs/fragments/232-fully-support-mixed-instances-policy.yaml delete mode 100644 changelogs/fragments/233-info-about-asg-lifecycle-hooks.yaml delete mode 100644 changelogs/fragments/260-extending-s3_bucket_info-module.yml delete mode 100644 changelogs/fragments/27-kinesis_stream-do-not-mark-as-changed-no-enc-actions.yaml delete mode 100644 changelogs/fragments/278-aws_ssm-profile-support.yml delete mode 100644 changelogs/fragments/302-aws_step_functions_state_machine-ARN-not-change.yml delete mode 100644 changelogs/fragments/305-aws-ssm-parameter-tier-option.yml delete mode 100644 changelogs/fragments/322-ec2_launch_template-add-metadata_options.yml delete mode 100644 changelogs/fragments/346-ec2_vpc_endpoint_service_info.yml delete mode 100644 changelogs/fragments/353-add_platform_to_ecs_service.yml delete mode 100644 changelogs/fragments/355-ec2_vpc_peer_improvements.yml delete mode 100644 changelogs/fragments/359-fix-ec2_vpc_route_table.yml delete mode 100644 changelogs/fragments/369-iam-return-values.yml delete mode 100644 changelogs/fragments/370_add_attributes_glue_module.yaml delete mode 100644 changelogs/fragments/371-ec2_launch_template-profile-arn.yml delete mode 100644 changelogs/fragments/389-sqs-queue-UnboundLocalError.yml delete mode 100644 changelogs/fragments/395_add_assign_public_ip.yaml delete mode 100644 changelogs/fragments/396-lambda_alias.yml delete mode 100644 changelogs/fragments/398-ec2-vpc-nacl-add-ipv6.yaml delete mode 100644 changelogs/fragments/406-elb_classic_info-return-empty-list.yml delete mode 100644 changelogs/fragments/406-route53-state-get.yml delete mode 100644 changelogs/fragments/410-elasticache-fixes.yml delete mode 100644 changelogs/fragments/414-rds_instance-tags-on-creation-from-snapshot.yml delete mode 100644 changelogs/fragments/419-iam_saml_federation-results.yml delete mode 100644 changelogs/fragments/421-ec2_vpc_egress_igw-retry.yml delete mode 100644 changelogs/fragments/422-aws_region_info-retry.yml delete mode 100644 changelogs/fragments/427-ec2_vpc_nat_gateway-stability.yml delete mode 100644 changelogs/fragments/442-ec2_vpc_route_table-stability.yml delete mode 100644 changelogs/fragments/445-ec2_vpc_nat_gateway-cleanup.yml delete mode 100644 changelogs/fragments/446-ec2_vpc_nat_gateway_info_stability.yml delete mode 100644 changelogs/fragments/447-s3_logging-boto3.yml delete mode 100644 changelogs/fragments/448-s3_lifecycle-stability.yml delete mode 100644 changelogs/fragments/454-sns_topic_fix_sms_endpoint_canonicalization.yaml delete mode 100644 changelogs/fragments/460-add-support-for-vpc-endpoint-type.yml delete mode 100644 changelogs/fragments/470-ec2_metric_alarm-unit-optional.yml delete mode 100644 changelogs/fragments/471-no_log.yml delete mode 100644 changelogs/fragments/472-ec2_vpc_nat_gateway_info-stability.yml delete mode 100644 changelogs/fragments/473-ec2_vpc_endpoint_stabilization.yml delete mode 100644 changelogs/fragments/475-no_log-missing.yml delete mode 100644 changelogs/fragments/476-ec2_instance_fix_key_error_when_instance_has_no_tags.yaml delete mode 100644 changelogs/fragments/493-ec2_asg_tg_updates.yaml delete mode 100644 changelogs/fragments/497-s3_sync-add-storage_class.yaml delete mode 100644 changelogs/fragments/500-rds_instance-purge-sg-option.yml delete mode 100644 changelogs/fragments/501-vpc_peering_connections.yml delete mode 100644 changelogs/fragments/502-route53-aliases.yml delete mode 100644 changelogs/fragments/503-aws_glue_connection-types-check-mode.yml delete mode 100644 changelogs/fragments/505-ec2_instance-terminate_protection.yml delete mode 100644 changelogs/fragments/506-cloudtrail_fix_always_reporting_changed_with_kms_alias.yaml delete mode 100644 changelogs/fragments/510-fix-route53-private-zone-vpc.yaml delete mode 100644 changelogs/fragments/515-rds_snapshot-aws-group.yml delete mode 100644 changelogs/fragments/521-ec2_instance_info-retries.yml delete mode 100644 changelogs/fragments/525-route53-idempotency-regressions.yml delete mode 100644 changelogs/fragments/528-route_53-return-values.yml delete mode 100644 changelogs/fragments/532-ec2_instance-wait-status.yml delete mode 100644 changelogs/fragments/532-rds_param_group-fix.yml delete mode 100644 changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml delete mode 100644 changelogs/fragments/535-aws-ssm-session-token-missing.yml delete mode 100644 changelogs/fragments/536-ec2_vpc_peering_info-retry.yml delete mode 100644 changelogs/fragments/537-ec2_vpc_endpoint_info-retries.yml delete mode 100644 changelogs/fragments/542-ensure-ssm-plugin-terminates-connections.yml delete mode 100644 changelogs/fragments/548-elb-target-group-app-stickiness.yaml delete mode 100644 changelogs/fragments/553-aws_config_aggregator-fix-organization-source.yml delete mode 100644 changelogs/fragments/ignore_212.yml create mode 100644 docs/community.aws.ec2_vpc_endpoint_service_info_module.rst create mode 100644 docs/community.aws.wafv2_ip_set_info_module.rst create mode 100644 docs/community.aws.wafv2_ip_set_module.rst create mode 100644 docs/community.aws.wafv2_resources_info_module.rst create mode 100644 docs/community.aws.wafv2_resources_module.rst create mode 100644 docs/community.aws.wafv2_rule_group_info_module.rst create mode 100644 docs/community.aws.wafv2_rule_group_module.rst create mode 100644 docs/community.aws.wafv2_web_acl_info_module.rst create mode 100644 docs/community.aws.wafv2_web_acl_module.rst diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e283be2e88a..3a5c31399fd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,137 @@ community.aws Release Notes .. contents:: Topics +v1.5.0 +====== + +Minor Changes +------------- + +- aws_config_aggregator - Fix typos in attribute names (https://github.com/ansible-collections/community.aws/pull/553). +- aws_glue_connection - Added multple connection types (https://github.com/ansible-collections/community.aws/pull/503). +- aws_glue_connection - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/503). +- aws_glue_job - added ``number_of_workers``, ``worker_type`` and ``glue_version`` attributes to the module (https://github.com/ansible-collections/community.aws/pull/370). +- aws_region_info - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/422). +- aws_s3_bucket_info - new module options ``name``, ``name_filter``, ``bucket_facts`` and ``transform_location`` (https://github.com/ansible-collections/community.aws/pull/260). +- aws_ssm connection plugin - add support for specifying a profile to be used when connecting (https://github.com/ansible-collections/community.aws/pull/278). +- aws_ssm_parameter_store - added tier parameter option (https://github.com/ansible/ansible/issues/59738). +- ec2_asg module - add support for all mixed_instances_policy parameters (https://github.com/ansible-collections/community.aws/issues/231). +- ec2_asg_info - gather information about asg lifecycle hooks (https://github.com/ansible-collections/community.aws/pull/233). +- ec2_instance - wait for new instances to return a status before attempting to set additional parameters (https://github.com/ansible-collections/community.aws/pull/533). +- ec2_instance_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/521). +- ec2_launch_template - added ``metadata_options`` parameter to support changing the IMDS configuration for instances (https://github.com/ansible-collections/community.aws/pull/322). +- ec2_metric_alarm - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/470). +- ec2_metric_alarm - Made ``unit`` parameter optional (https://github.com/ansible-collections/community.aws/pull/470). +- ec2_vpc_egress_igw - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/421). +- ec2_vpc_endpoint - Add retries on common AWS failures. (https://github.com/ansible-collections/community.aws/pull/473) +- ec2_vpc_endpoint - Added support for specifying ``vpc_endpoint_type`` (https://github.com/ansible-collections/community.aws/pull/460). +- ec2_vpc_endpoint - The module now supports tagging endpoints. (https://github.com/ansible-collections/community.aws/pull/473) +- ec2_vpc_endpoint - The module will now lookup existing endpoints and try to match on the provided parameters before creating a new endpoint for better idempotency. (https://github.com/ansible-collections/community.aws/pull/473) +- ec2_vpc_endpoint_info - ensure paginated endpoint description is retried on common AWS failures (https://github.com/ansible-collections/community.aws/pull/537). +- ec2_vpc_endpoint_info - use boto3 paginator when fetching services (https://github.com/ansible-collections/community.aws/pull/537). +- ec2_vpc_endpoint_service_info - new module added for fetching information about available VPC endpoint services (https://github.com/ansible-collections/community.aws/pull/346). +- ec2_vpc_nacl - add support for IPv6 (https://github.com/ansible-collections/community.aws/pull/398). +- ec2_vpc_nat_gateway - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/427). +- ec2_vpc_nat_gateway - code cleaning (https://github.com/ansible-collections/community.aws/pull/445) +- ec2_vpc_nat_gateway - imporove documentation (https://github.com/ansible-collections/community.aws/pull/445) +- ec2_vpc_nat_gateway - improve error handling (https://github.com/ansible-collections/community.aws/pull/445) +- ec2_vpc_nat_gateway - use custom waiters to manage NAT gateways states (deleted and available) (https://github.com/ansible-collections/community.aws/pull/445) +- ec2_vpc_nat_gateway - use pagination on describe calls to ensure all results are fetched (https://github.com/ansible-collections/community.aws/pull/427). +- ec2_vpc_nat_gateway_info - Add paginator (https://github.com/ansible-collections/community.aws/pull/472). +- ec2_vpc_nat_gateway_info - Improve documentation (https://github.com/ansible-collections/community.aws/pull/472). +- ec2_vpc_nat_gateway_info - Improve error handling (https://github.com/ansible-collections/community.aws/pull/472) +- ec2_vpc_nat_gateway_info - Use normalize_boto3_result (https://github.com/ansible-collections/community.aws/pull/472) +- ec2_vpc_nat_gateway_info - solve RequestLimitExceeded error by adding retry decorator (https://github.com/ansible-collections/community.aws/pull/446) +- ec2_vpc_peer - More return info added, also simplified module code a bit and extended tests (https://github.com/ansible-collections/community.aws/pull/355) +- ec2_vpc_peer - add support for waiting on state changes (https://github.com/ansible-collections/community.aws/pull/501). +- ec2_vpc_peering_info - add ``vpc_peering_connections`` return value to be consistent with boto3 modules (https://github.com/ansible-collections/community.aws/pull/501). +- ec2_vpc_peering_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/536). +- ec2_vpc_route_table - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/442). +- ec2_vpc_route_table - add boto3 pagination for some searches (https://github.com/ansible-collections/community.aws/pull/442). +- ec2_vpc_route_table_info - migrate to boto3 (https://github.com/ansible-collections/community.aws/pull/442). +- ec2_vpc_vgw - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). +- ec2_vpc_vpn - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). +- ecs_service - Add ``platform_version`` parameter to ``ecs_service`` (https://github.com/ansible-collections/community.aws/pull/353). +- ecs_task - added ``assign_public_ip`` option for network_configuration (https://github.com/ansible-collections/community.aws/pull/395). +- ecs_taskdefinition - Documentation improvement (https://github.com/ansible-collections/community.aws/issues/520) +- elasticache - Improve docs a little, add intgration tests (https://github.com/ansible-collections/community.aws/pull/410). +- elb_classic_info - If the provided load balancer doesn't exist, return an empty list instead of throwing an error. (https://github.com/ansible-collections/community.aws/pull/215). +- elb_target_group - Add elb target group attributes ``stickiness_app_cookie_name`` and ``stickiness_app_cookie_duration_seconds``. Also update docs for stickiness_type to mention application cookie (https://github.com/ansible-collections/community.aws/pull/548) +- iam - Make iam module more predictable when returning the ``user_name`` it creates or deletes (https://github.com/ansible-collections/community.aws/pull/369). +- iam_saml_federation - module now returns the state of the provider when no changes are made (https://github.com/ansible-collections/community.aws/pull/419). +- kinesis_stream - check_mode is now based on the live settings rather than comparisons with a hard coded/fake stream definition (https://github.com/ansible-collections/community.aws/pull/27). +- kinesis_stream - now returns changed more accurately (https://github.com/ansible-collections/community.aws/pull/27). +- kinesis_stream - now returns tags consistently (https://github.com/ansible-collections/community.aws/pull/27). +- kinesis_stream - return values are now the same format when working with both encrypted and un-encrypted streams (https://github.com/ansible-collections/community.aws/pull/27). +- lambda_alias - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/396). +- lambda_alias - use common helper functions to create AWS connections (https://github.com/ansible-collections/community.aws/pull/396). +- lambda_alias - use common helper functions to perform snake_case to CamelCase conversions (https://github.com/ansible-collections/community.aws/pull/396). +- rds_instance - new ``purge_security_groups`` parameter (https://github.com/ansible-collections/community.aws/issues/385). +- rds_param_group - Add AWSRetry (https://github.com/ansible-collections/community.aws/pull/532). +- rds_param_group - Fix integration tests (https://github.com/ansible-collections/community.aws/pull/532). +- rds_param_group - Support check_mode (https://github.com/ansible-collections/community.aws/pull/532). +- rds_snapshot - added to the aws module_defaults group (https://github.com/ansible-collections/community.aws/pull/515). +- route53 - fixes AWS API error when attempting to create Alias records (https://github.com/ansible-collections/community.aws/issues/434). +- s3_lifecycle - Add a ``wait`` parameter to wait for changes to propagate after being set (https://github.com/ansible-collections/community.aws/pull/448). +- s3_lifecycle - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/448). +- s3_lifecycle - Fix idempotency when using dates instead of days (https://github.com/ansible-collections/community.aws/pull/448). +- s3_logging - added support for check_mode (https://github.com/ansible-collections/community.aws/pull/447). +- s3_logging - migrated from boto to boto3 (https://github.com/ansible-collections/community.aws/pull/447). +- s3_sync - new ``storage_class`` feature allowing to specify the storage class when any object is added to an S3 bucket (https://github.com/ansible-collections/community.aws/issues/358). +- sanity tests - add ignore.txt for 2.12 (https://github.com/ansible-collections/community.aws/pull/527). +- state_machine_arn - return ``state_machine_arn`` when state is unchanged (https://github.com/ansible-collections/community.aws/pull/302). + +Deprecated Features +------------------- + +- ec2_vpc_endpoint_info - the ``query`` option has been deprecated and will be removed after 2022-12-01 (https://github.com/ansible-collections/community.aws/pull/346). The ec2_vpc_endpoint_info now defaults to listing information about endpoints. The ability to search for information about available services has been moved to the dedicated module ``ec2_vpc_endpoint_service_info``. + +Security Fixes +-------------- + +- aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). +- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). +- sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). +- sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). + +Bugfixes +-------- + +- aws_ssm - Adds destructor to SSM connection plugin to ensure connections are properly cleaned up after usage (https://github.com/ansible-collections/community.aws/pull/542). +- aws_ssm - enable aws ssm connections if **AWS_SESSION_TOKEN** is missing (https://github.com/ansible-collections/community.aws/pull/535). +- cloudtrail - fix always reporting changed = true when kms alias used (https://github.com/ansible-collections/community.aws/pull/506). +- cloudtrail - fix lower casing of tag keys (https://github.com/ansible-collections/community.aws/pull/506). +- ec2_asg - fix target group update logic (https://github.com/ansible-collections/community.aws/pull/493). +- ec2_instance - ensure that termination protection isn't modified when using check_mode (https://github.com/ansible/ansible/issues/67716). +- ec2_instance - fix key errors when instance has no tags (https://github.com/ansible-collections/community.aws/pull/476). +- ec2_launch_template - ensure that empty parameters are properly removed before passing to AWS (https://github.com/ansible-collections/community.aws/issues/230). +- ec2_launch_template - fixes parameter validation failure when passing a instance profile ARN instead of just the role name (https://github.com/ansible-collections/community.aws/pull/371). +- ec2_vpc_peer - fix idempotency when rejecting and deleting peering connections (https://github.com/ansible-collections/community.aws/pull/501). +- ec2_vpc_route_table - catch RouteAlreadyExists error when rerunning same task twice to make module idempotent (https://github.com/ansible-collections/community.aws/issues/357). +- elasticache - Fix ``KeyError`` issue when updating security group (https://github.com/ansible-collections/community.aws/pull/410). +- kinesis_stream - fixed issue where streams get marked as changed even if no encryption actions were necessary (https://github.com/ansible/ansible/issues/65928). +- rds_instance - fixes bug preventing the use of tags when creating an RDS instance from a snapshot (https://github.com/ansible-collections/community.aws/issues/530). +- route53 - ensure that the old return values are re-added along side the new ones (https://github.com/ansible-collections/community.aws/issues/523). +- route53 - fix ``AttributeError`` in ``get_zone_id_by_name`` when a vpc_id on a private zone is provided (https://github.com/ansible-collections/community.aws/issues/509). +- route53 - fix handling for characters escaped by AWS in record names, like ``*`` and ``@``. This fixes idempotency for such record names (https://github.com/ansible-collections/community.aws/issues/524). +- route53 - fix when using ``state=get`` on private DNS zones and add tests to cover this scenario (https://github.com/ansible-collections/community.aws/pull/424). +- route53 - make sure that CAA values order is again ignored during idempotency comparsion (https://github.com/ansible-collections/community.aws/issues/524). +- sns_topic - Add ``+`` to allowable characters in SMS endpoints (https://github.com/ansible-collections/community.aws/pull/454). +- sqs_queue - fix UnboundLocalError when passing a boolean parameter (https://github.com/ansible-collections/community.aws/issues/172). + +New Modules +----------- + +- ec2_vpc_endpoint_service_info - retrieves AWS VPC endpoint service details +- wafv2_ip_set - wafv2_ip_set +- wafv2_ip_set_info - Get information about wafv2 ip sets +- wafv2_resources - wafv2_web_acl +- wafv2_resources_info - wafv2_resources_info +- wafv2_rule_group - wafv2_web_acl +- wafv2_rule_group_info - wafv2_web_acl_info +- wafv2_web_acl - wafv2_web_acl +- wafv2_web_acl_info - wafv2_web_acl + v1.4.0 ====== diff --git a/README.md b/README.md index d4b93c36e6b..09a8d31f2c0 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ Name | Description [community.aws.aws_kms](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_kms_module.rst)|Perform various KMS management tasks. [community.aws.aws_kms_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_kms_info_module.rst)|Gather information about AWS KMS keys [community.aws.aws_region_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_region_info_module.rst)|Gather information about AWS regions. -[community.aws.aws_s3_bucket_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_s3_bucket_info_module.rst)|Lists S3 buckets in AWS +[community.aws.aws_s3_bucket_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_s3_bucket_info_module.rst)|lists S3 buckets in AWS [community.aws.aws_s3_cors](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_s3_cors_module.rst)|Manage CORS for S3 buckets in AWS [community.aws.aws_secret](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_secret_module.rst)|Manage secrets stored in AWS Secrets Manager. [community.aws.aws_ses_identity](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_ses_identity_module.rst)|Manages SES email and domain identity @@ -114,6 +114,7 @@ Name | Description [community.aws.ec2_vpc_egress_igw](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_egress_igw_module.rst)|Manage an AWS VPC Egress Only Internet gateway [community.aws.ec2_vpc_endpoint](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_endpoint_module.rst)|Create and delete AWS VPC Endpoints. [community.aws.ec2_vpc_endpoint_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_endpoint_info_module.rst)|Retrieves AWS VPC endpoints details using AWS methods. +[community.aws.ec2_vpc_endpoint_service_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_endpoint_service_info_module.rst)|retrieves AWS VPC endpoint service details [community.aws.ec2_vpc_igw](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_igw_module.rst)|Manage an AWS VPC Internet gateway [community.aws.ec2_vpc_igw_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_igw_info_module.rst)|Gather information about internet gateways in AWS [community.aws.ec2_vpc_nacl](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.ec2_vpc_nacl_module.rst)|create and delete Network ACLs. @@ -194,7 +195,7 @@ Name | Description [community.aws.route53_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.route53_info_module.rst)|Retrieves route53 details using AWS methods [community.aws.route53_zone](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.route53_zone_module.rst)|add or delete Route53 zones [community.aws.s3_bucket_notification](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_bucket_notification_module.rst)|Creates, updates or deletes S3 Bucket notification for lambda -[community.aws.s3_lifecycle](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_lifecycle_module.rst)|Manage s3 bucket lifecycle rules in AWS +[community.aws.s3_lifecycle](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_lifecycle_module.rst)|Manage S3 bucket lifecycle rules in AWS [community.aws.s3_logging](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_logging_module.rst)|Manage logging facility of an s3 bucket in AWS [community.aws.s3_metrics_configuration](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_metrics_configuration_module.rst)|Manage s3 bucket metrics configuration in AWS [community.aws.s3_sync](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.s3_sync_module.rst)|Efficiently upload multiple files to S3 @@ -204,6 +205,14 @@ Name | Description [community.aws.sqs_queue](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.sqs_queue_module.rst)|Creates or deletes AWS SQS queues [community.aws.sts_assume_role](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.sts_assume_role_module.rst)|Assume a role using AWS Security Token Service and obtain temporary credentials [community.aws.sts_session_token](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.sts_session_token_module.rst)|Obtain a session token from the AWS Security Token Service +[community.aws.wafv2_ip_set](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_ip_set_module.rst)|wafv2_ip_set +[community.aws.wafv2_ip_set_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_ip_set_info_module.rst)|Get information about wafv2 ip sets +[community.aws.wafv2_resources](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_resources_module.rst)|wafv2_web_acl +[community.aws.wafv2_resources_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_resources_info_module.rst)|wafv2_resources_info +[community.aws.wafv2_rule_group](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_rule_group_module.rst)|wafv2_web_acl +[community.aws.wafv2_rule_group_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_rule_group_info_module.rst)|wafv2_web_acl_info +[community.aws.wafv2_web_acl](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_web_acl_module.rst)|wafv2_web_acl +[community.aws.wafv2_web_acl_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_web_acl_info_module.rst)|wafv2_web_acl diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 156c7c57eba..1dfb7e79f32 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -879,3 +879,249 @@ releases: - 404-fix-dict-element-for-rule-param-in-aws-s3-cors.yml - 405-route53-boto3.yml release_date: '2021-02-16' + 1.5.0: + changes: + bugfixes: + - aws_ssm - Adds destructor to SSM connection plugin to ensure connections are + properly cleaned up after usage (https://github.com/ansible-collections/community.aws/pull/542). + - aws_ssm - enable aws ssm connections if **AWS_SESSION_TOKEN** is missing (https://github.com/ansible-collections/community.aws/pull/535). + - cloudtrail - fix always reporting changed = true when kms alias used (https://github.com/ansible-collections/community.aws/pull/506). + - cloudtrail - fix lower casing of tag keys (https://github.com/ansible-collections/community.aws/pull/506). + - ec2_asg - fix target group update logic (https://github.com/ansible-collections/community.aws/pull/493). + - ec2_instance - ensure that termination protection isn't modified when using + check_mode (https://github.com/ansible/ansible/issues/67716). + - ec2_instance - fix key errors when instance has no tags (https://github.com/ansible-collections/community.aws/pull/476). + - ec2_launch_template - ensure that empty parameters are properly removed before + passing to AWS (https://github.com/ansible-collections/community.aws/issues/230). + - ec2_launch_template - fixes parameter validation failure when passing a instance + profile ARN instead of just the role name (https://github.com/ansible-collections/community.aws/pull/371). + - ec2_vpc_peer - fix idempotency when rejecting and deleting peering connections + (https://github.com/ansible-collections/community.aws/pull/501). + - ec2_vpc_route_table - catch RouteAlreadyExists error when rerunning same task + twice to make module idempotent (https://github.com/ansible-collections/community.aws/issues/357). + - elasticache - Fix ``KeyError`` issue when updating security group (https://github.com/ansible-collections/community.aws/pull/410). + - kinesis_stream - fixed issue where streams get marked as changed even if no + encryption actions were necessary (https://github.com/ansible/ansible/issues/65928). + - rds_instance - fixes bug preventing the use of tags when creating an RDS instance + from a snapshot (https://github.com/ansible-collections/community.aws/issues/530). + - route53 - ensure that the old return values are re-added along side the new + ones (https://github.com/ansible-collections/community.aws/issues/523). + - route53 - fix ``AttributeError`` in ``get_zone_id_by_name`` when a vpc_id + on a private zone is provided (https://github.com/ansible-collections/community.aws/issues/509). + - route53 - fix handling for characters escaped by AWS in record names, like + ``*`` and ``@``. This fixes idempotency for such record names (https://github.com/ansible-collections/community.aws/issues/524). + - route53 - fix when using ``state=get`` on private DNS zones and add tests + to cover this scenario (https://github.com/ansible-collections/community.aws/pull/424). + - route53 - make sure that CAA values order is again ignored during idempotency + comparsion (https://github.com/ansible-collections/community.aws/issues/524). + - sns_topic - Add ``+`` to allowable characters in SMS endpoints (https://github.com/ansible-collections/community.aws/pull/454). + - sqs_queue - fix UnboundLocalError when passing a boolean parameter (https://github.com/ansible-collections/community.aws/issues/172). + deprecated_features: + - ec2_vpc_endpoint_info - the ``query`` option has been deprecated and will + be removed after 2022-12-01 (https://github.com/ansible-collections/community.aws/pull/346). + The ec2_vpc_endpoint_info now defaults to listing information about endpoints. + The ability to search for information about available services has been moved + to the dedicated module ``ec2_vpc_endpoint_service_info``. + minor_changes: + - aws_config_aggregator - Fix typos in attribute names (https://github.com/ansible-collections/community.aws/pull/553). + - aws_glue_connection - Added multple connection types (https://github.com/ansible-collections/community.aws/pull/503). + - aws_glue_connection - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/503). + - aws_glue_job - added ``number_of_workers``, ``worker_type`` and ``glue_version`` + attributes to the module (https://github.com/ansible-collections/community.aws/pull/370). + - aws_region_info - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/422). + - aws_s3_bucket_info - new module options ``name``, ``name_filter``, ``bucket_facts`` + and ``transform_location`` (https://github.com/ansible-collections/community.aws/pull/260). + - aws_ssm connection plugin - add support for specifying a profile to be used + when connecting (https://github.com/ansible-collections/community.aws/pull/278). + - aws_ssm_parameter_store - added tier parameter option (https://github.com/ansible/ansible/issues/59738). + - ec2_asg module - add support for all mixed_instances_policy parameters (https://github.com/ansible-collections/community.aws/issues/231). + - ec2_asg_info - gather information about asg lifecycle hooks (https://github.com/ansible-collections/community.aws/pull/233). + - ec2_instance - wait for new instances to return a status before attempting + to set additional parameters (https://github.com/ansible-collections/community.aws/pull/533). + - ec2_instance_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/521). + - ec2_launch_template - added ``metadata_options`` parameter to support changing + the IMDS configuration for instances (https://github.com/ansible-collections/community.aws/pull/322). + - ec2_metric_alarm - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/470). + - ec2_metric_alarm - Made ``unit`` parameter optional (https://github.com/ansible-collections/community.aws/pull/470). + - ec2_vpc_egress_igw - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/421). + - ec2_vpc_endpoint - Add retries on common AWS failures. (https://github.com/ansible-collections/community.aws/pull/473) + - ec2_vpc_endpoint - Added support for specifying ``vpc_endpoint_type`` (https://github.com/ansible-collections/community.aws/pull/460). + - ec2_vpc_endpoint - The module now supports tagging endpoints. (https://github.com/ansible-collections/community.aws/pull/473) + - ec2_vpc_endpoint - The module will now lookup existing endpoints and try to + match on the provided parameters before creating a new endpoint for better + idempotency. (https://github.com/ansible-collections/community.aws/pull/473) + - ec2_vpc_endpoint_info - ensure paginated endpoint description is retried on + common AWS failures (https://github.com/ansible-collections/community.aws/pull/537). + - ec2_vpc_endpoint_info - use boto3 paginator when fetching services (https://github.com/ansible-collections/community.aws/pull/537). + - ec2_vpc_endpoint_service_info - new module added for fetching information + about available VPC endpoint services (https://github.com/ansible-collections/community.aws/pull/346). + - ec2_vpc_nacl - add support for IPv6 (https://github.com/ansible-collections/community.aws/pull/398). + - ec2_vpc_nat_gateway - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/427). + - ec2_vpc_nat_gateway - code cleaning (https://github.com/ansible-collections/community.aws/pull/445) + - ec2_vpc_nat_gateway - imporove documentation (https://github.com/ansible-collections/community.aws/pull/445) + - ec2_vpc_nat_gateway - improve error handling (https://github.com/ansible-collections/community.aws/pull/445) + - ec2_vpc_nat_gateway - use custom waiters to manage NAT gateways states (deleted + and available) (https://github.com/ansible-collections/community.aws/pull/445) + - ec2_vpc_nat_gateway - use pagination on describe calls to ensure all results + are fetched (https://github.com/ansible-collections/community.aws/pull/427). + - ec2_vpc_nat_gateway_info - Add paginator (https://github.com/ansible-collections/community.aws/pull/472). + - ec2_vpc_nat_gateway_info - Improve documentation (https://github.com/ansible-collections/community.aws/pull/472). + - ec2_vpc_nat_gateway_info - Improve error handling (https://github.com/ansible-collections/community.aws/pull/472) + - ec2_vpc_nat_gateway_info - Use normalize_boto3_result (https://github.com/ansible-collections/community.aws/pull/472) + - ec2_vpc_nat_gateway_info - solve RequestLimitExceeded error by adding retry + decorator (https://github.com/ansible-collections/community.aws/pull/446) + - ec2_vpc_peer - More return info added, also simplified module code a bit and + extended tests (https://github.com/ansible-collections/community.aws/pull/355) + - ec2_vpc_peer - add support for waiting on state changes (https://github.com/ansible-collections/community.aws/pull/501). + - ec2_vpc_peering_info - add ``vpc_peering_connections`` return value to be + consistent with boto3 modules (https://github.com/ansible-collections/community.aws/pull/501). + - ec2_vpc_peering_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/536). + - ec2_vpc_route_table - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/442). + - ec2_vpc_route_table - add boto3 pagination for some searches (https://github.com/ansible-collections/community.aws/pull/442). + - ec2_vpc_route_table_info - migrate to boto3 (https://github.com/ansible-collections/community.aws/pull/442). + - ec2_vpc_vgw - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). + - ec2_vpc_vpn - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). + - ecs_service - Add ``platform_version`` parameter to ``ecs_service`` (https://github.com/ansible-collections/community.aws/pull/353). + - ecs_task - added ``assign_public_ip`` option for network_configuration (https://github.com/ansible-collections/community.aws/pull/395). + - ecs_taskdefinition - Documentation improvement (https://github.com/ansible-collections/community.aws/issues/520) + - elasticache - Improve docs a little, add intgration tests (https://github.com/ansible-collections/community.aws/pull/410). + - elb_classic_info - If the provided load balancer doesn't exist, return an + empty list instead of throwing an error. (https://github.com/ansible-collections/community.aws/pull/215). + - elb_target_group - Add elb target group attributes ``stickiness_app_cookie_name`` + and ``stickiness_app_cookie_duration_seconds``. Also update docs for stickiness_type + to mention application cookie (https://github.com/ansible-collections/community.aws/pull/548) + - iam - Make iam module more predictable when returning the ``user_name`` it + creates or deletes (https://github.com/ansible-collections/community.aws/pull/369). + - iam_saml_federation - module now returns the state of the provider when no + changes are made (https://github.com/ansible-collections/community.aws/pull/419). + - kinesis_stream - check_mode is now based on the live settings rather than + comparisons with a hard coded/fake stream definition (https://github.com/ansible-collections/community.aws/pull/27). + - kinesis_stream - now returns changed more accurately (https://github.com/ansible-collections/community.aws/pull/27). + - kinesis_stream - now returns tags consistently (https://github.com/ansible-collections/community.aws/pull/27). + - kinesis_stream - return values are now the same format when working with both + encrypted and un-encrypted streams (https://github.com/ansible-collections/community.aws/pull/27). + - lambda_alias - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/396). + - lambda_alias - use common helper functions to create AWS connections (https://github.com/ansible-collections/community.aws/pull/396). + - lambda_alias - use common helper functions to perform snake_case to CamelCase + conversions (https://github.com/ansible-collections/community.aws/pull/396). + - rds_instance - new ``purge_security_groups`` parameter (https://github.com/ansible-collections/community.aws/issues/385). + - rds_param_group - Add AWSRetry (https://github.com/ansible-collections/community.aws/pull/532). + - rds_param_group - Fix integration tests (https://github.com/ansible-collections/community.aws/pull/532). + - rds_param_group - Support check_mode (https://github.com/ansible-collections/community.aws/pull/532). + - rds_snapshot - added to the aws module_defaults group (https://github.com/ansible-collections/community.aws/pull/515). + - route53 - fixes AWS API error when attempting to create Alias records (https://github.com/ansible-collections/community.aws/issues/434). + - s3_lifecycle - Add a ``wait`` parameter to wait for changes to propagate after + being set (https://github.com/ansible-collections/community.aws/pull/448). + - s3_lifecycle - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/448). + - s3_lifecycle - Fix idempotency when using dates instead of days (https://github.com/ansible-collections/community.aws/pull/448). + - s3_logging - added support for check_mode (https://github.com/ansible-collections/community.aws/pull/447). + - s3_logging - migrated from boto to boto3 (https://github.com/ansible-collections/community.aws/pull/447). + - s3_sync - new ``storage_class`` feature allowing to specify the storage class + when any object is added to an S3 bucket (https://github.com/ansible-collections/community.aws/issues/358). + - sanity tests - add ignore.txt for 2.12 (https://github.com/ansible-collections/community.aws/pull/527). + - state_machine_arn - return ``state_machine_arn`` when state is unchanged (https://github.com/ansible-collections/community.aws/pull/302). + security_fixes: + - aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter + as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). + - aws_secret - flag the ``secret`` parameter as containing sensitive data which + shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). + - sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid + accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). + - sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid + accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). + fragments: + - 162-vgw-retries.yml + - 23-kinesis_stream-changed.yml + - 230-ec2_launch_template-None-types.yml + - 232-fully-support-mixed-instances-policy.yaml + - 233-info-about-asg-lifecycle-hooks.yaml + - 260-extending-s3_bucket_info-module.yml + - 27-kinesis_stream-do-not-mark-as-changed-no-enc-actions.yaml + - 278-aws_ssm-profile-support.yml + - 302-aws_step_functions_state_machine-ARN-not-change.yml + - 305-aws-ssm-parameter-tier-option.yml + - 322-ec2_launch_template-add-metadata_options.yml + - 346-ec2_vpc_endpoint_service_info.yml + - 353-add_platform_to_ecs_service.yml + - 355-ec2_vpc_peer_improvements.yml + - 359-fix-ec2_vpc_route_table.yml + - 369-iam-return-values.yml + - 370_add_attributes_glue_module.yaml + - 371-ec2_launch_template-profile-arn.yml + - 389-sqs-queue-UnboundLocalError.yml + - 395_add_assign_public_ip.yaml + - 396-lambda_alias.yml + - 398-ec2-vpc-nacl-add-ipv6.yaml + - 406-elb_classic_info-return-empty-list.yml + - 406-route53-state-get.yml + - 410-elasticache-fixes.yml + - 414-rds_instance-tags-on-creation-from-snapshot.yml + - 419-iam_saml_federation-results.yml + - 421-ec2_vpc_egress_igw-retry.yml + - 422-aws_region_info-retry.yml + - 427-ec2_vpc_nat_gateway-stability.yml + - 442-ec2_vpc_route_table-stability.yml + - 445-ec2_vpc_nat_gateway-cleanup.yml + - 446-ec2_vpc_nat_gateway_info_stability.yml + - 447-s3_logging-boto3.yml + - 448-s3_lifecycle-stability.yml + - 454-sns_topic_fix_sms_endpoint_canonicalization.yaml + - 460-add-support-for-vpc-endpoint-type.yml + - 470-ec2_metric_alarm-unit-optional.yml + - 471-no_log.yml + - 472-ec2_vpc_nat_gateway_info-stability.yml + - 473-ec2_vpc_endpoint_stabilization.yml + - 475-no_log-missing.yml + - 476-ec2_instance_fix_key_error_when_instance_has_no_tags.yaml + - 493-ec2_asg_tg_updates.yaml + - 497-s3_sync-add-storage_class.yaml + - 500-rds_instance-purge-sg-option.yml + - 501-vpc_peering_connections.yml + - 502-route53-aliases.yml + - 503-aws_glue_connection-types-check-mode.yml + - 505-ec2_instance-terminate_protection.yml + - 506-cloudtrail_fix_always_reporting_changed_with_kms_alias.yaml + - 510-fix-route53-private-zone-vpc.yaml + - 515-rds_snapshot-aws-group.yml + - 521-ec2_instance_info-retries.yml + - 525-route53-idempotency-regressions.yml + - 528-route_53-return-values.yml + - 532-ec2_instance-wait-status.yml + - 532-rds_param_group-fix.yml + - 534-ecs_taskdefinition-depends_on-feature.yaml + - 535-aws-ssm-session-token-missing.yml + - 536-ec2_vpc_peering_info-retry.yml + - 537-ec2_vpc_endpoint_info-retries.yml + - 542-ensure-ssm-plugin-terminates-connections.yml + - 548-elb-target-group-app-stickiness.yaml + - 553-aws_config_aggregator-fix-organization-source.yml + - ignore_212.yml + modules: + - description: retrieves AWS VPC endpoint service details + name: ec2_vpc_endpoint_service_info + namespace: '' + - description: wafv2_ip_set + name: wafv2_ip_set + namespace: '' + - description: Get information about wafv2 ip sets + name: wafv2_ip_set_info + namespace: '' + - description: wafv2_web_acl + name: wafv2_resources + namespace: '' + - description: wafv2_resources_info + name: wafv2_resources_info + namespace: '' + - description: wafv2_web_acl + name: wafv2_rule_group + namespace: '' + - description: wafv2_web_acl_info + name: wafv2_rule_group_info + namespace: '' + - description: wafv2_web_acl + name: wafv2_web_acl + namespace: '' + - description: wafv2_web_acl + name: wafv2_web_acl_info + namespace: '' + release_date: '2021-04-27' diff --git a/changelogs/fragments/162-vgw-retries.yml b/changelogs/fragments/162-vgw-retries.yml deleted file mode 100644 index 93a38970451..00000000000 --- a/changelogs/fragments/162-vgw-retries.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- ec2_vpc_vpn - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). -- ec2_vpc_vgw - Add automatic retries for recoverable errors (https://github.com/ansible-collections/community.aws/pull/162). diff --git a/changelogs/fragments/23-kinesis_stream-changed.yml b/changelogs/fragments/23-kinesis_stream-changed.yml deleted file mode 100644 index 881442e2be0..00000000000 --- a/changelogs/fragments/23-kinesis_stream-changed.yml +++ /dev/null @@ -1,5 +0,0 @@ -minor_changes: -- kinesis_stream - now returns tags consistently (https://github.com/ansible-collections/community.aws/pull/27). -- kinesis_stream - now returns changed more accurately (https://github.com/ansible-collections/community.aws/pull/27). -- kinesis_stream - return values are now the same format when working with both encrypted and un-encrypted streams (https://github.com/ansible-collections/community.aws/pull/27). -- kinesis_stream - check_mode is now based on the live settings rather than comparisons with a hard coded/fake stream definition (https://github.com/ansible-collections/community.aws/pull/27). diff --git a/changelogs/fragments/230-ec2_launch_template-None-types.yml b/changelogs/fragments/230-ec2_launch_template-None-types.yml deleted file mode 100644 index ba84e438a59..00000000000 --- a/changelogs/fragments/230-ec2_launch_template-None-types.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- ec2_launch_template - ensure that empty parameters are properly removed before passing to AWS (https://github.com/ansible-collections/community.aws/issues/230). diff --git a/changelogs/fragments/232-fully-support-mixed-instances-policy.yaml b/changelogs/fragments/232-fully-support-mixed-instances-policy.yaml deleted file mode 100644 index e03f7c83820..00000000000 --- a/changelogs/fragments/232-fully-support-mixed-instances-policy.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ec2_asg module - add support for all mixed_instances_policy parameters (https://github.com/ansible-collections/community.aws/issues/231). diff --git a/changelogs/fragments/233-info-about-asg-lifecycle-hooks.yaml b/changelogs/fragments/233-info-about-asg-lifecycle-hooks.yaml deleted file mode 100644 index ae6d23f8c84..00000000000 --- a/changelogs/fragments/233-info-about-asg-lifecycle-hooks.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ec2_asg_info - gather information about asg lifecycle hooks (https://github.com/ansible-collections/community.aws/pull/233). diff --git a/changelogs/fragments/260-extending-s3_bucket_info-module.yml b/changelogs/fragments/260-extending-s3_bucket_info-module.yml deleted file mode 100644 index a1b36dfc8d7..00000000000 --- a/changelogs/fragments/260-extending-s3_bucket_info-module.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - aws_s3_bucket_info - new module options ``name``, ``name_filter``, ``bucket_facts`` and ``transform_location`` - (https://github.com/ansible-collections/community.aws/pull/260). diff --git a/changelogs/fragments/27-kinesis_stream-do-not-mark-as-changed-no-enc-actions.yaml b/changelogs/fragments/27-kinesis_stream-do-not-mark-as-changed-no-enc-actions.yaml deleted file mode 100644 index 61143ae88cb..00000000000 --- a/changelogs/fragments/27-kinesis_stream-do-not-mark-as-changed-no-enc-actions.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - kinesis_stream - fixed issue where streams get marked as changed even if no encryption actions were necessary (https://github.com/ansible/ansible/issues/65928). diff --git a/changelogs/fragments/278-aws_ssm-profile-support.yml b/changelogs/fragments/278-aws_ssm-profile-support.yml deleted file mode 100644 index 4056065172c..00000000000 --- a/changelogs/fragments/278-aws_ssm-profile-support.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- aws_ssm connection plugin - add support for specifying a profile to be used when connecting (https://github.com/ansible-collections/community.aws/pull/278). diff --git a/changelogs/fragments/302-aws_step_functions_state_machine-ARN-not-change.yml b/changelogs/fragments/302-aws_step_functions_state_machine-ARN-not-change.yml deleted file mode 100644 index 2305eb95852..00000000000 --- a/changelogs/fragments/302-aws_step_functions_state_machine-ARN-not-change.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- state_machine_arn - return ``state_machine_arn`` when state is unchanged (https://github.com/ansible-collections/community.aws/pull/302). diff --git a/changelogs/fragments/305-aws-ssm-parameter-tier-option.yml b/changelogs/fragments/305-aws-ssm-parameter-tier-option.yml deleted file mode 100644 index 1a1af45d14e..00000000000 --- a/changelogs/fragments/305-aws-ssm-parameter-tier-option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- aws_ssm_parameter_store - added tier parameter option (https://github.com/ansible/ansible/issues/59738). diff --git a/changelogs/fragments/322-ec2_launch_template-add-metadata_options.yml b/changelogs/fragments/322-ec2_launch_template-add-metadata_options.yml deleted file mode 100644 index f4c83814c95..00000000000 --- a/changelogs/fragments/322-ec2_launch_template-add-metadata_options.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_launch_template - added ``metadata_options`` parameter to support changing the IMDS configuration for instances (https://github.com/ansible-collections/community.aws/pull/322). diff --git a/changelogs/fragments/346-ec2_vpc_endpoint_service_info.yml b/changelogs/fragments/346-ec2_vpc_endpoint_service_info.yml deleted file mode 100644 index defedc5497e..00000000000 --- a/changelogs/fragments/346-ec2_vpc_endpoint_service_info.yml +++ /dev/null @@ -1,6 +0,0 @@ -minor_changes: -- ec2_vpc_endpoint_service_info - new module added for fetching information about available VPC endpoint services (https://github.com/ansible-collections/community.aws/pull/346). -deprecated_features: -- ec2_vpc_endpoint_info - the ``query`` option has been deprecated and will be removed after 2022-12-01 (https://github.com/ansible-collections/community.aws/pull/346). - The ec2_vpc_endpoint_info now defaults to listing information about endpoints. - The ability to search for information about available services has been moved to the dedicated module ``ec2_vpc_endpoint_service_info``. diff --git a/changelogs/fragments/353-add_platform_to_ecs_service.yml b/changelogs/fragments/353-add_platform_to_ecs_service.yml deleted file mode 100644 index 1d313700826..00000000000 --- a/changelogs/fragments/353-add_platform_to_ecs_service.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ecs_service - Add ``platform_version`` parameter to ``ecs_service`` (https://github.com/ansible-collections/community.aws/pull/353). diff --git a/changelogs/fragments/355-ec2_vpc_peer_improvements.yml b/changelogs/fragments/355-ec2_vpc_peer_improvements.yml deleted file mode 100644 index 55a8410ac6e..00000000000 --- a/changelogs/fragments/355-ec2_vpc_peer_improvements.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_vpc_peer - More return info added, also simplified module code a bit and extended tests (https://github.com/ansible-collections/community.aws/pull/355) diff --git a/changelogs/fragments/359-fix-ec2_vpc_route_table.yml b/changelogs/fragments/359-fix-ec2_vpc_route_table.yml deleted file mode 100644 index 61f90d9af5c..00000000000 --- a/changelogs/fragments/359-fix-ec2_vpc_route_table.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ec2_vpc_route_table - catch RouteAlreadyExists error when rerunning same task twice to make module idempotent (https://github.com/ansible-collections/community.aws/issues/357). diff --git a/changelogs/fragments/369-iam-return-values.yml b/changelogs/fragments/369-iam-return-values.yml deleted file mode 100644 index 98f1d6e2546..00000000000 --- a/changelogs/fragments/369-iam-return-values.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - iam - Make iam module more predictable when returning the ``user_name`` it creates or deletes (https://github.com/ansible-collections/community.aws/pull/369). diff --git a/changelogs/fragments/370_add_attributes_glue_module.yaml b/changelogs/fragments/370_add_attributes_glue_module.yaml deleted file mode 100644 index 6c31dc8117e..00000000000 --- a/changelogs/fragments/370_add_attributes_glue_module.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: -- aws_glue_job - added ``number_of_workers``, ``worker_type`` and ``glue_version`` attributes to the module (https://github.com/ansible-collections/community.aws/pull/370). diff --git a/changelogs/fragments/371-ec2_launch_template-profile-arn.yml b/changelogs/fragments/371-ec2_launch_template-profile-arn.yml deleted file mode 100644 index fcc13bc1a3e..00000000000 --- a/changelogs/fragments/371-ec2_launch_template-profile-arn.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- ec2_launch_template - fixes parameter validation failure when passing a instance profile ARN instead of just the role name (https://github.com/ansible-collections/community.aws/pull/371). diff --git a/changelogs/fragments/389-sqs-queue-UnboundLocalError.yml b/changelogs/fragments/389-sqs-queue-UnboundLocalError.yml deleted file mode 100644 index 8b1b371428f..00000000000 --- a/changelogs/fragments/389-sqs-queue-UnboundLocalError.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- sqs_queue - fix UnboundLocalError when passing a boolean parameter (https://github.com/ansible-collections/community.aws/issues/172). diff --git a/changelogs/fragments/395_add_assign_public_ip.yaml b/changelogs/fragments/395_add_assign_public_ip.yaml deleted file mode 100644 index 29540bc7b30..00000000000 --- a/changelogs/fragments/395_add_assign_public_ip.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: -- ecs_task - added ``assign_public_ip`` option for network_configuration (https://github.com/ansible-collections/community.aws/pull/395). diff --git a/changelogs/fragments/396-lambda_alias.yml b/changelogs/fragments/396-lambda_alias.yml deleted file mode 100644 index e8929cd6c51..00000000000 --- a/changelogs/fragments/396-lambda_alias.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: -- lambda_alias - use common helper functions to create AWS connections (https://github.com/ansible-collections/community.aws/pull/396). -- lambda_alias - use common helper functions to perform snake_case to CamelCase conversions (https://github.com/ansible-collections/community.aws/pull/396). -- lambda_alias - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/396). diff --git a/changelogs/fragments/398-ec2-vpc-nacl-add-ipv6.yaml b/changelogs/fragments/398-ec2-vpc-nacl-add-ipv6.yaml deleted file mode 100644 index 2b324a0c36d..00000000000 --- a/changelogs/fragments/398-ec2-vpc-nacl-add-ipv6.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ec2_vpc_nacl - add support for IPv6 (https://github.com/ansible-collections/community.aws/pull/398). diff --git a/changelogs/fragments/406-elb_classic_info-return-empty-list.yml b/changelogs/fragments/406-elb_classic_info-return-empty-list.yml deleted file mode 100644 index 62eb1c30d13..00000000000 --- a/changelogs/fragments/406-elb_classic_info-return-empty-list.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- elb_classic_info - If the provided load balancer doesn't exist, return an empty list instead of throwing an error. (https://github.com/ansible-collections/community.aws/pull/215). diff --git a/changelogs/fragments/406-route53-state-get.yml b/changelogs/fragments/406-route53-state-get.yml deleted file mode 100644 index 563a2bc2e24..00000000000 --- a/changelogs/fragments/406-route53-state-get.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- route53 - fix when using ``state=get`` on private DNS zones and add tests to cover this scenario (https://github.com/ansible-collections/community.aws/pull/424). diff --git a/changelogs/fragments/410-elasticache-fixes.yml b/changelogs/fragments/410-elasticache-fixes.yml deleted file mode 100644 index 69e9a176e0b..00000000000 --- a/changelogs/fragments/410-elasticache-fixes.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -bugfixes: - - elasticache - Fix ``KeyError`` issue when updating security group (https://github.com/ansible-collections/community.aws/pull/410). -minor_changes: - - elasticache - Improve docs a little, add intgration tests (https://github.com/ansible-collections/community.aws/pull/410). diff --git a/changelogs/fragments/414-rds_instance-tags-on-creation-from-snapshot.yml b/changelogs/fragments/414-rds_instance-tags-on-creation-from-snapshot.yml deleted file mode 100644 index bac87b428c6..00000000000 --- a/changelogs/fragments/414-rds_instance-tags-on-creation-from-snapshot.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- rds_instance - fixes bug preventing the use of tags when creating an RDS instance from a snapshot (https://github.com/ansible-collections/community.aws/issues/530). diff --git a/changelogs/fragments/419-iam_saml_federation-results.yml b/changelogs/fragments/419-iam_saml_federation-results.yml deleted file mode 100644 index 76500de7c6e..00000000000 --- a/changelogs/fragments/419-iam_saml_federation-results.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- iam_saml_federation - module now returns the state of the provider when no changes are made (https://github.com/ansible-collections/community.aws/pull/419). diff --git a/changelogs/fragments/421-ec2_vpc_egress_igw-retry.yml b/changelogs/fragments/421-ec2_vpc_egress_igw-retry.yml deleted file mode 100644 index 31c03c833c2..00000000000 --- a/changelogs/fragments/421-ec2_vpc_egress_igw-retry.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_vpc_egress_igw - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/421). diff --git a/changelogs/fragments/422-aws_region_info-retry.yml b/changelogs/fragments/422-aws_region_info-retry.yml deleted file mode 100644 index 03e6086b21e..00000000000 --- a/changelogs/fragments/422-aws_region_info-retry.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- aws_region_info - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/422). diff --git a/changelogs/fragments/427-ec2_vpc_nat_gateway-stability.yml b/changelogs/fragments/427-ec2_vpc_nat_gateway-stability.yml deleted file mode 100644 index 47552c54604..00000000000 --- a/changelogs/fragments/427-ec2_vpc_nat_gateway-stability.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- ec2_vpc_nat_gateway - use pagination on describe calls to ensure all results are fetched (https://github.com/ansible-collections/community.aws/pull/427). -- ec2_vpc_nat_gateway - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/427). diff --git a/changelogs/fragments/442-ec2_vpc_route_table-stability.yml b/changelogs/fragments/442-ec2_vpc_route_table-stability.yml deleted file mode 100644 index a91dbb6a378..00000000000 --- a/changelogs/fragments/442-ec2_vpc_route_table-stability.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: -- ec2_vpc_route_table_info - migrate to boto3 (https://github.com/ansible-collections/community.aws/pull/442). -- ec2_vpc_route_table - add AWSRetry decorators to improve reliability (https://github.com/ansible-collections/community.aws/pull/442). -- ec2_vpc_route_table - add boto3 pagination for some searches (https://github.com/ansible-collections/community.aws/pull/442). diff --git a/changelogs/fragments/445-ec2_vpc_nat_gateway-cleanup.yml b/changelogs/fragments/445-ec2_vpc_nat_gateway-cleanup.yml deleted file mode 100644 index 405a9fa573d..00000000000 --- a/changelogs/fragments/445-ec2_vpc_nat_gateway-cleanup.yml +++ /dev/null @@ -1,5 +0,0 @@ -minor_changes: - - ec2_vpc_nat_gateway - use custom waiters to manage NAT gateways states (deleted and available) (https://github.com/ansible-collections/community.aws/pull/445) - - ec2_vpc_nat_gateway - improve error handling (https://github.com/ansible-collections/community.aws/pull/445) - - ec2_vpc_nat_gateway - imporove documentation (https://github.com/ansible-collections/community.aws/pull/445) - - ec2_vpc_nat_gateway - code cleaning (https://github.com/ansible-collections/community.aws/pull/445) diff --git a/changelogs/fragments/446-ec2_vpc_nat_gateway_info_stability.yml b/changelogs/fragments/446-ec2_vpc_nat_gateway_info_stability.yml deleted file mode 100644 index 7fa94021b8f..00000000000 --- a/changelogs/fragments/446-ec2_vpc_nat_gateway_info_stability.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ec2_vpc_nat_gateway_info - solve RequestLimitExceeded error by adding retry decorator (https://github.com/ansible-collections/community.aws/pull/446) diff --git a/changelogs/fragments/447-s3_logging-boto3.yml b/changelogs/fragments/447-s3_logging-boto3.yml deleted file mode 100644 index 7bdf31bf290..00000000000 --- a/changelogs/fragments/447-s3_logging-boto3.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- s3_logging - migrated from boto to boto3 (https://github.com/ansible-collections/community.aws/pull/447). -- s3_logging - added support for check_mode (https://github.com/ansible-collections/community.aws/pull/447). diff --git a/changelogs/fragments/448-s3_lifecycle-stability.yml b/changelogs/fragments/448-s3_lifecycle-stability.yml deleted file mode 100644 index 972a91eb813..00000000000 --- a/changelogs/fragments/448-s3_lifecycle-stability.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: -- s3_lifecycle - Add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/448). -- s3_lifecycle - Fix idempotency when using dates instead of days (https://github.com/ansible-collections/community.aws/pull/448). -- s3_lifecycle - Add a ``wait`` parameter to wait for changes to propagate after being set (https://github.com/ansible-collections/community.aws/pull/448). diff --git a/changelogs/fragments/454-sns_topic_fix_sms_endpoint_canonicalization.yaml b/changelogs/fragments/454-sns_topic_fix_sms_endpoint_canonicalization.yaml deleted file mode 100644 index fd4cf415cef..00000000000 --- a/changelogs/fragments/454-sns_topic_fix_sms_endpoint_canonicalization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - sns_topic - Add ``+`` to allowable characters in SMS endpoints (https://github.com/ansible-collections/community.aws/pull/454). diff --git a/changelogs/fragments/460-add-support-for-vpc-endpoint-type.yml b/changelogs/fragments/460-add-support-for-vpc-endpoint-type.yml deleted file mode 100644 index 85a22936165..00000000000 --- a/changelogs/fragments/460-add-support-for-vpc-endpoint-type.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ec2_vpc_endpoint - Added support for specifying ``vpc_endpoint_type`` (https://github.com/ansible-collections/community.aws/pull/460). diff --git a/changelogs/fragments/470-ec2_metric_alarm-unit-optional.yml b/changelogs/fragments/470-ec2_metric_alarm-unit-optional.yml deleted file mode 100644 index 2216016def2..00000000000 --- a/changelogs/fragments/470-ec2_metric_alarm-unit-optional.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - ec2_metric_alarm - Made ``unit`` parameter optional (https://github.com/ansible-collections/community.aws/pull/470). - - ec2_metric_alarm - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/470). diff --git a/changelogs/fragments/471-no_log.yml b/changelogs/fragments/471-no_log.yml deleted file mode 100644 index 14217c20f5b..00000000000 --- a/changelogs/fragments/471-no_log.yml +++ /dev/null @@ -1,2 +0,0 @@ -security_fixes: -- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). diff --git a/changelogs/fragments/472-ec2_vpc_nat_gateway_info-stability.yml b/changelogs/fragments/472-ec2_vpc_nat_gateway_info-stability.yml deleted file mode 100644 index 9c56f1f3b07..00000000000 --- a/changelogs/fragments/472-ec2_vpc_nat_gateway_info-stability.yml +++ /dev/null @@ -1,5 +0,0 @@ -minor_changes: - - ec2_vpc_nat_gateway_info - Improve documentation (https://github.com/ansible-collections/community.aws/pull/472). - - ec2_vpc_nat_gateway_info - Add paginator (https://github.com/ansible-collections/community.aws/pull/472). - - ec2_vpc_nat_gateway_info - Improve error handling (https://github.com/ansible-collections/community.aws/pull/472) - - ec2_vpc_nat_gateway_info - Use normalize_boto3_result (https://github.com/ansible-collections/community.aws/pull/472) diff --git a/changelogs/fragments/473-ec2_vpc_endpoint_stabilization.yml b/changelogs/fragments/473-ec2_vpc_endpoint_stabilization.yml deleted file mode 100644 index 995517f9903..00000000000 --- a/changelogs/fragments/473-ec2_vpc_endpoint_stabilization.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: -- ec2_vpc_endpoint - The module now supports tagging endpoints. (https://github.com/ansible-collections/community.aws/pull/473) -- ec2_vpc_endpoint - Add retries on common AWS failures. (https://github.com/ansible-collections/community.aws/pull/473) -- ec2_vpc_endpoint - The module will now lookup existing endpoints and try to match on the provided parameters before creating a new endpoint for better idempotency. (https://github.com/ansible-collections/community.aws/pull/473) diff --git a/changelogs/fragments/475-no_log-missing.yml b/changelogs/fragments/475-no_log-missing.yml deleted file mode 100644 index c07ab112ad2..00000000000 --- a/changelogs/fragments/475-no_log-missing.yml +++ /dev/null @@ -1,4 +0,0 @@ -security_fixes: -- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." diff --git a/changelogs/fragments/476-ec2_instance_fix_key_error_when_instance_has_no_tags.yaml b/changelogs/fragments/476-ec2_instance_fix_key_error_when_instance_has_no_tags.yaml deleted file mode 100644 index ac4406fbc17..00000000000 --- a/changelogs/fragments/476-ec2_instance_fix_key_error_when_instance_has_no_tags.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ec2_instance - fix key errors when instance has no tags (https://github.com/ansible-collections/community.aws/pull/476). diff --git a/changelogs/fragments/493-ec2_asg_tg_updates.yaml b/changelogs/fragments/493-ec2_asg_tg_updates.yaml deleted file mode 100644 index fcd91e2812c..00000000000 --- a/changelogs/fragments/493-ec2_asg_tg_updates.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ec2_asg - fix target group update logic (https://github.com/ansible-collections/community.aws/pull/493). diff --git a/changelogs/fragments/497-s3_sync-add-storage_class.yaml b/changelogs/fragments/497-s3_sync-add-storage_class.yaml deleted file mode 100644 index bbca03d7357..00000000000 --- a/changelogs/fragments/497-s3_sync-add-storage_class.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- s3_sync - new ``storage_class`` feature allowing to specify the storage class when any object is added to an S3 bucket (https://github.com/ansible-collections/community.aws/issues/358). diff --git a/changelogs/fragments/500-rds_instance-purge-sg-option.yml b/changelogs/fragments/500-rds_instance-purge-sg-option.yml deleted file mode 100644 index 77c103cf399..00000000000 --- a/changelogs/fragments/500-rds_instance-purge-sg-option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- rds_instance - new ``purge_security_groups`` parameter (https://github.com/ansible-collections/community.aws/issues/385). diff --git a/changelogs/fragments/501-vpc_peering_connections.yml b/changelogs/fragments/501-vpc_peering_connections.yml deleted file mode 100644 index 8d9bdafacc0..00000000000 --- a/changelogs/fragments/501-vpc_peering_connections.yml +++ /dev/null @@ -1,5 +0,0 @@ -minor_changes: -- ec2_vpc_peer - add support for waiting on state changes (https://github.com/ansible-collections/community.aws/pull/501). -- ec2_vpc_peering_info - add ``vpc_peering_connections`` return value to be consistent with boto3 modules (https://github.com/ansible-collections/community.aws/pull/501). -bugfixes: -- ec2_vpc_peer - fix idempotency when rejecting and deleting peering connections (https://github.com/ansible-collections/community.aws/pull/501). diff --git a/changelogs/fragments/502-route53-aliases.yml b/changelogs/fragments/502-route53-aliases.yml deleted file mode 100644 index 6a7ead480d2..00000000000 --- a/changelogs/fragments/502-route53-aliases.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- route53 - fixes AWS API error when attempting to create Alias records (https://github.com/ansible-collections/community.aws/issues/434). diff --git a/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml b/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml deleted file mode 100644 index 9c02409d087..00000000000 --- a/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - aws_glue_connection - Added multple connection types (https://github.com/ansible-collections/community.aws/pull/503). - - aws_glue_connection - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/503). diff --git a/changelogs/fragments/505-ec2_instance-terminate_protection.yml b/changelogs/fragments/505-ec2_instance-terminate_protection.yml deleted file mode 100644 index 43a30016650..00000000000 --- a/changelogs/fragments/505-ec2_instance-terminate_protection.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- ec2_instance - ensure that termination protection isn't modified when using check_mode (https://github.com/ansible/ansible/issues/67716). diff --git a/changelogs/fragments/506-cloudtrail_fix_always_reporting_changed_with_kms_alias.yaml b/changelogs/fragments/506-cloudtrail_fix_always_reporting_changed_with_kms_alias.yaml deleted file mode 100644 index d243c9a5f41..00000000000 --- a/changelogs/fragments/506-cloudtrail_fix_always_reporting_changed_with_kms_alias.yaml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - cloudtrail - fix always reporting changed = true when kms alias used (https://github.com/ansible-collections/community.aws/pull/506). - - cloudtrail - fix lower casing of tag keys (https://github.com/ansible-collections/community.aws/pull/506). diff --git a/changelogs/fragments/510-fix-route53-private-zone-vpc.yaml b/changelogs/fragments/510-fix-route53-private-zone-vpc.yaml deleted file mode 100644 index 55cd4dea787..00000000000 --- a/changelogs/fragments/510-fix-route53-private-zone-vpc.yaml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - route53 - fix ``AttributeError`` in ``get_zone_id_by_name`` when a vpc_id - on a private zone is provided (https://github.com/ansible-collections/community.aws/issues/509). diff --git a/changelogs/fragments/515-rds_snapshot-aws-group.yml b/changelogs/fragments/515-rds_snapshot-aws-group.yml deleted file mode 100644 index 277eb9bdc4e..00000000000 --- a/changelogs/fragments/515-rds_snapshot-aws-group.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- rds_snapshot - added to the aws module_defaults group (https://github.com/ansible-collections/community.aws/pull/515). diff --git a/changelogs/fragments/521-ec2_instance_info-retries.yml b/changelogs/fragments/521-ec2_instance_info-retries.yml deleted file mode 100644 index 0fde1a3701d..00000000000 --- a/changelogs/fragments/521-ec2_instance_info-retries.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_instance_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/521). diff --git a/changelogs/fragments/525-route53-idempotency-regressions.yml b/changelogs/fragments/525-route53-idempotency-regressions.yml deleted file mode 100644 index 7377b404c93..00000000000 --- a/changelogs/fragments/525-route53-idempotency-regressions.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - "route53 - make sure that CAA values order is again ignored during idempotency comparsion (https://github.com/ansible-collections/community.aws/issues/524)." - - "route53 - fix handling for characters escaped by AWS in record names, like ``*`` and ``@``. This fixes idempotency for such record names (https://github.com/ansible-collections/community.aws/issues/524)." diff --git a/changelogs/fragments/528-route_53-return-values.yml b/changelogs/fragments/528-route_53-return-values.yml deleted file mode 100644 index eb9a5ffbd44..00000000000 --- a/changelogs/fragments/528-route_53-return-values.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- route53 - ensure that the old return values are re-added along side the new ones (https://github.com/ansible-collections/community.aws/issues/523). diff --git a/changelogs/fragments/532-ec2_instance-wait-status.yml b/changelogs/fragments/532-ec2_instance-wait-status.yml deleted file mode 100644 index aa0164d2d05..00000000000 --- a/changelogs/fragments/532-ec2_instance-wait-status.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_instance - wait for new instances to return a status before attempting to set additional parameters (https://github.com/ansible-collections/community.aws/pull/533). diff --git a/changelogs/fragments/532-rds_param_group-fix.yml b/changelogs/fragments/532-rds_param_group-fix.yml deleted file mode 100644 index a99c73425f6..00000000000 --- a/changelogs/fragments/532-rds_param_group-fix.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: -- rds_param_group - Add AWSRetry (https://github.com/ansible-collections/community.aws/pull/532). -- rds_param_group - Fix integration tests (https://github.com/ansible-collections/community.aws/pull/532). -- rds_param_group - Support check_mode (https://github.com/ansible-collections/community.aws/pull/532). \ No newline at end of file diff --git a/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml b/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml deleted file mode 100644 index feaf5f537da..00000000000 --- a/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ecs_taskdefinition - Documentation improvement (https://github.com/ansible-collections/community.aws/issues/520) diff --git a/changelogs/fragments/535-aws-ssm-session-token-missing.yml b/changelogs/fragments/535-aws-ssm-session-token-missing.yml deleted file mode 100644 index 2627a07dc15..00000000000 --- a/changelogs/fragments/535-aws-ssm-session-token-missing.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- aws_ssm - enable aws ssm connections if **AWS_SESSION_TOKEN** is missing (https://github.com/ansible-collections/community.aws/pull/535). diff --git a/changelogs/fragments/536-ec2_vpc_peering_info-retry.yml b/changelogs/fragments/536-ec2_vpc_peering_info-retry.yml deleted file mode 100644 index 87522621acf..00000000000 --- a/changelogs/fragments/536-ec2_vpc_peering_info-retry.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- ec2_vpc_peering_info - add retries on common AWS failures (https://github.com/ansible-collections/community.aws/pull/536). diff --git a/changelogs/fragments/537-ec2_vpc_endpoint_info-retries.yml b/changelogs/fragments/537-ec2_vpc_endpoint_info-retries.yml deleted file mode 100644 index fa619b76221..00000000000 --- a/changelogs/fragments/537-ec2_vpc_endpoint_info-retries.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- ec2_vpc_endpoint_info - use boto3 paginator when fetching services (https://github.com/ansible-collections/community.aws/pull/537). -- ec2_vpc_endpoint_info - ensure paginated endpoint description is retried on common AWS failures (https://github.com/ansible-collections/community.aws/pull/537). diff --git a/changelogs/fragments/542-ensure-ssm-plugin-terminates-connections.yml b/changelogs/fragments/542-ensure-ssm-plugin-terminates-connections.yml deleted file mode 100644 index 1cbe860d1d2..00000000000 --- a/changelogs/fragments/542-ensure-ssm-plugin-terminates-connections.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - aws_ssm - Adds destructor to SSM connection plugin to ensure connections are properly cleaned up after usage (https://github.com/ansible-collections/community.aws/pull/542). diff --git a/changelogs/fragments/548-elb-target-group-app-stickiness.yaml b/changelogs/fragments/548-elb-target-group-app-stickiness.yaml deleted file mode 100644 index 8eafa0a6d04..00000000000 --- a/changelogs/fragments/548-elb-target-group-app-stickiness.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- elb_target_group - Add elb target group attributes ``stickiness_app_cookie_name`` and ``stickiness_app_cookie_duration_seconds``. Also update docs for stickiness_type to mention application cookie (https://github.com/ansible-collections/community.aws/pull/548) diff --git a/changelogs/fragments/553-aws_config_aggregator-fix-organization-source.yml b/changelogs/fragments/553-aws_config_aggregator-fix-organization-source.yml deleted file mode 100644 index 2b020f50b76..00000000000 --- a/changelogs/fragments/553-aws_config_aggregator-fix-organization-source.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - aws_config_aggregator - Fix typos in attribute names (https://github.com/ansible-collections/community.aws/pull/553). diff --git a/changelogs/fragments/ignore_212.yml b/changelogs/fragments/ignore_212.yml deleted file mode 100644 index bfe0f7ade3c..00000000000 --- a/changelogs/fragments/ignore_212.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- sanity tests - add ignore.txt for 2.12 (https://github.com/ansible-collections/community.aws/pull/527). diff --git a/docs/community.aws.aws_acm_module.rst b/docs/community.aws.aws_acm_module.rst index b18479194d3..29c2d490025 100644 --- a/docs/community.aws.aws_acm_module.rst +++ b/docs/community.aws.aws_acm_module.rst @@ -479,7 +479,7 @@ Common return values are documented `here string - when state=present + when state=present and not in check mode
The ARN of the certificate in ACM

diff --git a/docs/community.aws.aws_config_recorder_module.rst b/docs/community.aws.aws_config_recorder_module.rst index 88f1cbb74cf..74132eb51ad 100644 --- a/docs/community.aws.aws_config_recorder_module.rst +++ b/docs/community.aws.aws_config_recorder_module.rst @@ -365,8 +365,8 @@ Examples state: present role_arn: 'arn:aws:iam::123456789012:role/AwsConfigRecorder' recording_group: - all_supported: true - include_global_types: true + all_supported: true + include_global_types: true diff --git a/docs/community.aws.aws_glue_connection_module.rst b/docs/community.aws.aws_glue_connection_module.rst index 1222fc1a9c8..2202ff9e781 100644 --- a/docs/community.aws.aws_glue_connection_module.rst +++ b/docs/community.aws.aws_glue_connection_module.rst @@ -41,6 +41,23 @@ Parameters Choices/Defaults Comments + + +
+ availability_zone + +
+ string +
+
added in 1.5.0
+ + + + +
Availability Zone used by the connection
+
Required when connection_type=NETWORK.
+ +
@@ -153,12 +170,16 @@ Parameters -
The type of the connection. Currently, only JDBC is supported; SFTP is not supported.
+
The type of the connection. Currently, SFTP is not supported.
@@ -291,6 +312,7 @@ Parameters
A list of security groups to be used by the connection. Use either security group name or ID.
+
Required when connection_type=NETWORK.
@@ -344,6 +366,7 @@ Parameters
The subnet ID used by the connection.
+
Required when connection_type=NETWORK.
@@ -395,6 +418,19 @@ Examples PASSWORD: my-password state: present + # Create an AWS Glue network connection + - community.aws.aws_glue_connection: + name: my-glue-network-connection + availability_zone: us-east-1a + connection_properties: + JDBC_ENFORCE_SSL: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - sg-glue + subnet_id: subnet-123abc + state: present + # Delete an AWS Glue connection - community.aws.aws_glue_connection: name: my-glue-connection diff --git a/docs/community.aws.aws_glue_job_module.rst b/docs/community.aws.aws_glue_job_module.rst index fa81138ac0a..ccbb2bd55f5 100644 --- a/docs/community.aws.aws_glue_job_module.rst +++ b/docs/community.aws.aws_glue_job_module.rst @@ -239,6 +239,22 @@ Parameters

aliases: aws_endpoint_url, endpoint_url
+ + +
+ glue_version + +
+ string +
+
added in 1.5.0
+ + + + +
Glue version determines the versions of Apache Spark and Python that AWS Glue supports.
+ +
@@ -285,6 +301,22 @@ Parameters
The name you assign to this job definition. It must be unique in your account.
+ + +
+ number_of_workers + +
+ integer +
+
added in 1.5.0
+ + + + +
The number of workers of a defined workerType that are allocated when a job runs.
+ +
@@ -407,6 +439,27 @@ Parameters
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+ + +
+ worker_type + +
+ string +
+
added in 1.5.0
+ + + + + +
The type of predefined worker that is allocated when a job runs.
+ +
@@ -739,3 +792,4 @@ Authors ~~~~~~~ - Rob White (@wimnat) +- Vijayanand Sharma (@vijayanandsharma) diff --git a/docs/community.aws.aws_s3_bucket_info_module.rst b/docs/community.aws.aws_s3_bucket_info_module.rst index c06522686ec..4e8862e3d8c 100644 --- a/docs/community.aws.aws_s3_bucket_info_module.rst +++ b/docs/community.aws.aws_s3_bucket_info_module.rst @@ -5,7 +5,7 @@ community.aws.aws_s3_bucket_info ******************************** -**Lists S3 buckets in AWS** +**lists S3 buckets in AWS** Version added: 1.0.0 @@ -17,7 +17,7 @@ Version added: 1.0.0 Synopsis -------- -- Lists S3 buckets in AWS +- Lists S3 buckets and details about those buckets. - This module was called ``aws_s3_bucket_facts`` before Ansible 2.9, returning ``ansible_facts``. Note that the :ref:`community.aws.aws_s3_bucket_info ` module no longer returns ``ansible_facts``! @@ -38,12 +38,12 @@ Parameters - + - - - - + + + + + + + + + + + -
ParameterParameter Choices/Defaults Comments
+
aws_access_key @@ -61,7 +61,7 @@ Parameters
+
aws_ca_bundle @@ -78,7 +78,7 @@ Parameters
+
aws_config @@ -95,7 +95,7 @@ Parameters
+
aws_secret_key @@ -113,9 +113,28 @@ Parameters
+
+ bucket_facts + +
+ dictionary +
+
added in 1.4.0
+ 		+ +
Retrieve requested S3 bucket detailed information
+
Each bucket_X option executes one API call, hence many options being set to true will cause slower module execution.
+
You can limit buckets by using the name or name_filter option.
+
- debug_botocore_endpoint_logs + bucket_accelerate_configuration
boolean @@ -128,81 +147,94 @@ Parameters
-
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
Retrive S3 accelerate configuration.
- ec2_url + bucket_acl
- string + boolean
+
    Choices: +
  • no ←
    • +
  • yes
    • +
-
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
-

aliases: aws_endpoint_url, endpoint_url
+
Retrive S3 bucket ACLs.
- profile + bucket_cors
- string + boolean
+
    Choices: +
  • no ←
    • +
  • yes
    • +
-
Uses a boto profile. Only works with boto >= 2.24.0.
-
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
-
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
-

aliases: aws_profile
+
Retrive S3 bucket CORS configuration.
- region + bucket_encryption
- string + boolean
+
    Choices: +
  • no ←
    • +
  • yes
    • +
-
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
-

aliases: aws_region, ec2_region
+
Retrive S3 bucket encryption.
- security_token + bucket_lifecycle_configuration
- string + boolean
+
    Choices: +
  • no ←
    • +
  • yes
    • +
-
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: aws_security_token, access_token
+
Retrive S3 bucket lifecycle configuration.
- validate_certs + bucket_location
boolean @@ -210,76 +242,1343 @@ Parameters
    Choices: -
  • no
    • -
  • yes ←
    • +
  • no ←
    • +
  • yes
 -
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
Retrive S3 bucket location.
-
- - -Notes ------ - -.. note:: - - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` - - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html - - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file - - - -Examples --------- - -.. code-block:: yaml - - # Note: These examples do not set authentication details, see the AWS Guide for details. - - # Note: Only AWS S3 is currently supported - - # Lists all s3 buckets - - community.aws.aws_s3_bucket_info: - register: result - - - name: List buckets - ansible.builtin.debug: - msg: "{{ result['buckets'] }}" - - - -Return Values -------------- -Common return values are documented `here `_, the following are the fields unique to this module: - -.. raw:: html - - - - - - - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
-
- buckets - +
+ bucket_logging +
- list + boolean
always -
List of buckets
-
-
Sample:
-
[{'creation_date': '2017-07-06 15:05:12 +00:00', 'name': 'my_bucket'}]
+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket logging.
+
+
+ bucket_notification_configuration + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket notification configuration.
+
+
+ bucket_ownership_controls + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 ownership controls.
+
+
+ bucket_policy + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket policy.
+
+
+ bucket_policy_status + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket policy status.
+
+
+ bucket_replication + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket replication.
+
+
+ bucket_request_payment + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket request payment.
+
+
+ bucket_tagging + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket tagging.
+
+ bucket_website + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket website.
+
+
+ public_access_block + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Retrive S3 bucket public access block.
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string +
+
added in 1.4.0
+ 		+ Default:
""
+ 		+
Name of bucket to query.
+
+
+ name_filter + +
+ string +
+
added in 1.4.0
+ 		+ Default:
""
+ 		+
Limits buckets to only buckets who's name contain the string in name_filter.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ transform_location + +
+ boolean +
+
added in 1.4.0
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
S3 bucket location for default us-east-1 is normally reported as null.
+
Setting this option to true will return us-east-1 instead.
+
Affects only queries with bucket_facts=true and bucket_location=true.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + # Note: These examples do not set authentication details, see the AWS Guide for details. + + # Note: Only AWS S3 is currently supported + + # Lists all s3 buckets + - community.aws.aws_s3_bucket_info: + register: result + + # Retrieve detailed bucket information + - community.aws.aws_s3_bucket_info: + # Show only buckets with name matching + name_filter: your.testing + # Choose facts to retrieve + bucket_facts: + # bucket_accelerate_configuration: true + bucket_acl: true + bucket_cors: true + bucket_encryption: true + # bucket_lifecycle_configuration: true + bucket_location: true + # bucket_logging: true + # bucket_notification_configuration: true + # bucket_ownership_controls: true + # bucket_policy: true + # bucket_policy_status: true + # bucket_replication: true + # bucket_request_payment: true + # bucket_tagging: true + # bucket_website: true + # public_access_block: true + transform_location: true + register: result + + # Print out result + - name: List buckets + ansible.builtin.debug: + msg: "{{ result['buckets'] }}" + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ bucket_list + +
+ complex +
+ 		always +
List of buckets
+
+
  +
+ bucket_acl + +
+ complex +
+ 		when bucket_facts=true and bucket_acl=true +
Bucket ACL configuration.
+
+
   +
+ Grants + +
+ list +
+ 		+
List of ACL grants.
+
+
   +
+ Owner + +
+ complex +
+ 		+
Bucket owner information.
+
+
    +
+ DisplayName + +
+ string +
+ 		always +
Bucket owner user display name.
+
+
Sample:
+
username
+
    +
+ ID + +
+ string +
+ 		always +
Bucket owner user ID.
+
+
Sample:
+
123894e509349etc
+
  +
+ bucket_cors + +
+ complex +
+ 		when bucket_facts=true and bucket_cors=true +
Bucket CORS configuration.
+
+
   +
+ CORSRules + +
+ list +
+ 		when CORS rules are defined for the bucket +
Bucket CORS configuration.
+
+
  +
+ bucket_encryption + +
+ complex +
+ 		when bucket_facts=true and bucket_encryption=true +
Bucket encryption configuration.
+
+
   +
+ ServerSideEncryptionConfiguration + +
+ complex +
+ 		when encryption is enabled on the bucket +
ServerSideEncryptionConfiguration configuration.
+
+
    +
+ Rules + +
+ list +
+ 		when encryption is enabled on the bucket +
List of applied encryptio rules.
+
+
Sample:
+
{'ApplyServerSideEncryptionByDefault': {'SSEAlgorithm': 'AES256'}, 'BucketKeyEnabled': False}
+
  +
+ bucket_lifecycle_configuration + +
+ complex +
+ 		when bucket_facts=true and bucket_lifecycle_configuration=true +
Bucket lifecycle configuration settings.
+
+
   +
+ Rules + +
+ list +
+ 		when lifecycle configuration is present +
List of lifecycle management rules.
+
+
Sample:
+
[{'Status': 'Enabled', 'ID': 'example-rule'}]
+
  +
+ bucket_location + +
+ complex +
+ 		when bucket_facts=true and bucket_location=true +
Bucket location.
+
+
   +
+ LocationConstraint + +
+ string +
+ 		always +
AWS region.
+
+
Sample:
+
us-east-2
+
  +
+ bucket_logging + +
+ complex +
+ 		when bucket_facts=true and bucket_logging=true +
Server access logging configuration.
+
+
   +
+ LoggingEnabled + +
+ complex +
+ 		when server access logging is defined for the bucket +
Server access logging configuration.
+
+
    +
+ TargetBucket + +
+ string +
+ 		always +
Target bucket name.
+
+
Sample:
+
logging-bucket-name
+
    +
+ TargetPrefix + +
+ string +
+ 		always +
Prefix in target bucket.
+
+
  +
+ bucket_name_filter + +
+ string +
+ 		when name_filter is defined +
String used to limit buckets. See name_filter.
+
+
Sample:
+
filter-by-this-string
+
  +
+ bucket_notification_configuration + +
+ complex +
+ 		when bucket_facts=true and bucket_notification_configuration=true +
Bucket notification settings.
+
+
   +
+ TopicConfigurations + +
+ list +
+ 		when at least one notification is configured +
List of notification events configurations.
+
+
  +
+ bucket_ownership_controls + +
+ complex +
+ 		when bucket_facts=true and bucket_ownership_controls=true +
Preffered object ownership settings.
+
+
   +
+ OwnershipControls + +
+ complex +
+ 		when ownership controls are defined for the bucket +
Object ownership settings.
+
+
    +
+ Rules + +
+ list +
+ 		when ownership rule is defined +
List of ownership rules.
+
+
Sample:
+
[{'ObjectOwnership:': 'ObjectWriter'}]
+
  +
+ bucket_policy + +
+ string +
+ 		when bucket_facts=true and bucket_policy=true +
Bucket policy contents.
+
+
Sample:
+
{"Version":"2012-10-17","Statement":[{"Sid":"AddCannedAcl","Effect":"Allow",..}}]}
+
  +
+ bucket_policy_status + +
+ complex +
+ 		when bucket_facts=true and bucket_policy_status=true +
Status of bucket policy.
+
+
   +
+ PolicyStatus + +
+ complex +
+ 		when bucket policy is present +
Status of bucket policy.
+
+
    +
+ IsPublic + +
+ boolean +
+ 		when bucket policy is present +
Report bucket policy public status.
+
+
Sample:
+
True
+
  +
+ bucket_replication + +
+ complex +
+ 		when bucket_facts=true and bucket_replication=true +
Replication configuration settings.
+
+
   +
+ Role + +
+ string +
+ 		when replication rule is defined +
IAM role used for replication.
+
+
Sample:
+
arn:aws:iam::123:role/example-role
+
   +
+ Rules + +
+ list +
+ 		when replication rule is defined +
List of replication rules.
+
+
Sample:
+
[{'ID': 'rule-1', 'Filter': '{}'}]
+
  +
+ bucket_request_payment + +
+ complex +
+ 		when bucket_facts=true and bucket_request_payment=true +
Requester pays setting.
+
+
   +
+ Payer + +
+ string +
+ 		always +
Current payer.
+
+
Sample:
+
BucketOwner
+
  +
+ bucket_tagging + +
+ dictionary +
+ 		when bucket_facts=true and bucket_tagging=true +
Bucket tags.
+
+
Sample:
+
{'Tag1': 'Value1', 'Tag2': 'Value2'}
+
  +
+ bucket_website + +
+ complex +
+ 		when bucket_facts=true and bucket_website=true +
Static website hosting.
+
+
   +
+ ErrorDocument + +
+ dictionary +
+ 		when static website hosting is enabled +
Object serving as HTTP error page.
+
+
Sample:
+
{'Key': 'error.html'}
+
   +
+ IndexDocument + +
+ dictionary +
+ 		when static website hosting is enabled +
Object serving as HTTP index page.
+
+
Sample:
+
{'Suffix': 'error.html'}
+
   +
+ RedirectAllRequestsTo + +
+ complex +
+ 		when redirect requests is configured +
Website redict settings.
+
+
    +
+ HostName + +
+ string +
+ 		always +
Hostname to redirect.
+
+
Sample:
+
www.example.com
+
    +
+ Protocol + +
+ string +
+ 		always +
Protocol used for redirect.
+
+
Sample:
+
https
+
  +
+ creation_date + +
+ string +
+ 		always +
Bucket creation date timestamp.
+
+
Sample:
+
2021-01-21T12:44:10+00:00
+
  +
+ name + +
+ string +
+ 		always +
Bucket name.
+
+
Sample:
+
a-testing-bucket-name
+
  +
+ public_access_block + +
+ complex +
+ 		when bucket_facts=true and public_access_block=true +
Bucket public access block configuration.
+
+
   +
+ PublicAccessBlockConfiguration + +
+ complex +
+ 		when PublicAccessBlockConfiguration is defined for the bucket +
PublicAccessBlockConfiguration data.
+
+
    +
+ BlockPublicAcls + +
+ boolean +
+ 		+
BlockPublicAcls setting value.
+
+
Sample:
+
True
+
    +
+ BlockPublicPolicy + +
+ boolean +
+ 		+
BlockPublicPolicy setting value.
+
+
Sample:
+
True
+
    +
+ IgnorePublicAcls + +
+ boolean +
+ 		+
IgnorePublicAcls setting value.
+
+
Sample:
+
True
+
    +
+ RestrictPublicBuckets + +
+ boolean +
+ 		+
RestrictPublicBuckets setting value.
+
+
Sample:
+
True
+


diff --git a/docs/community.aws.aws_ssm_connection.rst b/docs/community.aws.aws_ssm_connection.rst index 63c2dfa2cbf..5982f438b7e 100644 --- a/docs/community.aws.aws_ssm_connection.rst +++ b/docs/community.aws.aws_ssm_connection.rst @@ -115,6 +115,25 @@ Parameters
This defines the location of the session-manager-plugin binary.
+ + +
+ profile + +
+ - +
+
added in 1.5.0
+ + + + +
var: ansible_aws_ssm_profile
+ + +
Sets AWS profile to use.
+ +
diff --git a/docs/community.aws.aws_ssm_parameter_store_module.rst b/docs/community.aws.aws_ssm_parameter_store_module.rst index 63994c7d5d5..5e8a325f7bf 100644 --- a/docs/community.aws.aws_ssm_parameter_store_module.rst +++ b/docs/community.aws.aws_ssm_parameter_store_module.rst @@ -326,6 +326,27 @@ Parameters
Parameter String type.
+ + +
+ tier + +
+ string +
+
added in 1.5.0
+ + +
    Choices: +
  • Standard ←
    • +
  • Advanced
    • +
  • Intelligent-Tiering
    • +
+ + +
Parameter store tier type.
+ +
@@ -413,6 +434,13 @@ Examples value: "Test1234" overwrite_value: "always" + - name: Create or update key/value pair in aws parameter store with tier + community.aws.aws_ssm_parameter_store: + name: "Hello" + description: "This is your first key" + value: "World" + tier: "Advanced" + - name: recommend to use with aws_ssm lookup plugin ansible.builtin.debug: msg: "{{ lookup('amazon.aws.aws_ssm', 'hello') }}" @@ -472,6 +500,7 @@ Status Authors ~~~~~~~ +- Davinder Pal (@116davinder) - Nathan Webster (@nathanwebsterdotme) - Bill Wang (@ozbillwang) - Michael De La Rue (@mikedlr) diff --git a/docs/community.aws.ec2_asg_info_module.rst b/docs/community.aws.ec2_asg_info_module.rst index 70a2bbd4686..5f7e4ae800f 100644 --- a/docs/community.aws.ec2_asg_info_module.rst +++ b/docs/community.aws.ec2_asg_info_module.rst @@ -506,6 +506,23 @@ Common return values are documented `here public-webapp-production-1 + + +
+ lifecycle_hooks + +
+ list +
+ + success + +
List of lifecycle hooks for the ASG.
+
+
Sample:
+
[{'AutoScalingGroupName': 'public-webapp-production-1', 'DefaultResult': 'ABANDON', 'GlobalTimeout': 172800, 'HeartbeatTimeout': 3600, 'LifecycleHookName': 'instance-launch', 'LifecycleTransition': 'autoscaling:EC2_INSTANCE_LAUNCHING'}, {'AutoScalingGroupName': 'public-webapp-production-1', 'DefaultResult': 'ABANDON', 'GlobalTimeout': 172800, 'HeartbeatTimeout': 3600, 'LifecycleHookName': 'instance-terminate', 'LifecycleTransition': 'autoscaling:EC2_INSTANCE_TERMINATING'}]
+ +
diff --git a/docs/community.aws.ec2_asg_module.rst b/docs/community.aws.ec2_asg_module.rst index 29ed893ada5..ca3cdbf4ee0 100644 --- a/docs/community.aws.ec2_asg_module.rst +++ b/docs/community.aws.ec2_asg_module.rst @@ -39,12 +39,12 @@ Parameters - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -266,7 +269,7 @@ Parameters
ParameterParameter Choices/Defaults Comments
+
availability_zones @@ -61,7 +61,7 @@ Parameters
+
aws_access_key @@ -79,7 +79,7 @@ Parameters
+
aws_ca_bundle @@ -96,7 +96,7 @@ Parameters
+
aws_config @@ -113,7 +113,7 @@ Parameters
+
aws_secret_key @@ -131,7 +131,7 @@ Parameters
+
debug_botocore_endpoint_logs @@ -150,7 +150,7 @@ Parameters
+
default_cooldown @@ -166,7 +166,7 @@ Parameters
+
desired_capacity @@ -181,7 +181,7 @@ Parameters
+
ec2_url @@ -197,7 +197,7 @@ Parameters
+
health_check_period @@ -213,7 +213,7 @@ Parameters
+
health_check_type @@ -232,7 +232,7 @@ Parameters
+
launch_config_name @@ -248,7 +248,7 @@ Parameters
+
launch_template @@ -264,7 +264,7 @@ Parameters
+
launch_template_id @@ -280,7 +280,7 @@ Parameters
+
launch_template_name @@ -296,7 +296,7 @@ Parameters
+
version @@ -313,7 +313,7 @@ Parameters
+
lc_check @@ -332,7 +332,7 @@ Parameters
+
load_balancers @@ -348,7 +348,7 @@ Parameters
+
lt_check @@ -367,7 +367,7 @@ Parameters
+
max_instance_lifetime @@ -384,7 +384,7 @@ Parameters
+
max_size @@ -399,7 +399,7 @@ Parameters
+
metrics_collection @@ -418,7 +418,7 @@ Parameters
+
metrics_granularity @@ -434,7 +434,7 @@ Parameters
+
metrics_list @@ -451,7 +451,7 @@ Parameters
+
min_size @@ -466,7 +466,7 @@ Parameters
+
mixed_instances_policy @@ -484,7 +484,7 @@ Parameters
+
instance_types @@ -499,9 +499,143 @@ Parameters
A list of instance_types.
+
+ instances_distribution + +
+ dictionary +
+
added in 1.5.0
+ 		+ +
Specifies the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances, and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacity.
+ +
+
+ on_demand_allocation_strategy + +
+ string +
+
added in 1.5.0
+ 		+ +
Indicates how to allocate instance types to fulfill On-Demand capacity.
+
+
+ on_demand_base_capacity + +
+ integer +
+
added in 1.5.0
+ 		+ +
The minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances. This base portion is provisioned first as your group scales.
+
Default if not set is 0. If you leave it set to 0, On-Demand Instances are launched as a percentage of the Auto Scaling group's desired capacity, per the OnDemandPercentageAboveBaseCapacity setting.
+
+
+ on_demand_percentage_above_base_capacity + +
+ integer +
+
added in 1.5.0
+ 		+ +
Controls the percentages of On-Demand Instances and Spot Instances for your additional capacity beyond OnDemandBaseCapacity.
+
Default if not set is 100. If you leave it set to 100, the percentages are 100% for On-Demand Instances and 0% for Spot Instances.
+
Valid range: 0 to 100
+
+
+ spot_allocation_strategy + +
+ string +
+
added in 1.5.0
+ 		+ +
Indicates how to allocate instances across Spot Instance pools.
+
+
+ spot_instance_pools + +
+ integer +
+
added in 1.5.0
+ 		+ +
The number of Spot Instance pools across which to allocate your Spot Instances. The Spot pools are determined from the different instance types in the Overrides array of LaunchTemplate. Default if not set is 2.
+
Used only when the Spot allocation strategy is lowest-price.
+
Valid Range: Minimum value of 1. Maximum value of 20.
+
+
+ spot_max_price + +
+ string +
+
added in 1.5.0
+ 		+ +
The maximum price per unit hour that you are willing to pay for a Spot Instance.
+
If you leave the value of this parameter blank (which is the default), the maximum Spot price is set at the On-Demand price.
+
To remove a value that you previously set, include the parameter but leave the value blank.
+
name @@ -517,7 +651,7 @@ Parameters
+
notification_topic @@ -532,7 +666,7 @@ Parameters
+
notification_types @@ -549,7 +683,7 @@ Parameters
+
placement_group @@ -564,7 +698,7 @@ Parameters
+
profile @@ -582,7 +716,7 @@ Parameters
+
region @@ -598,7 +732,7 @@ Parameters
+
replace_all_instances @@ -617,7 +751,7 @@ Parameters
+
replace_batch_size @@ -633,7 +767,7 @@ Parameters
+
replace_instances @@ -649,7 +783,7 @@ Parameters
+
security_token @@ -667,7 +801,7 @@ Parameters
+
state @@ -686,7 +820,7 @@ Parameters
+
suspend_processes @@ -707,7 +841,7 @@ Parameters
+
tags @@ -725,7 +859,7 @@ Parameters
+
target_group_arns @@ -741,7 +875,7 @@ Parameters
+
termination_policies @@ -762,7 +896,7 @@ Parameters
+
validate_certs @@ -781,7 +915,7 @@ Parameters
+
vpc_zone_identifier @@ -797,7 +931,7 @@ Parameters
+
wait_for_instances @@ -816,7 +950,7 @@ Parameters
+
wait_timeout @@ -947,6 +1081,9 @@ Examples - t3a.large - t3.large - t2.large + instances_distribution: + on_demand_percentage_above_base_capacity: 0 + spot_allocation_strategy: capacity-optimized min_size: 1 max_size: 10 desired_capacity: 5 @@ -1278,7 +1415,7 @@ Common return values are documented `here
- mixed_instance_policy + mixed_instances_policy
list @@ -1286,12 +1423,29 @@ Common return values are documented `here
success -
Returns the list of instance types if a mixed instance policy is set.
+
Returns the list of instance types if a mixed instances policy is set.

Sample:
['t3.micro', 't3a.micro']
+
+ mixed_instances_policy_full + +
+ dictionary +
+ 		success +
Returns the full dictionary representation of the mixed instances policy if a mixed instances policy is set.
+
+
Sample:
+
{'instances_distribution': {'on_demand_allocation_strategy': 'prioritized', 'on_demand_base_capacity': 0, 'on_demand_percentage_above_base_capacity': 0, 'spot_allocation_strategy': 'capacity-optimized'}, 'launch_template': {'launch_template_specification': {'launch_template_id': 'lt-53c2425cffa544c23', 'launch_template_name': 'random-LaunchTemplate', 'version': '2'}, 'overrides': [{'instance_type': 'm5.xlarge'}, {'instance_type': 'm5a.xlarge'}]}}
+
diff --git a/docs/community.aws.ec2_launch_template_module.rst b/docs/community.aws.ec2_launch_template_module.rst index 12fda30b8a4..3bec3a190f9 100644 --- a/docs/community.aws.ec2_launch_template_module.rst +++ b/docs/community.aws.ec2_launch_template_module.rst @@ -748,6 +748,81 @@ Parameters
If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.
+
+ metadata_options + +
+ dictionary +
+
added in 1.5.0
+ 		+ +
Configure EC2 Metadata options.
+ +
+
+ http_endpoint + +
+ string +
+ 		+
    Choices: +
  • enabled ←
    • +
  • disabled
    • +
+ 		+
This parameter enables or disables the HTTP metadata endpoint on your instances.
+
+
+ http_put_response_hop_limit + +
+ integer +
+ 		+ Default:
1
+ 		+
The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
+
+
+ http_tokens + +
+ string +
+ 		+
    Choices: +
  • optional ←
    • +
  • required
    • +
+ 		+
The state of token usage for your instance metadata requests.
+
diff --git a/docs/community.aws.ec2_vpc_endpoint_info_module.rst b/docs/community.aws.ec2_vpc_endpoint_info_module.rst index 3b44f48627b..41e5eb15f28 100644 --- a/docs/community.aws.ec2_vpc_endpoint_info_module.rst +++ b/docs/community.aws.ec2_vpc_endpoint_info_module.rst @@ -17,7 +17,7 @@ Version added: 1.0.0 Synopsis -------- -- Gets various details related to AWS VPC Endpoints. +- Gets various details related to AWS VPC endpoints. - This module was called ``ec2_vpc_endpoint_facts`` before Ansible 2.9. The usage did not change. @@ -187,7 +187,6 @@ Parameters
string - / required
@@ -197,7 +196,11 @@ Parameters -
Specifies the query action to take. Services returns the supported AWS services that can be specified when creating an endpoint.
+
Defaults to endpoints.
+
Specifies the query action to take.
+
query=endpoints returns information about AWS VPC endpoints.
+
Retrieving information about services using query=services has been deprecated in favour of the ec2_vpc_endpoint_service_info module.
+
The query option has been deprecated and will be removed after 2022-12-01.
-
Get details of specific endpoint IDs
+
The IDs of specific endpoints to retrieve the details of.
diff --git a/docs/community.aws.ec2_vpc_endpoint_module.rst b/docs/community.aws.ec2_vpc_endpoint_module.rst index 2109632c1c6..13972b61a19 100644 --- a/docs/community.aws.ec2_vpc_endpoint_module.rst +++ b/docs/community.aws.ec2_vpc_endpoint_module.rst @@ -215,6 +215,26 @@ Parameters

aliases: aws_profile
+ + +
+ purge_tags + +
+ boolean +
+
added in 1.5.0
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Delete any tags not specified in the task that are on the instance. This means you have to specify all the desired tags on each task affecting an instance.
+ +
@@ -301,6 +321,23 @@ Parameters
absent to remove resource
+ + +
+ tags + +
+ dictionary +
+
added in 1.5.0
+ + + + +
A dict of tags to apply to the internet gateway.
+
To remove all tags set tags={} and purge_tags=true.
+ +
@@ -335,6 +372,27 @@ Parameters
One or more vpc endpoint ids to remove from the AWS account
+ + +
+ vpc_endpoint_type + +
+ string +
+
added in 1.5.0
+ + +
    Choices: +
  • Interface
    • +
  • Gateway ←
    • +
  • GatewayLoadBalancer
    • +
+ + +
The type of endpoint.
+ +
diff --git a/docs/community.aws.ec2_vpc_endpoint_service_info_module.rst b/docs/community.aws.ec2_vpc_endpoint_service_info_module.rst new file mode 100644 index 00000000000..3ae559e6026 --- /dev/null +++ b/docs/community.aws.ec2_vpc_endpoint_service_info_module.rst @@ -0,0 +1,544 @@ +.. _community.aws.ec2_vpc_endpoint_service_info_module: + + +******************************************* +community.aws.ec2_vpc_endpoint_service_info +******************************************* + +**retrieves AWS VPC endpoint service details** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Gets details related to AWS VPC Endpoint Services. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ filters + +
+ dictionary +
+ 		+ +
A dict of filters to apply.
+
Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html for possible filters.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ service_names + +
+ list + / elements=string +
+ 		+ +
A list of service names which can be used to narrow the search results.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + # Simple example of listing all supported AWS services for VPC endpoints + - name: List supported AWS endpoint services + community.aws.ec2_vpc_endpoint_service_info: + region: ap-southeast-2 + register: supported_endpoint_services + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ service_details + +
+ complex +
+ 		success +
Detailed information about the AWS VPC endpoint services.
+
+
  +
+ acceptance_required + +
+ boolean +
+ 		success +
Whether VPC endpoint connection requests to the service must be accepted by the service owner.
+
+
  +
+ availability_zones + +
+ list +
+ 		success +
The Availability Zones in which the service is available.
+
+
  +
+ base_endpoint_dns_names + +
+ list +
+ 		success +
The DNS names for the service.
+
+
  +
+ manages_vpc_endpoints + +
+ boolean +
+ 		success +
Whether the service manages its VPC endpoints.
+
+
  +
+ owner + +
+ string +
+ 		success +
The AWS account ID of the service owner.
+
+
  +
+ private_dns_name + +
+ string +
+ 		success +
The private DNS name for the service.
+
+
  +
+ private_dns_name_verification_state + +
+ string +
+ 		success +
The verification state of the VPC endpoint service.
+
Consumers of an endpoint service cannot use the private name when the state is not verified.
+
+
  +
+ private_dns_names + +
+ list +
+ 		success +
The private DNS names assigned to the VPC endpoint service.
+
+
  +
+ service_id + +
+ string +
+ 		success +
The ID of the endpoint service.
+
+
  +
+ service_name + +
+ string +
+ 		success +
The ARN of the endpoint service.
+
+
  +
+ service_type + +
+ list +
+ 		success +
The type of the service
+
+
  +
+ tags + +
+ dictionary +
+ 		success +
A dict of tags associated with the service
+
+
  +
+ vpc_endpoint_policy_supported + +
+ boolean +
+ 		success +
Whether the service supports endpoint policies.
+
+
+
+ service_names + +
+ list +
+ 		success +
List of supported AWS VPC endpoint service names.
+
+
Sample:
+
{'service_names': ['com.amazonaws.ap-southeast-2.s3']}
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Mark Chappell (@tremble) diff --git a/docs/community.aws.ec2_vpc_igw_info_module.rst b/docs/community.aws.ec2_vpc_igw_info_module.rst index 0085fb9fc8d..0aa0c6313ee 100644 --- a/docs/community.aws.ec2_vpc_igw_info_module.rst +++ b/docs/community.aws.ec2_vpc_igw_info_module.rst @@ -322,12 +322,12 @@ Common return values are documented `here - Key + Key Returned Description - +
changed @@ -344,22 +344,112 @@ Common return values are documented `here - +
internet_gateways
- list + complex
always
The internet gateways for the account.

+ + + +   + +
+ attachments + +
+ complex +
+ + state=present + +
Any VPCs attached to the internet gateway
+
+ + + +   +   + +
+ state + +
+ string +
+ + state=present + +
The current state of the attachment
+
Sample:
-
[{'attachments': [{'state': 'available', 'vpc_id': 'vpc-02123b67'}], 'internet_gateway_id': 'igw-2123634d', 'tags': [{'key': 'Name', 'value': 'test-vpc-20-igw'}]}]
+
available
+ +   +   + +
+ vpc_id + +
+ string +
+ + state=present + +
The ID of the VPC.
+
+
Sample:
+
vpc-02123b67
+ + + + +   + +
+ internet_gateway_id + +
+ string +
+ + state=present + +
The ID of the internet gateway
+
+
Sample:
+
igw-2123634d
+ + + +   + +
+ tags + +
+ dictionary +
+ + state=present + +
Any tags assigned to the internet gateway
+
+
Sample:
+
{'tags': {'Ansible': 'Test'}}
+ + +

diff --git a/docs/community.aws.ec2_vpc_igw_module.rst b/docs/community.aws.ec2_vpc_igw_module.rst index f61e4d1b0dd..73760706b9c 100644 --- a/docs/community.aws.ec2_vpc_igw_module.rst +++ b/docs/community.aws.ec2_vpc_igw_module.rst @@ -313,11 +313,27 @@ Examples # Ensure that the VPC has an Internet Gateway. # The Internet Gateway ID is can be accessed via {{igw.gateway_id}} for use in setting up NATs etc. - - community.aws.ec2_vpc_igw: + - name: Create Internet gateway + community.aws.ec2_vpc_igw: vpc_id: vpc-abcdefgh state: present register: igw + - name: Create Internet gateway with tags + community.aws.ec2_vpc_igw: + vpc_id: vpc-abcdefgh + state: present + tags: + Tag1: tag1 + Tag2: tag2 + register: igw + + - name: Delete Internet gateway + community.aws.ec2_vpc_igw: + state: absent + vpc_id: vpc-abcdefgh + register: vpc_igw_delete + Return Values diff --git a/docs/community.aws.ec2_vpc_nacl_module.rst b/docs/community.aws.ec2_vpc_nacl_module.rst index ebfc0f470b2..d935d3377be 100644 --- a/docs/community.aws.ec2_vpc_nacl_module.rst +++ b/docs/community.aws.ec2_vpc_nacl_module.rst @@ -162,7 +162,7 @@ Parameters Default:
[]
-
A list of rules for outgoing traffic. Each rule must be specified as a list. Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', '-1', 'all']), the rule action ('allow' or 'deny') the CIDR of the IPv4 network range to allow or deny, the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for TCP or UDP protocols, and the first port in the range for TCP or UDP protocols. See examples.
+
A list of rules for outgoing traffic. Each rule must be specified as a list. Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', 'ipv6-icmp', '-1', 'all']), the rule action ('allow' or 'deny') the CIDR of the IPv4 or IPv6 network range to allow or deny, the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for TCP or UDP protocols, and the first port in the range for TCP or UDP protocols. See examples.
@@ -179,7 +179,7 @@ Parameters Default:
[]
-
List of rules for incoming traffic. Each rule must be specified as a list. Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', '-1', 'all']), the rule action ('allow' or 'deny') the CIDR of the IPv4 network range to allow or deny, the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for TCP or UDP protocols, and the first port in the range for TCP or UDP protocols. See examples.
+
List of rules for incoming traffic. Each rule must be specified as a list. Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', 'ipv6-icmp', '-1', 'all']), the rule action ('allow' or 'deny') the CIDR of the IPv4 or IPv6 network range to allow or deny, the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for TCP or UDP protocols, and the first port in the range for TCP or UDP protocols. See examples.
@@ -390,9 +390,12 @@ Examples # port from, port to - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22] - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80] + - [205, 'tcp', 'allow', '::/0', null, null, 80, 80] - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8] + - [305, 'ipv6-icmp', 'allow', '::/0', 0, 8] egress: - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null] + - [105, 'all', 'allow', '::/0', null, null, null, null] state: 'present' - name: "Remove the ingress and egress rules - defaults to deny all" diff --git a/docs/community.aws.ec2_vpc_nat_gateway_info_module.rst b/docs/community.aws.ec2_vpc_nat_gateway_info_module.rst index a0f96adcf3c..f45feff24c6 100644 --- a/docs/community.aws.ec2_vpc_nat_gateway_info_module.rst +++ b/docs/community.aws.ec2_vpc_nat_gateway_info_module.rst @@ -311,12 +311,27 @@ Common return values are documented `here - Key + Key Returned Description - + +
+ changed + +
+ boolean +
+ + always + +
True if listing the internet gateways succeeds
+
+ + + +
result @@ -324,12 +339,233 @@ Common return values are documented `here list - success + suceess + +
The result of the describe, converted to ansible snake case style.
+ +
+ + + +   + +
+ create_time + +
+ string +
+ + always + +
The date and time the NAT gateway was created
+
+
Sample:
+
2021-03-11T22:43:25+00:00
+ + + +   + +
+ delete_time + +
+ string +
+ + when the NAT gateway has been deleted + +
The date and time the NAT gateway was deleted
+
+
Sample:
+
2021-03-11T22:43:25+00:00
+ + + +   + +
+ nat_gateway_addresses + +
+ dictionary +
+ + always + +
List containing a dictionary with the IP addresses and network interface associated with the NAT gateway
+
+ + + +   +   + +
+ allocation_id + +
+ string +
+ + always + +
The allocation ID of the Elastic IP address that's associated with the NAT gateway
+
+
Sample:
+
eipalloc-0853e66a40803da76
+ + + +   +   + +
+ network_interface_id + +
+ string +
+ + always -
The result of the describe, converted to ansible snake case style. See http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_nat_gateways for the response.
+
The ID of the network interface associated with the NAT gateway

+
Sample:
+
eni-0a37acdbe306c661c
+ +   +   + +
+ private_ip + +
+ string +
+ + always + +
The private IP address associated with the Elastic IP address
+
+
Sample:
+
10.0.238.227
+ + + +   +   + +
+ public_ip + +
+ string +
+ + always + +
The Elastic IP address associated with the NAT gateway
+
+
Sample:
+
34.204.123.52
+ + + + +   + +
+ nat_gateway_id + +
+ string +
+ + always + +
The ID of the NAT gateway
+
+
Sample:
+
nat-0c242a2397acf6173
+ + + +   + +
+ state + +
+ string +
+ + always + +
state of the NAT gateway
+
+
Sample:
+
available
+ + + +   + +
+ subnet_id + +
+ string +
+ + always + +
The ID of the subnet in which the NAT gateway is located
+
+
Sample:
+
subnet-098c447465d4344f9
+ + + +   + +
+ tags + +
+ dictionary +
+ + always + +
Tags applied to the NAT gateway
+
+
Sample:
+
{'Tag1': 'tag1', 'Tag_2': 'tag_2'}
+ + + +   + +
+ vpc_id + +
+ string +
+ + always + +
The ID of the VPC in which the NAT gateway is located
+
+
Sample:
+
vpc-02f37f48438ab7d4c
+ + +

diff --git a/docs/community.aws.ec2_vpc_nat_gateway_module.rst b/docs/community.aws.ec2_vpc_nat_gateway_module.rst index a158fdd5ddc..bbd93c609e8 100644 --- a/docs/community.aws.ec2_vpc_nat_gateway_module.rst +++ b/docs/community.aws.ec2_vpc_nat_gateway_module.rst @@ -366,7 +366,7 @@ Parameters -
A dict of tags to apply to the internet gateway.
+
A dict of tags to apply to the NAT gateway.
To remove all tags set tags={} and purge_tags=true.

aliases: resource_tags
@@ -516,17 +516,28 @@ Examples wait_timeout: 300 region: ap-southeast-2 - - name: Create new nat gateway using an allocation-id and tags. + - name: Create new nat gateway using allocation-id and tags. community.aws.ec2_vpc_nat_gateway: state: present subnet_id: subnet-12345678 allocation_id: eipalloc-12345678 region: ap-southeast-2 tags: - Tag1: tag1 - Tag2: tag2 + Tag1: tag1 + Tag2: tag2 register: new_nat_gateway + - name: Update tags without purge + community.aws.ec2_vpc_nat_gateway: + subnet_id: subnet-12345678 + allocation_id: eipalloc-12345678 + region: ap-southeast-2 + purge_tags: no + tags: + Tag3: tag3 + wait: yes + register: update_tags_nat_gateway + Return Values @@ -674,3 +685,4 @@ Authors - Allen Sanabria (@linuxdynasty) - Jon Hadfield (@jonhadfield) - Karen Cheng (@Etherdaemon) +- Alina Buzachis (@alinabuzachis) diff --git a/docs/community.aws.ec2_vpc_peer_module.rst b/docs/community.aws.ec2_vpc_peer_module.rst index bd29531d21e..c59ff562990 100644 --- a/docs/community.aws.ec2_vpc_peer_module.rst +++ b/docs/community.aws.ec2_vpc_peer_module.rst @@ -330,6 +330,25 @@ Parameters
VPC id of the requesting VPC.
+ + +
+ wait + +
+ boolean +
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Wait for peering state changes to complete.
+ +
@@ -507,25 +526,512 @@ Common return values are documented `here - Key + Key Returned Description + +
+ peering_id + +
+ string +
+ + always + +
The id of the VPC peering connection created/deleted.
+
+
Sample:
+
pcx-034223d7c0aec3cde
+ + + + +
+ vpc_peering_connection + +
+ complex +
+ + success + +
The details of the VPC peering connection as returned by Boto3 (snake cased).
+
+ + + +   + +
+ accepter_vpc_info + +
+ complex +
+ + success + +
Information about the VPC which accepted the connection.
+
+ + + +   +   + +
+ cidr_block + +
+ string +
+ + when connection is in the accepted state. + +
The primary CIDR for the VPC.
+
+ + + +   +   + +
+ cidr_block_set + +
+ complex +
+ + when connection is in the accepted state. + +
A list of all CIDRs for the VPC.
+
+ + + +   +   +  
- task + cidr_block + +
+ string +
+ + success + +
A CIDR block used by the VPC.
+
+ + + + +   +   + +
+ owner_id + +
+ string +
+ + success + +
The AWS account that owns the VPC.
+
+ + + +   +   + +
+ peering_options
dictionary
+ when connection is in the accepted state. + +
Additional peering configuration.
+
+ + + +   +   +   + +
+ allow_dns_resolution_from_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.
+
+ + + +   +   +   + +
+ allow_egress_from_local_classic_link_to_remote_vpc + +
+ boolean +
+ success -
The result of the create, accept, reject or delete action.
+
Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.

+ +   +   +   + +
+ allow_egress_from_local_vpc_to_remote_classic_link + +
+ boolean +
+ + success + +
Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.
+
+ + + + +   +   + +
+ region + +
+ string +
+ + success + +
The AWS region that the VPC is in.
+
+ + + +   +   + +
+ vpc_id + +
+ string +
+ + success + +
The ID of the VPC
+
+ + + + +   + +
+ requester_vpc_info + +
+ complex +
+ + success + +
Information about the VPC which requested the connection.
+
+ + + +   +   + +
+ cidr_block + +
+ string +
+ + when connection is not in the deleted state. + +
The primary CIDR for the VPC.
+
+ + + +   +   + +
+ cidr_block_set + +
+ complex +
+ + when connection is not in the deleted state. + +
A list of all CIDRs for the VPC.
+
+ + + +   +   +   + +
+ cidr_block + +
+ string +
+ + success + +
A CIDR block used by the VPC
+
+ + + + +   +   + +
+ owner_id + +
+ string +
+ + success + +
The AWS account that owns the VPC.
+
+ + + +   +   + +
+ peering_options + +
+ dictionary +
+ + when connection is not in the deleted state. + +
Additional peering configuration.
+
+ + + +   +   +   + +
+ allow_dns_resolution_from_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.
+
+ + + +   +   +   + +
+ allow_egress_from_local_classic_link_to_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.
+
+ + + +   +   +   + +
+ allow_egress_from_local_vpc_to_remote_classic_link + +
+ boolean +
+ + success + +
Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.
+
+ + + + +   +   + +
+ region + +
+ string +
+ + success + +
The AWS region that the VPC is in.
+
+ + + +   +   + +
+ vpc_id + +
+ string +
+ + success + +
The ID of the VPC
+
+ + + + +   + +
+ status + +
+ complex +
+ + success + +
Details of the current status of the connection.
+
+ + + +   +   + +
+ code + +
+ string +
+ + success + +
A short code describing the status of the connection.
+
+ + + +   +   + +
+ message + +
+ string +
+ + success + +
Additional information about the status of the connection.
+
+ + + + +   + +
+ tags + +
+ dictionary +
+ + success + +
Tags applied to the connection.
+
+ + + +   + +
+ vpc_peering_connection_id + +
+ string +
+ + success + +
The ID of the VPC peering connection.
+
+ + +

diff --git a/docs/community.aws.ec2_vpc_peering_info_module.rst b/docs/community.aws.ec2_vpc_peering_info_module.rst index ba19ed0b2c9..64d7086b0f2 100644 --- a/docs/community.aws.ec2_vpc_peering_info_module.rst +++ b/docs/community.aws.ec2_vpc_peering_info_module.rst @@ -303,12 +303,12 @@ Common return values are documented `here - Key + Key Returned Description - +
result @@ -322,6 +322,491 @@ Common return values are documented `here + + +
+ vpc_peering_connections + +
+ list +
+ + success + +
Details of the matching VPC peering connections.
+
+ + + +   + +
+ accepter_vpc_info + +
+ complex +
+ + success + +
Information about the VPC which accepted the connection.
+
+ + + +   +   + +
+ cidr_block + +
+ string +
+ + when connection is in the accepted state. + +
The primary CIDR for the VPC.
+
+ + + +   +   + +
+ cidr_block_set + +
+ complex +
+ + when connection is in the accepted state. + +
A list of all CIDRs for the VPC.
+
+ + + +   +   +   + +
+ cidr_block + +
+ string +
+ + success + +
A CIDR block used by the VPC.
+
+ + + + +   +   + +
+ owner_id + +
+ string +
+ + success + +
The AWS account that owns the VPC.
+
+ + + +   +   + +
+ peering_options + +
+ dictionary +
+ + when connection is in the accepted state. + +
Additional peering configuration.
+
+ + + +   +   +   + +
+ allow_dns_resolution_from_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.
+
+ + + +   +   +   + +
+ allow_egress_from_local_classic_link_to_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.
+
+ + + +   +   +   + +
+ allow_egress_from_local_vpc_to_remote_classic_link + +
+ boolean +
+ + success + +
Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.
+
+ + + + +   +   + +
+ region + +
+ string +
+ + success + +
The AWS region that the VPC is in.
+
+ + + +   +   + +
+ vpc_id + +
+ string +
+ + success + +
The ID of the VPC
+
+ + + + +   + +
+ requester_vpc_info + +
+ complex +
+ + success + +
Information about the VPC which requested the connection.
+
+ + + +   +   + +
+ cidr_block + +
+ string +
+ + when connection is not in the deleted state. + +
The primary CIDR for the VPC.
+
+ + + +   +   + +
+ cidr_block_set + +
+ complex +
+ + when connection is not in the deleted state. + +
A list of all CIDRs for the VPC.
+
+ + + +   +   +   + +
+ cidr_block + +
+ string +
+ + success + +
A CIDR block used by the VPC
+
+ + + + +   +   + +
+ owner_id + +
+ string +
+ + success + +
The AWS account that owns the VPC.
+
+ + + +   +   + +
+ peering_options + +
+ dictionary +
+ + when connection is not in the deleted state. + +
Additional peering configuration.
+
+ + + +   +   +   + +
+ allow_dns_resolution_from_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.
+
+ + + +   +   +   + +
+ allow_egress_from_local_classic_link_to_remote_vpc + +
+ boolean +
+ + success + +
Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.
+
+ + + +   +   +   + +
+ allow_egress_from_local_vpc_to_remote_classic_link + +
+ boolean +
+ + success + +
Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.
+
+ + + + +   +   + +
+ region + +
+ string +
+ + success + +
The AWS region that the VPC is in.
+
+ + + +   +   + +
+ vpc_id + +
+ string +
+ + success + +
The ID of the VPC
+
+ + + + +   + +
+ status + +
+ complex +
+ + success + +
Details of the current status of the connection.
+
+ + + +   +   + +
+ code + +
+ string +
+ + success + +
A short code describing the status of the connection.
+
+ + + +   +   + +
+ message + +
+ string +
+ + success + +
Additional information about the status of the connection.
+
+ + + + +   + +
+ tags + +
+ dictionary +
+ + success + +
Tags applied to the connection.
+
+ + + +   + +
+ vpc_peering_connection_id + +
+ string +
+ + success + +
The ID of the VPC peering connection.
+
+ + +

diff --git a/docs/community.aws.ec2_vpc_route_table_info_module.rst b/docs/community.aws.ec2_vpc_route_table_info_module.rst index 99b8f0021f3..18265c7b2fe 100644 --- a/docs/community.aws.ec2_vpc_route_table_info_module.rst +++ b/docs/community.aws.ec2_vpc_route_table_info_module.rst @@ -273,6 +273,484 @@ Examples +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ route_tables + +
+ complex +
+ 		always +
A list of dictionarys describing route tables
+ +
+
  +
+ associations + +
+ complex +
+ 		always +
List of subnets associated with the route table
+
+
   +
+ association_state + +
+ complex +
+ 		always +
The state of the association
+
+
    +
+ state + +
+ string +
+ 		always +
The state of the association
+
+
Sample:
+
associated
+
    +
+ state_message + +
+ string +
+ 		when available +
Additional information about the state of the association
+
+
Sample:
+
Creating association
+
   +
+ id + +
+ string +
+ 		always +
ID of association between route table and subnet
+
+
Sample:
+
rtbassoc-ab47cfc3
+
   +
+ main + +
+ boolean +
+ 		always +
Whether this is the main route table
+
+
   +
+ route_table_association_id + +
+ string +
+ 		always +
ID of association between route table and subnet
+
+
Sample:
+
rtbassoc-ab47cfc3
+
   +
+ route_table_id + +
+ string +
+ 		always +
ID of the route table
+
+
Sample:
+
rtb-bf779ed7
+
   +
+ subnet_id + +
+ string +
+ 		always +
ID of the subnet
+
+
Sample:
+
subnet-82055af9
+
  +
+ id + +
+ string +
+ 		always +
ID of the route table (same as route_table_id for backwards compatibility)
+
+
Sample:
+
rtb-bf779ed7
+
  +
+ owner_id + +
+ string +
+ 		always +
ID of the account which owns the route table
+
+
Sample:
+
012345678912
+
  +
+ propagating_vgws + +
+ list +
+ 		always +
List of Virtual Private Gateways propagating routes
+
+
  +
+ route_table_id + +
+ string +
+ 		always +
ID of the route table
+
+
Sample:
+
rtb-bf779ed7
+
  +
+ routes + +
+ complex +
+ 		always +
List of routes in the route table
+
+
   +
+ destination_cidr_block + +
+ string +
+ 		always +
CIDR block of destination
+
+
Sample:
+
10.228.228.0/22
+
   +
+ gateway_id + +
+ string +
+ 		when gateway is local or internet gateway +
ID of the gateway
+
+
Sample:
+
local
+
   +
+ instance_id + +
+ string +
+ 		always +
ID of a NAT instance.
+
Empty unless the route is via an EC2 instance
+
+
Sample:
+
i-abcd123456789
+
   +
+ instance_owner_id + +
+ string +
+ 		always +
AWS account owning the NAT instance
+
Empty unless the route is via an EC2 instance
+
+
Sample:
+
123456789012
+
   +
+ nat_gateway_id + +
+ string +
+ 		when the route is via a NAT gateway +
ID of the NAT gateway
+
+
Sample:
+
local
+
   +
+ network_interface_id + +
+ string +
+ 		always +
The ID of the network interface
+
Empty unless the route is via an EC2 instance
+
+
Sample:
+
123456789012
+
   +
+ origin + +
+ string +
+ 		always +
mechanism through which the route is in the table
+
+
Sample:
+
CreateRouteTable
+
   +
+ state + +
+ string +
+ 		always +
state of the route
+
+
Sample:
+
active
+
  +
+ tags + +
+ dictionary +
+ 		always +
Tags applied to the route table
+
+
Sample:
+
{'Name': 'Public route table', 'Public': 'true'}
+
  +
+ vpc_id + +
+ string +
+ 		always +
ID for the VPC in which the route lives
+
+
Sample:
+
vpc-6e2d2407
+
+

+ Status ------ @@ -282,3 +760,4 @@ Authors ~~~~~~~ - Rob White (@wimnat) +- Mark Chappell (@tremble) diff --git a/docs/community.aws.ecs_service_module.rst b/docs/community.aws.ecs_service_module.rst index a16229f3379..d510fe56790 100644 --- a/docs/community.aws.ecs_service_module.rst +++ b/docs/community.aws.ecs_service_module.rst @@ -516,6 +516,23 @@ Parameters + + +
+ platform_version + +
+ string +
+
added in 1.5.0
+ + + + +
Numeric part of platform version or LATEST
+ + +
diff --git a/docs/community.aws.ecs_task_module.rst b/docs/community.aws.ecs_task_module.rst index 3b0a99473d7..128ef7f6971 100644 --- a/docs/community.aws.ecs_task_module.rst +++ b/docs/community.aws.ecs_task_module.rst @@ -227,10 +227,32 @@ Parameters
Network configuration of the service. Only applicable for task definitions created with network_mode=awsvpc.
+
assign_public_ip requires botocore >= 1.8.4
+ +
+ assign_public_ip + +
+ boolean +
+
added in 1.5.0
+ + +
    Choices: +
  • no
    • +
  • yes
    • +
+ + +
Whether the task's elastic network interface receives a public IP address.
+ + + +
security_groups @@ -503,6 +525,21 @@ Examples - my_security_group register: task_output + - name: RUN a task on Fargate with public ip assigned + community.aws.ecs_task: + operation: run + count: 2 + cluster: console-sample-app-static-cluster + task_definition: console-sample-app-static-taskdef + task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" + started_by: ansible_user + launch_type: FARGATE + network_configuration: + assign_public_ip: yes + subnets: + - subnet-abcd1234 + register: task_output + - name: Stop a task community.aws.ecs_task: operation: stop diff --git a/docs/community.aws.ecs_taskdefinition_module.rst b/docs/community.aws.ecs_taskdefinition_module.rst index 2df741f9e84..0132cbad123 100644 --- a/docs/community.aws.ecs_taskdefinition_module.rst +++ b/docs/community.aws.ecs_taskdefinition_module.rst @@ -39,14 +39,1373 @@ Parameters - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - diff --git a/docs/community.aws.elb_target_group_module.rst b/docs/community.aws.elb_target_group_module.rst index e42913e8d92..7549b81d275 100644 --- a/docs/community.aws.elb_target_group_module.rst +++ b/docs/community.aws.elb_target_group_module.rst @@ -440,65 +440,67 @@ Parameters @@ -511,16 +513,11 @@ Parameters diff --git a/docs/community.aws.lambda_alias_module.rst b/docs/community.aws.lambda_alias_module.rst index 9687be4015a..c50bf63db31 100644 --- a/docs/community.aws.lambda_alias_module.rst +++ b/docs/community.aws.lambda_alias_module.rst @@ -462,6 +462,23 @@ Common return values are documented `here dev + + + + +
ParameterParameter Choices/Defaults Comments
+
+ arn + +
+ string +
+ 		+ +
The ARN of the task description to delete.
+
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ containers + +
+ list + / elements=dictionary + / required +
+ 		+ +
A list of containers definitions.
+ +
+
+ command + +
+ list +
+ 		+ +
The command that is passed to the container.
+
+
+ cpu + +
+ integer +
+ 		+ +
The number of cpu units reserved for the container.
+
+
+ dependsOn + +
+ list + / elements=dictionary +
+ 		+ +
The dependencies defined for container startup and shutdown.
+
When a dependency is defined for container startup, for container shutdown it is reversed.
+
+
+ condition + +
+ string + / required +
+ 		+
    Choices: +
  • start
    • +
  • complete
    • +
  • success
    • +
  • healthy
    • +
+ 		+
The dependency condition of the container.
+
+
+ containerName + +
+ string + / required +
+ 		+ +
The name of a container.
+
+
+ disableNetworking + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
When this parameter is True, networking is disabled within the container.
+
+
+ dnsSearchDomains + +
+ list +
+ 		+ +
A list of DNS search domains that are presented to the container.
+
This parameter is not supported for Windows containers.
+
+
+ dnsServers + +
+ list +
+ 		+ +
A list of DNS servers that are presented to the container.
+
This parameter is not supported for Windows containers.
+
+
+ dockerLabels + +
+ dictionary +
+ 		+ +
A key/value map of labels to add to the container.
+
+
+ dockerSecurityOptions + +
+ list +
+ 		+ +
A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems.
+
This parameter is not supported for Windows containers.
+
+
+ entryPoint + +
+ string +
+ 		+ +
The entry point that is passed to the container.
+
+
+ environment + +
+ list + / elements=dictionary +
+ 		+ +
The environment variables to pass to a container.
+
+
+ name + +
+ string +
+ 		+ +
The name of the key-value pair.
+
+
+ value + +
+ string +
+ 		+ +
The value of the key-value pair.
+
+
+ environmentFiles + +
+ list + / elements=dictionary +
+ 		+ +
A list of files containing the environment variables to pass to a container.
+
+
+ type + +
+ string +
+ 		+ +
The file type to use. The only supported value is s3.
+
+
+ value + +
+ string +
+ 		+ +
The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file.
+
+
+ essential + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
If essential=True, and the container fails or stops for any reason, all other containers that are part of the task are stopped.
+
+
+ extraHosts + +
+ list + / elements=dictionary +
+ 		+ +
A list of hostnames and IP address mappings to append to the /etc/hosts file on the container.
+
This parameter is not supported for Windows containers or tasks that use network_mode=awsvpc.
+
+
+ hostname + +
+ string +
+ 		+ +
The hostname to use in the /etc/hosts entry.
+
+
+ ipAddress + +
+ string +
+ 		+ +
The IP address to use in the /etc/hosts entry.
+
+
+ healthCheck + +
+ dictionary +
+ 		+ +
The health check command and associated configuration parameters for the container.
+
+
+ hostname + +
+ string +
+ 		+ +
The hostname to use for your container.
+
This parameter is not supported if network_mode=awsvpc.
+
+
+ image + +
+ string +
+ 		+ +
The image used to start a container.
+
+
+ interactive + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
When interactive=True, it allows to deploy containerized applications that require stdin or a tty to be allocated.
+
+
+ links + +
+ list +
+ 		+ +
Allows containers to communicate with each other without the need for port mappings.
+
This parameter is only supported if network_mode=bridge.
+
+
+ linuxParameters + +
+ list +
+ 		+ +
Linux-specific modifications that are applied to the container, such as Linux kernel capabilities.
+
+
+ capabilities + +
+ dictionary +
+ 		+ +
The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker.
+
+
+ add + +
+ list +
+ 		+
    Choices: +
  • ALL
    • +
  • AUDIT_CONTROL
    • +
  • AUDIT_WRITE
    • +
  • BLOCK_SUSPEND
    • +
  • CHOWN
    • +
  • DAC_OVERRIDE
    • +
  • DAC_READ_SEARCH
    • +
  • FOWNER
    • +
  • FSETID
    • +
  • IPC_LOCK
    • +
  • IPC_OWNER
    • +
  • KILL
    • +
  • LEASE
    • +
  • LINUX_IMMUTABLE
    • +
  • MAC_ADMIN
    • +
  • MAC_OVERRIDE
    • +
  • MKNOD
    • +
  • NET_ADMIN
    • +
  • NET_BIND_SERVICE
    • +
  • NET_BROADCAST
    • +
  • NET_RAW
    • +
  • SETFCAP
    • +
  • SETGID
    • +
  • SETPCAP
    • +
  • SETUID
    • +
  • SYS_ADMIN
    • +
  • SYS_BOOT
    • +
  • SYS_CHROOT
    • +
  • SYS_MODULE
    • +
  • SYS_NICE
    • +
  • SYS_PACCT
    • +
  • SYS_PTRACE
    • +
  • SYS_RAWIO
    • +
  • SYS_RESOURCE
    • +
  • SYS_TIME
    • +
  • SYS_TTY_CONFIG
    • +
  • SYSLOG
    • +
  • WAKE_ALARM
    • +
+ 		+
The Linux capabilities for the container that have been added to the default configuration provided by Docker.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ drop + +
+ list +
+ 		+
    Choices: +
  • ALL
    • +
  • AUDIT_CONTROL
    • +
  • AUDIT_WRITE
    • +
  • BLOCK_SUSPEND
    • +
  • CHOWN
    • +
  • DAC_OVERRIDE
    • +
  • DAC_READ_SEARCH
    • +
  • FOWNER
    • +
  • FSETID
    • +
  • IPC_LOCK
    • +
  • IPC_OWNER
    • +
  • KILL
    • +
  • LEASE
    • +
  • LINUX_IMMUTABLE
    • +
  • MAC_ADMIN
    • +
  • MAC_OVERRIDE
    • +
  • MKNOD
    • +
  • NET_ADMIN
    • +
  • NET_BIND_SERVICE
    • +
  • NET_BROADCAST
    • +
  • NET_RAW
    • +
  • SETFCAP
    • +
  • SETGID
    • +
  • SETPCAP
    • +
  • SETUID
    • +
  • SYS_ADMIN
    • +
  • SYS_BOOT
    • +
  • SYS_CHROOT
    • +
  • SYS_MODULE
    • +
  • SYS_NICE
    • +
  • SYS_PACCT
    • +
  • SYS_PTRACE
    • +
  • SYS_RAWIO
    • +
  • SYS_RESOURCE
    • +
  • SYS_TIME
    • +
  • SYS_TTY_CONFIG
    • +
  • SYSLOG
    • +
  • WAKE_ALARM
    • +
+ 		+
The Linux capabilities for the container that have been removed from the default configuration provided by Docker.
+
+
+ devices + +
+ list + / elements=dictionary +
+ 		+ +
Any host devices to expose to the container.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ containerPath + +
+ string +
+ 		+ +
The path inside the container at which to expose the host device.
+
+
+ hostPath + +
+ string + / required +
+ 		+ +
The path for the device on the host container instance.
+
+
+ permissions + +
+ list +
+ 		+ +
The explicit permissions to provide to the container for the device.
+
+
+ initProcessEnabled + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Run an init process inside the container that forwards signals and reaps processes.
+
+
+ maxSwap + +
+ integer +
+ 		+ +
The total amount of swap memory (in MiB) a container can use.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ sharedMemorySize + +
+ integer +
+ 		+ +
The value for the size (in MiB) of the /dev/shm volume.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ swappiness + +
+ integer +
+ 		+ +
This allows you to tune a container's memory swappiness behavior.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ tmpfs + +
+ list + / elements=dictionary +
+ 		+ +
The container path, mount options, and size (in MiB) of the tmpfs mount.
+
If launch_type=FARGATE, this parameter is not supported.
+
+
+ containerPath + +
+ string + / required +
+ 		+ +
The absolute file path where the tmpfs volume is to be mounted.
+
+
+ mountOptions + +
+ list +
+ 		+
    Choices: +
  • defaults
    • +
  • ro
    • +
  • rw
    • +
  • suid
    • +
  • nosuid
    • +
  • dev
    • +
  • nodev
    • +
  • exec
    • +
  • noexec
    • +
  • sync
    • +
  • async
    • +
  • dirsync
    • +
  • remount
    • +
  • mand
    • +
  • nomand
    • +
  • atime
    • +
  • noatime
    • +
  • diratime
    • +
  • nodiratime
    • +
  • bind
    • +
  • rbind
    • +
  • unbindable
    • +
  • runbindable
    • +
  • private
    • +
  • rprivate
    • +
  • shared
    • +
  • rshared
    • +
  • slave
    • +
  • rslave
    • +
  • relatime
    • +
  • norelatime
    • +
  • strictatime
    • +
  • nostrictatime
    • +
  • mode
    • +
  • uid
    • +
  • gid
    • +
  • nr_inodes
    • +
  • nr_blocks
    • +
  • mpol
    • +
+ 		+
The list of tmpfs volume mount options.
+
+
+ size + +
+ integer + / required +
+ 		+ +
The size (in MiB) of the tmpfs volume.
+
+
+ logConfiguration + +
+ dictionary +
+ 		+ +
The log configuration specification for the container.
+
+
+ logDriver + +
+ string +
+ 		+ +
The log driver to use for the container.
+
For tasks on AWS Fargate, the supported log drivers are awslogs, splunk, and awsfirelens.
+
For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, logentries, syslog, splunk, and awsfirelens.
+
+
+ memory + +
+ integer +
+ 		+ +
The amount (in MiB) of memory to present to the container.
+
+
+ memoryReservation + +
+ integer +
+ 		+ +
The soft limit (in MiB) of memory to reserve for the container.
+
+
+ mountPoints + +
+ list + / elements=dictionary +
+ 		+ +
The mount points for data volumes in your container.
+
+
+ containerPath + +
+ string +
+ 		+ +
The path on the container to mount the host volume at.
+
+
+ readOnly + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
If this value is True, the container has read-only access to the volume.
+
If this value is False, then the container can write to the volume.
+
+
+ sourceVolume + +
+ string +
+ 		+ +
The name of the volume to mount.
+
+
+ name + +
+ string +
+ 		+ +
The name of a container.
+
+
+ options + +
+ string +
+ 		+ +
The configuration options to send to the log driver.
+
+
+ portMappings + +
+ list + / elements=dictionary +
+ 		+ +
The list of port mappings for the container.
+
+
+ containerPort + +
+ integer +
+ 		+ +
The port number on the container that is bound to the user-specified or automatically assigned host port.
+
+
+ hostPort + +
+ integer +
+ 		+ +
The port number on the container instance to reserve for your container.
+
+
+ protocol + +
+ string +
+ 		+
    Choices: +
  • tcp ←
    • +
  • udp
    • +
+ 		+
The protocol used for the port mapping.
+
+
+ privileged + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
When this parameter is True, the container is given elevated privileges on the host container instance.
+
+
+ pseudoTerminal + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
When this parameter is True, a TTY is allocated.
+
+
+ readonlyRootFilesystem + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
When this parameter is True, the container is given read-only access to its root file system.
+
+
+ repositoryCredentials + +
+ dictionary +
+ 		+ +
The private repository authentication credentials to use.
+
+
+ credentialsParameter + +
+ string + / required +
+ 		+ +
The Amazon Resource Name (ARN) of the secret containing the private repository credentials.
+
+
+ resourceRequirements + +
+ list +
+ 		+ +
The type and amount of a resource to assign to a container.
+
The only supported resource is a GPU.
+
+
+ secretOptions + +
+ list + / elements=dictionary +
+ 		+ +
The secrets to pass to the log configuration.
+
- arn + name
string @@ -55,13 +1414,15 @@ Parameters
-
The ARN of the task description to delete.
+
The name of the secret.
- aws_access_key + valueFrom
string @@ -70,50 +1431,153 @@ Parameters
-
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_access_key, access_key
+
The secret to expose to the container.
+
+ secrets + +
+ list + / elements=dictionary +
+ 		+ +
The secrets to pass to the container.
+
- aws_ca_bundle + name
- path + string + / required
-
The location of a CA Bundle to use when validating SSL certificates.
-
Only used for boto3 based modules.
-
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
The value to set as the environment variable on the container.
- aws_config + size
- dictionary + string + / required
-
A dictionary to modify the botocore configuration.
- -
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
The secret to expose to the container.
+
+
+ startTimeout + +
+ integer +
+ 		+ +
Time duration (in seconds) to wait before giving up on resolving dependencies for a container.
+
+
+ stopTimeout + +
+ integer +
+ 		+ +
Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
+
+
+ systemControls + +
+ list +
+ 		+ +
A list of namespaced kernel parameters to set in the container.
+
+ ulimits + +
+ list + / elements=dictionary +
+ 		+ +
A list of ulimits to set in the container.
+
This parameter is not supported for Windows containers.
+
- aws_secret_key + hardLimit + +
+ integer +
+ 		+ +
The hard limit for the ulimit type.
+
+
+ name
string @@ -122,16 +1586,49 @@ Parameters
-
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_secret_key, secret_key
+
The type of the ulimit.
- containers + softLimit + +
+ integer +
+ 		+ +
The soft limit for the ulimit type.
+
+
+ user + +
+ string +
+ 		+ +
The user to use inside the container.
+
This parameter is not supported for Windows containers.
+
+
+ volumesFrom
list @@ -141,11 +1638,68 @@ Parameters
-
A list of containers definitions.
+
Data volumes to mount from another container.
+
+
+ readOnly + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
If this value is True, the container has read-only access to the volume.
+
If this value is False, then the container can write to the volume.
+
+ sourceContainer + +
+ string +
+ 		+ +
The name of another container within the same task definition from which to mount volumes.
+
+
+ workingDirectory + +
+ string +
+ 		+ +
The working directory in which to run commands inside the container.
+
cpu @@ -156,12 +1710,12 @@ Parameters 		-
The number of cpu units used by the task. If using the EC2 launch type, this field is optional and any value can be used.
-
If using the Fargate launch type, this field is required and you must use one of 256, 512, 1024, 2048, 4096.
+
The number of cpu units used by the task. If launch_type=EC2, this field is optional and any value can be used.
+
If launch_type=FARGATE, this field is required and you must use one of 256, 512, 1024, 2048, 4096.
+
debug_botocore_endpoint_logs @@ -180,7 +1734,7 @@ Parameters
+
ec2_url @@ -196,7 +1750,7 @@ Parameters
+
execution_role_arn @@ -211,7 +1765,7 @@ Parameters
+
family @@ -226,7 +1780,7 @@ Parameters
+
force_create @@ -245,7 +1799,7 @@ Parameters
+
launch_type @@ -264,7 +1818,7 @@ Parameters
+
memory @@ -275,12 +1829,12 @@ Parameters 		-
The amount (in MiB) of memory used by the task. If using the EC2 launch type, this field is optional and any value can be used.
-
If using the Fargate launch type, this field is required and is limited by the CPU.
+
The amount (in MiB) of memory used by the task. If launch_type=EC2, this field is optional and any value can be used.
+
If launch_type=FARGATE, this field is required and is limited by the CPU.
+
network_mode @@ -301,11 +1855,11 @@ Parameters
The Docker networking mode to use for the containers in the task.
awsvpc mode was added in Ansible 2.5
Windows containers must use network_mode=default, which will utilize docker NAT networking.
-
Setting network_mode=default for a Linux container will use bridge mode.
+
Setting network_mode=default for a Linux container will use bridge mode.
+
profile @@ -323,7 +1877,7 @@ Parameters
+
region @@ -339,7 +1893,7 @@ Parameters
+
revision @@ -354,7 +1908,7 @@ Parameters
+
security_token @@ -372,7 +1926,7 @@ Parameters
+
state @@ -392,7 +1946,7 @@ Parameters
+
task_role_arn @@ -407,7 +1961,7 @@ Parameters
+
validate_certs @@ -426,7 +1980,7 @@ Parameters
+
volumes @@ -443,7 +1997,7 @@ Parameters
+
name @@ -528,7 +2082,7 @@ Examples image: "nginx" portMappings: - containerPort: 8080 - hostPort: 8080 + hostPort: 8080 cpu: 512 memory: 1024 state: present @@ -542,13 +2096,29 @@ Examples image: "nginx" portMappings: - containerPort: 8080 - hostPort: 8080 + hostPort: 8080 launch_type: FARGATE cpu: 512 memory: 1024 state: present network_mode: awsvpc + - name: Create task definition + community.aws.ecs_taskdefinition: + family: nginx + containers: + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 + cpu: 512 + memory: 1024 + dependsOn: + - containerName: "simple-app" + condition: "start" + # Create Task Definition with Environment Variables and Secrets - name: Create task definition community.aws.ecs_taskdefinition: diff --git a/docs/community.aws.elasticache_module.rst b/docs/community.aws.elasticache_module.rst index 533176eec1f..0466cff2964 100644 --- a/docs/community.aws.elasticache_module.rst +++ b/docs/community.aws.elasticache_module.rst @@ -171,7 +171,8 @@ Parameters 		-
A list of cache security group names to associate with this cache cluster. Must be an empty list if inside a VPC.
+
A list of cache security group names to associate with this cache cluster.
+
Don't use if your Cache is inside a VPC. In that case use security_group_ids instead!
- stickiness_enabled + stickiness_app_cookie_duration
- boolean + integer
+
added in 1.5.0
 -
    Choices: -
  • no
    • -
  • yes
    • -
-
Indicates whether sticky sessions are enabled.
+
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the application-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds).
- stickiness_lb_cookie_duration + stickiness_app_cookie_name
- integer + string
+
added in 1.5.0
 -
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). Assumes stickiness_type is set to lb_cookie.
+
The name of the application cookie. Required if stickiness_type=app_cookie.
- stickiness_app_cookie_duration + stickiness_enabled
- integer + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load application-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). Assumes stickiness_type is app_cookie.
+
Indicates whether sticky sessions are enabled.
- stickiness_app_cookie_name + stickiness_lb_cookie_duration
- string + integer
-
The name of the application session cookie. Assumes stickiness_type is set to app_cookie.
+
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds).
- -
    Choices: -
  • lb_cookie ←
    • -
  • app_cookie
    • -
  • source_ip
    • -
The type of sticky sessions.
-
If not set AWS will default to lb_cookie for Application Load Balancers or source_ip for Network Load Balancers. For Application Load Balancers it is also possible to specify app_cookie for application managed cookies. Assumes stickiness_enabled is set to yes.
+
Valid values are lb_cookie, app_cookie or source_ip.
+
If not set AWS will default to lb_cookie for Application Load Balancers or source_ip for Network Load Balancers.
+
+ revision_id + +
+ string +
+ 		success +
A unique identifier that changes when you update the alias.
+
+
Sample:
+
12345678-1234-1234-1234-123456789abc
+


diff --git a/docs/community.aws.rds_instance_module.rst b/docs/community.aws.rds_instance_module.rst index aa2210fcf77..e679974045b 100644 --- a/docs/community.aws.rds_instance_module.rst +++ b/docs/community.aws.rds_instance_module.rst @@ -987,6 +987,27 @@ Parameters
Set to False to retain any enabled cloudwatch logs that aren't specified in the task and are associated with the instance.
+ + +
+ purge_security_groups + +
+ boolean +
+
added in 1.5.0
+ + +
    Choices: +
  • no
    • +
  • yes ←
    • +
+ + +
Set to False to retain any enabled security groups that aren't specified in the task and are associated with the instance.
+
Can be applied to vpc_security_group_ids and db_security_groups
+ +
@@ -1472,6 +1493,15 @@ Examples state: absent final_snapshot_identifier: "{{ snapshot_id }}" + - name: Add a new security group without purge + community.aws.rds_instance: + id: "{{ instance_id }}" + state: present + vpc_security_group_ids: + - sg-0be17ba10c9286b0b + purge_security_groups: false + register: result + Return Values diff --git a/docs/community.aws.route53_module.rst b/docs/community.aws.route53_module.rst index f9a26d702e2..8c08e3bff64 100644 --- a/docs/community.aws.route53_module.rst +++ b/docs/community.aws.route53_module.rst @@ -59,6 +59,7 @@ Parameters
Indicates if this is an alias record.
+
Mutually exclusive with ttl.
Defaults to false.
@@ -218,6 +219,7 @@ Parameters
Failover resource record sets only. Whether this is the primary or secondary resource record set. Allowed values are PRIMARY and SECONDARY
+
Mutually exclusive with weight and region.
@@ -352,6 +354,7 @@ Parameters
Latency-based resource record sets only Among resource record sets that have the same combination of DNS name and type, a value that determines which region this should be associated with for the latency-based routing
+
Mutually exclusive with weight and failover.
@@ -426,6 +429,7 @@ Parameters
The TTL, in second, to give the new record.
+
Mutually exclusive with alias.
@@ -557,6 +561,7 @@ Parameters
Weighted resource record sets only. Among resource record sets that have the same combination of DNS name and type, a value that determines what portion of traffic for the current resource record set is routed to the associated location.
+
Mutually exclusive with region and failover.
diff --git a/docs/community.aws.s3_lifecycle_module.rst b/docs/community.aws.s3_lifecycle_module.rst index c2a77f274b1..6382c26d25c 100644 --- a/docs/community.aws.s3_lifecycle_module.rst +++ b/docs/community.aws.s3_lifecycle_module.rst @@ -5,7 +5,7 @@ community.aws.s3_lifecycle ************************** -**Manage s3 bucket lifecycle rules in AWS** +**Manage S3 bucket lifecycle rules in AWS** Version added: 1.0.0 @@ -17,7 +17,7 @@ Version added: 1.0.0 Synopsis -------- -- Manage s3 bucket lifecycle rules in AWS +- Manage S3 bucket lifecycle rules in AWS. @@ -157,7 +157,8 @@ Parameters -
Indicates the lifetime of the objects that are subject to the rule by the date they will expire. The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified.
+
Indicates the lifetime of the objects that are subject to the rule by the date they will expire.
+
The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified.
@@ -172,7 +173,8 @@ Parameters -
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
+
Indicates the lifetime, in days, of the objects that are subject to the rule.
+
The value must be a non-zero positive integer.
@@ -188,7 +190,7 @@ Parameters -
Name of the s3 bucket
+
Name of the S3 bucket.
@@ -203,7 +205,7 @@ Parameters -
Delete noncurrent versions this many days after they become noncurrent
+
The number of days after which non-current versions should be deleted.
@@ -225,7 +227,7 @@ Parameters -
Transition noncurrent versions to this storage class
+
The storage class to which non-current versions are transitioned.
@@ -240,7 +242,7 @@ Parameters -
Transition noncurrent versions this many days after they become noncurrent
+
The number of days after which non-current versions will be transitioned to the storage class specified in noncurrent_version_storage_class.
@@ -256,9 +258,8 @@ Parameters -
A list of transition behaviors to be applied to noncurrent versions for the rule. Each storage class may be used only once. Each transition behavior contains these elements - transition_days - storage_class
+
A list of transition behaviors to be applied to noncurrent versions for the rule.
+
Each storage class may be used only once. Each transition behavior contains these elements transition_days storage_class
@@ -273,7 +274,8 @@ Parameters -
Prefix identifying one or more objects to which the rule applies. If no prefix is specified, the rule will apply to the whole bucket.
+
Prefix identifying one or more objects to which the rule applies.
+
If no prefix is specified, the rule will apply to the whole bucket.
@@ -310,7 +312,8 @@ Parameters -
"Whether to replace all the current transition(s) with the new transition(s). When false, the provided transition(s) will be added, replacing transitions with the same storage_class. When true, existing transitions will be removed and replaced with the new transition(s)
+
Whether to replace all the current transition(s) with the new transition(s).
+
When false, the provided transition(s) will be added, replacing transitions with the same storage_class. When true, existing transitions will be removed and replaced with the new transition(s)
@@ -360,7 +363,9 @@ Parameters -
Unique identifier for the rule. The value cannot be longer than 255 characters. A unique value for the rule will be generated if no value is provided.
+
Unique identifier for the rule.
+
The value cannot be longer than 255 characters.
+
A unique value for the rule will be generated if no value is provided.
@@ -397,7 +402,7 @@ Parameters -
Create or remove the lifecycle rule
+
Create or remove the lifecycle rule.
@@ -416,7 +421,8 @@ Parameters -
If 'enabled', the rule is currently being applied. If 'disabled', the rule is not currently being applied.
+
If enabled, the rule is currently being applied.
+
If disabled, the rule is not currently being applied.
@@ -439,7 +445,6 @@ Parameters
The storage class to transition to.
-
The 'standard_ia' class is only being available from Ansible version 2.2.
@@ -454,7 +459,9 @@ Parameters -
Indicates the lifetime of the objects that are subject to the rule by the date they will transition to a different storage class. The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified. If transition_days is not specified, this parameter is required."
+
Indicates the lifetime of the objects that are subject to the rule by the date they will transition to a different storage class.
+
The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified.
+
If (transition_days) is not specified, this parameter is required.
@@ -469,7 +476,8 @@ Parameters -
Indicates when, in days, an object transitions to a different storage class. If transition_date is not specified, this parameter is required.
+
Indicates when, in days, an object transitions to a different storage class.
+
If transition_date is not specified, this parameter is required.
@@ -485,7 +493,8 @@ Parameters -
A list of transition behaviors to be applied to the rule. Each storage class may be used only once. Each transition behavior may contain these elements transition_days transition_date storage_class
+
A list of transition behaviors to be applied to the rule.
+
Each storage class may be used only once. Each transition behavior may contain these elements transition_days transition_date storage_class
@@ -507,6 +516,26 @@ Parameters
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+ + +
+ wait + +
+ boolean +
+
added in 1.5.0
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Wait for the configuration to complete before returning.
+ +
@@ -515,8 +544,8 @@ Notes ----- .. note:: - - If specifying expiration time as days then transition time must also be specified in days - - If specifying expiration time as a date then transition time must also be specified as a date + - If specifying expiration time as days then transition time must also be specified in days. + - If specifying expiration time as a date then transition time must also be specified as a date. - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file diff --git a/docs/community.aws.s3_sync_module.rst b/docs/community.aws.s3_sync_module.rst index 843a11b44dd..bc674a64e25 100644 --- a/docs/community.aws.s3_sync_module.rst +++ b/docs/community.aws.s3_sync_module.rst @@ -415,6 +415,32 @@ Parameters

aliases: aws_security_token, access_token
+ + +
+ storage_class + +
+ string +
+
added in 1.5.0
+ + +
    Choices: +
  • STANDARD ←
    • +
  • REDUCED_REDUNDANCY
    • +
  • STANDARD_IA
    • +
  • ONEZONE_IA
    • +
  • INTELLIGENT_TIERING
    • +
  • GLACIER
    • +
  • DEEP_ARCHIVE
    • +
  • OUTPOSTS
    • +
+ + +
Storage class to be associated to each object added to the S3 bucket.
+ +
@@ -458,6 +484,12 @@ Examples bucket: tedder file_root: roles/s3/files/ + - name: basic upload using the glacier storage class + community.aws.s3_sync: + bucket: tedder + file_root: roles/s3/files/ + storage_class: GLACIER + - name: all the options community.aws.s3_sync: bucket: tedder @@ -469,6 +501,7 @@ Examples file_change_strategy: force permission: public-read cache_control: "public, max-age=31536000" + storage_class: "GLACIER" include: "*" exclude: "*.txt,.*" diff --git a/docs/community.aws.wafv2_ip_set_info_module.rst b/docs/community.aws.wafv2_ip_set_info_module.rst new file mode 100644 index 00000000000..204f6619644 --- /dev/null +++ b/docs/community.aws.wafv2_ip_set_info_module.rst @@ -0,0 +1,391 @@ +.. _community.aws.wafv2_ip_set_info_module: + + +******************************* +community.aws.wafv2_ip_set_info +******************************* + +**Get information about wafv2 ip sets** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Get information about existing wafv2 ip sets. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the IP set.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Specifies whether this is for an AWS CloudFront distribution or for a regional application.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: test ip set + wafv2_ip_set_info: + name: test02 + scope: REGIONAL + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ addresses + +
+ list +
+ 		Always, as long as the ip set exists +
Current addresses of the ip set
+
+
Sample:
+
['8.8.8.8/32', '8.8.4.4/32']
+
+
+ arn + +
+ string +
+ 		Always, as long as the ip set exists +
IP set arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/ipset/test02/4b007330-2934-4dc5-af24-82dcb3aeb127
+
+
+ description + +
+ string +
+ 		Always, as long as the ip set exists +
Description of the ip set
+
+
Sample:
+
Some IP set description
+
+
+ ip_address_version + +
+ string +
+ 		Always, as long as the ip set exists +
IP version of the ip set
+
+
Sample:
+
IPV4
+
+
+ name + +
+ string +
+ 		Always, as long as the ip set exists +
IP set name
+
+
Sample:
+
test02
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_ip_set_module.rst b/docs/community.aws.wafv2_ip_set_module.rst new file mode 100644 index 00000000000..cd08ee1d1fd --- /dev/null +++ b/docs/community.aws.wafv2_ip_set_module.rst @@ -0,0 +1,508 @@ +.. _community.aws.wafv2_ip_set_module: + + +************************** +community.aws.wafv2_ip_set +************************** + +**wafv2_ip_set** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Create, modify and delete IP sets for WAFv2. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ addresses + +
+ list + / elements=string +
+ 		+ +
Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation.
+
Required when state=present.
+
When state=absent and addresses is defined, only the given IP addresses will be removed from the IP set. The entire IP set itself will stay present.
+
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ description + +
+ string +
+ 		+ +
Description of the IP set.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ ip_address_version + +
+ string +
+ 		+
    Choices: +
  • IPV4
    • +
  • IPV6
    • +
+ 		+
Specifies whether this is an IPv4 or an IPv6 IP set.
+
Required when state=present.
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the IP set.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ purge_addresses + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to no, keep the existing addresses in place. Will modify and add, but will not delete.
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Specifies whether this is for an AWS CloudFront distribution or for a regional application, such as API Gateway or Application LoadBalancer.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ state + +
+ string + / required +
+ 		+
    Choices: +
  • present
    • +
  • absent
    • +
+ 		+
Whether the rule is present or absent.
+
+
+ tags + +
+ dictionary +
+ 		+ +
Key value pairs to associate with the resource.
+
Currently tags are not visible. Nor in the web ui, nor via cli and nor in boto3.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: test ip set + wafv2_ip_set: + name: test02 + state: present + description: hallo eins + scope: REGIONAL + ip_address_version: IPV4 + addresses: + - 8.8.8.8/32 + - 8.8.4.4/32 + tags: + A: B + C: D + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ addresses + +
+ list +
+ 		Always, as long as the ip set exists +
Current addresses of the ip set
+
+
Sample:
+
['8.8.8.8/32', '8.8.4.4/32']
+
+
+ arn + +
+ string +
+ 		Always, as long as the ip set exists +
IP set arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/ipset/test02/4b007330-2934-4dc5-af24-82dcb3aeb127
+
+
+ description + +
+ string +
+ 		Always, as long as the ip set exists +
Description of the ip set
+
+
Sample:
+
Some IP set description
+
+
+ ip_address_version + +
+ string +
+ 		Always, as long as the ip set exists +
IP version of the ip set
+
+
Sample:
+
IPV4
+
+
+ name + +
+ string +
+ 		Always, as long as the ip set exists +
IP set name
+
+
Sample:
+
test02
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_resources_info_module.rst b/docs/community.aws.wafv2_resources_info_module.rst new file mode 100644 index 00000000000..3c11ea767b7 --- /dev/null +++ b/docs/community.aws.wafv2_resources_info_module.rst @@ -0,0 +1,323 @@ +.. _community.aws.wafv2_resources_info_module: + + +********************************** +community.aws.wafv2_resources_info +********************************** + +**wafv2_resources_info** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- List web acl resources. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string + / required +
+ 		+ +
The name wafv2 acl of interest.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of wafv2 web acl.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: get web acl + community.aws.wafv2_resources_info: + name: string03 + scope: REGIONAL + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + +
KeyReturnedDescription
+
+ resource_arns + +
+ list +
+ 		Always, as long as the wafv2 exists +
Current resources where the wafv2 is applied on
+
+
Sample:
+
['arn:aws:elasticloadbalancing:eu-central-1:111111111:loadbalancer/app/test03/dd83ea041ba6f933']
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_resources_module.rst b/docs/community.aws.wafv2_resources_module.rst new file mode 100644 index 00000000000..5cce8c74359 --- /dev/null +++ b/docs/community.aws.wafv2_resources_module.rst @@ -0,0 +1,359 @@ +.. _community.aws.wafv2_resources_module: + + +***************************** +community.aws.wafv2_resources +***************************** + +**wafv2_web_acl** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Apply or remove wafv2 to other aws resources. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ arn + +
+ string + / required +
+ 		+ +
AWS resources (ALB, API Gateway or AppSync GraphQL API) ARN
+
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string +
+ 		+ +
The name of the web acl.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of waf
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ state + +
+ string + / required +
+ 		+
    Choices: +
  • present
    • +
  • absent
    • +
+ 		+
Whether the rule is present or absent.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: add test alb to waf string03 + community.aws.wafv2_resources: + name: string03 + scope: REGIONAL + state: present + arn: "arn:aws:elasticloadbalancing:eu-central-1:111111111:loadbalancer/app/test03/dd83ea041ba6f933" + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + +
KeyReturnedDescription
+
+ resource_arns + +
+ list +
+ 		Always, as long as the wafv2 exists +
Current resources where the wafv2 is applied on
+
+
Sample:
+
['arn:aws:elasticloadbalancing:eu-central-1:111111111:loadbalancer/app/test03/dd83ea041ba6f933']
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_rule_group_info_module.rst b/docs/community.aws.wafv2_rule_group_info_module.rst new file mode 100644 index 00000000000..9de423f1e64 --- /dev/null +++ b/docs/community.aws.wafv2_rule_group_info_module.rst @@ -0,0 +1,429 @@ +.. _community.aws.wafv2_rule_group_info_module: + + +*********************************** +community.aws.wafv2_rule_group_info +*********************************** + +**wafv2_web_acl_info** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Get informations about existing wafv2 rule groups. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the rule group.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of wafv2 rule group.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ state + +
+ string + / required +
+ 		+
    Choices: +
  • present
    • +
  • absent
    • +
+ 		+
Whether the rule is present or absent.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: rule group info + community.aws.wafv2_rule_group_info: + name: test02 + state: present + scope: REGIONAL + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ arn + +
+ string +
+ 		Always, as long as the web acl exists +
Rule group arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/rulegroup/test02/6e90c01a-e4eb-43e5-b6aa-b1604cedf7d7
+
+
+ capacity + +
+ integer +
+ 		Always, as long as the rule group exists +
Current capacity of the rule group
+
+
Sample:
+
500
+
+
+ description + +
+ string +
+ 		Always, as long as the web acl exists +
Description of the rule group
+
+
Sample:
+
Some rule group description
+
+
+ name + +
+ string +
+ 		Always, as long as the rule group exists +
Rule group name
+
+
Sample:
+
test02
+
+
+ rules + +
+ list +
+ 		Always, as long as the rule group exists +
Current rules of the rule group
+
+
Sample:
+
[{'action': {'allow': {}}, 'name': 'eins', 'priority': 1, 'statement': {'ip_set_reference_statement': {'arn': 'arn:aws:wafv2:eu-central-1:111111111:regional/ipset/test02/b6978915-c67b-4d1c-8832-2b1bb452143a'}}, 'visibility_config': {'cloud_watch_metrics_enabled': True, 'metric_name': 'fsd', 'sampled_requests_enabled': True}}]
+
+
+ visibility_config + +
+ dictionary +
+ 		Always, as long as the rule group exists +
Visibility config of the rule group
+
+
Sample:
+
{'cloud_watch_metrics_enabled': True, 'metric_name': 'blub', 'sampled_requests_enabled': False}
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_rule_group_module.rst b/docs/community.aws.wafv2_rule_group_module.rst new file mode 100644 index 00000000000..a158cbb7946 --- /dev/null +++ b/docs/community.aws.wafv2_rule_group_module.rst @@ -0,0 +1,633 @@ +.. _community.aws.wafv2_rule_group_module: + + +****************************** +community.aws.wafv2_rule_group +****************************** + +**wafv2_web_acl** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Create, modify and delete wafv2 rule groups. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ capacity + +
+ integer +
+ 		+ +
capacity of wafv2 rule group.
+
+
+ cloudwatch_metrics + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
Enable cloudwatch metric for wafv2 rule group
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ description + +
+ string +
+ 		+ +
Description of wafv2 rule group.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ metric_name + +
+ string +
+ 		+ +
Name of cloudwatch metrics.
+
If not given and cloudwatch_metrics is enabled, the name of the rule group itself will be taken.
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the rule group.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ purge_rules + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to no, keep the existing load balancer rules in place. Will modify and add, but will not delete.
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ rules + +
+ list + / elements=dictionary +
+ 		+ +
The Rule statements used to identify the web requests that you want to allow, block, or count.
+
+
+ sampled_requests + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Sampled requests, true or false.
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of wafv2 rule group.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ state + +
+ string + / required +
+ 		+
    Choices: +
  • present
    • +
  • absent
    • +
+ 		+
Whether the rule is present or absent.
+
+
+ tags + +
+ dictionary +
+ 		+ +
tags for wafv2 rule group.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: change description + community.aws.wafv2_rule_group: + name: test02 + state: present + description: hallo eins zwei + scope: REGIONAL + capacity: 500 + rules: + - name: eins + priority: 1 + action: + allow: {} + visibility_config: + sampled_requests_enabled: yes + cloud_watch_metrics_enabled: yes + metric_name: fsd + statement: + ip_set_reference_statement: + arn: "{{ IPSET.arn }}" + cloudwatch_metrics: yes + tags: + A: B + C: D + register: out + + - name: add rule + community.aws.wafv2_rule_group: + name: test02 + state: present + description: hallo eins zwei + scope: REGIONAL + capacity: 500 + rules: + - name: eins + priority: 1 + action: + allow: {} + visibility_config: + sampled_requests_enabled: yes + cloud_watch_metrics_enabled: yes + metric_name: fsd + statement: + ip_set_reference_statement: + arn: "{{ IPSET.arn }}" + - name: zwei + priority: 2 + action: + block: {} + visibility_config: + sampled_requests_enabled: yes + cloud_watch_metrics_enabled: yes + metric_name: ddos + statement: + or_statement: + statements: + - byte_match_statement: + search_string: ansible.com + positional_constraint: CONTAINS + field_to_match: + single_header: + name: host + text_transformations: + - type: LOWERCASE + priority: 0 + - xss_match_statement: + field_to_match: + body: {} + text_transformations: + - type: NONE + priority: 0 + cloudwatch_metrics: yes + tags: + A: B + C: D + register: out + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ arn + +
+ string +
+ 		Always, as long as the web acl exists +
Rule group arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/rulegroup/test02/6e90c01a-e4eb-43e5-b6aa-b1604cedf7d7
+
+
+ capacity + +
+ integer +
+ 		Always, as long as the rule group exists +
Current capacity of the rule group
+
+
Sample:
+
500
+
+
+ description + +
+ string +
+ 		Always, as long as the web acl exists +
Description of the rule group
+
+
Sample:
+
Some rule group description
+
+
+ name + +
+ string +
+ 		Always, as long as the rule group exists +
Rule group name
+
+
Sample:
+
test02
+
+
+ rules + +
+ list +
+ 		Always, as long as the rule group exists +
Current rules of the rule group
+
+
Sample:
+
[{'action': {'allow': {}}, 'name': 'eins', 'priority': 1, 'statement': {'ip_set_reference_statement': {'arn': 'arn:aws:wafv2:eu-central-1:11111111:regional/ipset/test02/b6978915-c67b-4d1c-8832-2b1bb452143a'}}, 'visibility_config': {'cloud_watch_metrics_enabled': True, 'metric_name': 'fsd', 'sampled_requests_enabled': True}}]
+
+
+ visibility_config + +
+ dictionary +
+ 		Always, as long as the rule group exists +
Visibility config of the rule group
+
+
Sample:
+
{'cloud_watch_metrics_enabled': True, 'metric_name': 'blub', 'sampled_requests_enabled': False}
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_web_acl_info_module.rst b/docs/community.aws.wafv2_web_acl_info_module.rst new file mode 100644 index 00000000000..0e1c329f840 --- /dev/null +++ b/docs/community.aws.wafv2_web_acl_info_module.rst @@ -0,0 +1,409 @@ +.. _community.aws.wafv2_web_acl_info_module: + + +******************************** +community.aws.wafv2_web_acl_info +******************************** + +**wafv2_web_acl** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Info about web acl + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the web acl.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of wafv2 web acl.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: get web acl + community.aws.wafv2_web_acl_info: + name: test05 + scope: REGIONAL + register: out + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ arn + +
+ string +
+ 		Always, as long as the web acl exists +
web acl arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/webacl/test05/318c1ab9-fa74-4b3b-a974-f92e25106f61
+
+
+ capacity + +
+ integer +
+ 		Always, as long as the web acl exists +
Current capacity of the web acl
+
+
Sample:
+
140
+
+
+ description + +
+ string +
+ 		Always, as long as the web acl exists +
Description of the web acl
+
+
Sample:
+
Some web acl description
+
+
+ name + +
+ string +
+ 		Always, as long as the web acl exists +
Web acl name
+
+
Sample:
+
test02
+
+
+ rules + +
+ list +
+ 		Always, as long as the web acl exists +
Current rules of the web acl
+
+
Sample:
+
[{'name': 'admin_protect', 'override_action': {'none': {}}, 'priority': 1, 'statement': {'managed_rule_group_statement': {'name': 'AWSManagedRulesAdminProtectionRuleSet', 'vendor_name': 'AWS'}}, 'visibility_config': {'cloud_watch_metrics_enabled': True, 'metric_name': 'admin_protect', 'sampled_requests_enabled': True}}]
+
+
+ visibility_config + +
+ dictionary +
+ 		Always, as long as the web acl exists +
Visibility config of the web acl
+
+
Sample:
+
{'cloud_watch_metrics_enabled': True, 'metric_name': 'blub', 'sampled_requests_enabled': False}
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/docs/community.aws.wafv2_web_acl_module.rst b/docs/community.aws.wafv2_web_acl_module.rst new file mode 100644 index 00000000000..a23a519e438 --- /dev/null +++ b/docs/community.aws.wafv2_web_acl_module.rst @@ -0,0 +1,685 @@ +.. _community.aws.wafv2_web_acl_module: + + +*************************** +community.aws.wafv2_web_acl +*************************** + +**wafv2_web_acl** + + +Version added: 1.5.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Create, modify or delete a wafv2 web acl. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- boto +- boto3 +- botocore +- python >= 2.6 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ aws_access_key + +
+ string +
+ 		+ +
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_access_key, access_key
+
+
+ aws_ca_bundle + +
+ path +
+ 		+ +
The location of a CA Bundle to use when validating SSL certificates.
+
Only used for boto3 based modules.
+
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
+
+
+ aws_config + +
+ dictionary +
+ 		+ +
A dictionary to modify the botocore configuration.
+ +
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
+
+
+ aws_secret_key + +
+ string +
+ 		+ +
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: ec2_secret_key, secret_key
+
+
+ cloudwatch_metrics + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
Enable cloudwatch metric for wafv2 web acl.
+
+
+ debug_botocore_endpoint_logs + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
+
+
+ default_action + +
+ string +
+ 		+
    Choices: +
  • Block
    • +
  • Allow
    • +
+ 		+
Default action of the wafv2 web acl.
+
+
+ description + +
+ string +
+ 		+ +
Description of wafv2 web acl.
+
+
+ ec2_url + +
+ string +
+ 		+ +
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
+

aliases: aws_endpoint_url, endpoint_url
+
+
+ metric_name + +
+ string +
+ 		+ +
Name of cloudwatch metrics.
+
If not given and cloudwatch_metrics is enabled, the name of the web acl itself will be taken.
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of the web acl.
+
+
+ profile + +
+ string +
+ 		+ +
Uses a boto profile. Only works with boto >= 2.24.0.
+
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
+
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
+

aliases: aws_profile
+
+
+ purge_rules + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to no, keep the existing load balancer rules in place. Will modify and add, but will not delete.
+
+
+ region + +
+ string +
+ 		+ +
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
+

aliases: aws_region, ec2_region
+
+
+ rules + +
+ list + / elements=dictionary +
+ 		+ +
The Rule statements used to identify the web requests that you want to allow, block, or count.
+
+
+ action + +
+ dictionary +
+ 		+ +
Wether a rule is blocked, allowed or counted.
+
+
+ name + +
+ string +
+ 		+ +
The name of the wafv2 rule
+
+
+ priority + +
+ integer +
+ 		+ +
The rule priority
+
+
+ statement + +
+ dictionary +
+ 		+ +
Rule configuration.
+
+
+ visibility_config + +
+ dictionary +
+ 		+ +
Visibility of single wafv2 rule.
+
+
+ sampled_requests + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Whether to store a sample of the web requests, true or false.
+
+
+ scope + +
+ string + / required +
+ 		+
    Choices: +
  • CLOUDFRONT
    • +
  • REGIONAL
    • +
+ 		+
Scope of wafv2 web acl.
+
+
+ security_token + +
+ string +
+ 		+ +
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
+
If profile is set this parameter is ignored.
+
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
+

aliases: aws_security_token, access_token
+
+
+ state + +
+ string + / required +
+ 		+
    Choices: +
  • present
    • +
  • absent
    • +
+ 		+
Whether the rule is present or absent.
+
+
+ tags + +
+ dictionary +
+ 		+ +
tags for wafv2 web acl.
+
+
+ validate_certs + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes ←
    • +
+ 		+
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+
+
+ + +Notes +----- + +.. note:: + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` + - Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html + - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file + + + +Examples +-------- + +.. code-block:: yaml + + - name: create web acl + community.aws.wafv2_web_acl: + name: test05 + state: present + description: hallo eins + scope: REGIONAL + default_action: Allow + sampled_requests: no + cloudwatch_metrics: yes + metric_name: blub + rules: + - name: zwei + priority: 2 + action: + block: {} + visibility_config: + sampled_requests_enabled: yes + cloud_watch_metrics_enabled: yes + metric_name: ddos + statement: + xss_match_statement: + field_to_match: + body: {} + text_transformations: + - type: NONE + priority: 0 + - name: admin_protect + priority: 1 + override_action: + none: {} + visibility_config: + sampled_requests_enabled: yes + cloud_watch_metrics_enabled: yes + metric_name: fsd + statement: + managed_rule_group_statement: + vendor_name: AWS + name: AWSManagedRulesAdminProtectionRuleSet + tags: + A: B + C: D + register: out + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ arn + +
+ string +
+ 		Always, as long as the web acl exists +
web acl arn
+
+
Sample:
+
arn:aws:wafv2:eu-central-1:11111111:regional/webacl/test05/318c1ab9-fa74-4b3b-a974-f92e25106f61
+
+
+ capacity + +
+ integer +
+ 		Always, as long as the web acl exists +
Current capacity of the web acl
+
+
Sample:
+
140
+
+
+ description + +
+ string +
+ 		Always, as long as the web acl exists +
Description of the web acl
+
+
Sample:
+
Some web acl description
+
+
+ name + +
+ string +
+ 		Always, as long as the web acl exists +
Web acl name
+
+
Sample:
+
test02
+
+
+ rules + +
+ list +
+ 		Always, as long as the web acl exists +
Current rules of the web acl
+
+
Sample:
+
[{'name': 'admin_protect', 'override_action': {'none': {}}, 'priority': 1, 'statement': {'managed_rule_group_statement': {'name': 'AWSManagedRulesAdminProtectionRuleSet', 'vendor_name': 'AWS'}}, 'visibility_config': {'cloud_watch_metrics_enabled': True, 'metric_name': 'admin_protect', 'sampled_requests_enabled': True}}]
+
+
+ visibility_config + +
+ dictionary +
+ 		Always, as long as the web acl exists +
Visibility config of the web acl
+
+
Sample:
+
{'cloud_watch_metrics_enabled': True, 'metric_name': 'blub', 'sampled_requests_enabled': False}
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Markus Bergholz (@markuman) diff --git a/galaxy.yml b/galaxy.yml index 19f01d6fc0c..92e1c2419b5 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: community name: aws -version: 1.4.0 +version: 1.5.0 readme: README.md authors: - Ansible (https://github.com/ansible) @@ -8,7 +8,7 @@ description: null license_file: COPYING tags: [community, aws, cloud, amazon] dependencies: - amazon.aws: '>=1.4.0' + amazon.aws: '>=1.5.0' repository: https://github.com/ansible-collections/community.aws documentation: https://github.com/ansible-collections/community.aws/tree/main/docs homepage: https://github.com/ansible-collections/community.aws diff --git a/tests/requirements.yml b/tests/requirements.yml index 49fb712e34e..27240dbf096 100644 --- a/tests/requirements.yml +++ b/tests/requirements.yml @@ -1,7 +1,7 @@ integration_tests_dependencies: -- amazon.aws >= 1.4.0 +- amazon.aws >= 1.5.0 - ansible.windows - community.crypto - community.general unit_tests_dependencies: -- amazon.aws >= 1.4.0 +- amazon.aws >= 1.5.0