diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py index 68eb2170c29..5186179f46d 100644 --- a/plugins/connection/aws_ssm.py +++ b/plugins/connection/aws_ssm.py @@ -145,6 +145,7 @@ """ EXAMPLES = r""" +--- # Wait for SSM Agent to be available on the Instance - name: Wait for connection to be available vars: @@ -197,17 +198,19 @@ path: C:\Windows\temp state: directory +--- + # Making use of Dynamic Inventory Plugin # ======================================= -# aws_ec2.yml (Dynamic Inventory - Linux) -# This will return the Instance IDs matching the filter -#plugin: aws_ec2 -#regions: -# - us-east-1 -#hostnames: -# - instance-id -#filters: -# tag:SSMTag: ssmlinux +# # aws_ec2.yml (Dynamic Inventory - Linux) +# plugin: aws_ec2 +# regions: +# - us-east-1 +# hostnames: +# - instance-id +# # This will return the Instances with the tag "SSMTag" set to "ssmlinux" +# filters: +# tag:SSMTag: ssmlinux # ----------------------- - name: install aws-cli hosts: all @@ -217,20 +220,23 @@ ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-east-1 tasks: - - name: aws-cli - raw: yum install -y awscli - tags: aws-cli + - name: aws-cli + raw: yum install -y awscli + tags: aws-cli + +--- + # Execution: ansible-playbook linux.yaml -i aws_ec2.yml -# The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection. # ===================================================== -# aws_ec2.yml (Dynamic Inventory - Windows) -#plugin: aws_ec2 -#regions: -# - us-east-1 -#hostnames: -# - instance-id -#filters: -# tag:SSMTag: ssmwindows +# # aws_ec2.yml (Dynamic Inventory - Windows) +# plugin: aws_ec2 +# regions: +# - us-east-1 +# hostnames: +# - instance-id +# # This will return the Instances with the tag "SSMTag" set to "ssmwindows" +# filters: +# tag:SSMTag: ssmwindows # ----------------------- - name: Create a dir. hosts: all @@ -245,10 +251,13 @@ win_file: path: C:\Temp\SSM_Testing5 state: directory + +--- + # Execution: ansible-playbook win_file.yaml -i aws_ec2.yml # The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection. -# Install a Nginx Package on Linux Instance; with specific SSE for file transfer +# Install a Nginx Package on Linux Instance; with specific SSE CMK used for the file transfer - name: Install a Nginx Package vars: ansible_connection: aws_ssm @@ -262,7 +271,7 @@ name: nginx state: present -# Install a Nginx Package on Linux Instance; with dedicated SSM document +# Install a Nginx Package on Linux Instance; using the specified SSM document - name: Install a Nginx Package vars: ansible_connection: aws_ssm diff --git a/plugins/inventory/aws_mq.py b/plugins/inventory/aws_mq.py index 96beaceb254..3ca1a6a97c8 100644 --- a/plugins/inventory/aws_mq.py +++ b/plugins/inventory/aws_mq.py @@ -52,21 +52,26 @@ """ EXAMPLES = r""" +--- # Minimal example using AWS credentials from environment vars or instance role credentials # Get all brokers in us-east-1 region plugin: community.aws.aws_mq regions: - ca-central-1 +--- + # Example multiple regions, ignoring permission errors, and only brokers with state RUNNING plugin: community.aws.aws_mq regions: - us-east-1 - us-east-2 -strict_permissions: False +strict_permissions: false statuses: - RUNNING +--- + # Example group by engine, hostvars custom prefix-suffix, and compose variable from tags plugin: community.aws.aws_mq regions: diff --git a/plugins/modules/acm_certificate_info.py b/plugins/modules/acm_certificate_info.py index 26d00e7e319..73da208f18a 100644 --- a/plugins/modules/acm_certificate_info.py +++ b/plugins/modules/acm_certificate_info.py @@ -57,7 +57,7 @@ - name: obtain all certificates pending validation community.aws.acm_certificate_info: statuses: - - PENDING_VALIDATION + - PENDING_VALIDATION - name: obtain all certificates with tag Name=foo and myTag=bar community.aws.acm_certificate_info: @@ -69,8 +69,7 @@ # The output is still a list of certificates, just one item long. - name: obtain information about a certificate with a particular ARN community.aws.acm_certificate_info: - certificate_arn: "arn:aws:acm:ap-southeast-2:123456789012:certificate/abcdeabc-abcd-1234-4321-abcdeabcde12" - + certificate_arn: "arn:aws:acm:ap-southeast-2:123456789012:certificate/abcdeabc-abcd-1234-4321-abcdeabcde12" """ RETURN = r""" diff --git a/plugins/modules/api_gateway.py b/plugins/modules/api_gateway.py index 1936f8b5ad7..af443238738 100644 --- a/plugins/modules/api_gateway.py +++ b/plugins/modules/api_gateway.py @@ -152,7 +152,10 @@ swagger_file: my_api.yml cache_enabled: true cache_size: '6.1' - canary_settings: { percentTraffic: 50.0, deploymentId: '123', useStageCache: True } + canary_settings: + percentTraffic: 50.0 + deploymentId: '123' + useStageCache: true state: present - name: Delete API gateway diff --git a/plugins/modules/api_gateway_domain.py b/plugins/modules/api_gateway_domain.py index 10a1ca1f2f7..8ffbdaf20ed 100644 --- a/plugins/modules/api_gateway_domain.py +++ b/plugins/modules/api_gateway_domain.py @@ -73,7 +73,8 @@ security_policy: TLS_1_2 endpoint_type: EDGE domain_mappings: - - { rest_api_id: abc123, stage: production } + - rest_api_id: abc123 + stage: production state: present register: api_gw_domain_result diff --git a/plugins/modules/api_gateway_info.py b/plugins/modules/api_gateway_info.py index a6d0854b7ed..fd38d795ab7 100644 --- a/plugins/modules/api_gateway_info.py +++ b/plugins/modules/api_gateway_info.py @@ -35,8 +35,8 @@ - name: List all for a specific function community.aws.api_gateway_info: ids: - - 012345678a - - abcdefghij + - 012345678a + - abcdefghij """ RETURN = r""" diff --git a/plugins/modules/autoscaling_instance_refresh.py b/plugins/modules/autoscaling_instance_refresh.py index 86546fac21e..b301fea9439 100644 --- a/plugins/modules/autoscaling_instance_refresh.py +++ b/plugins/modules/autoscaling_instance_refresh.py @@ -84,7 +84,6 @@ preferences: min_healthy_percentage: 91 instance_warmup: 60 - """ RETURN = r""" diff --git a/plugins/modules/autoscaling_launch_config.py b/plugins/modules/autoscaling_launch_config.py index a3cd600fa70..78b7ee23352 100644 --- a/plugins/modules/autoscaling_launch_config.py +++ b/plugins/modules/autoscaling_launch_config.py @@ -192,65 +192,71 @@ name: special image_id: ami-XXX key_name: default - security_groups: ['group', 'group2' ] + security_groups: + - 'group' + - 'group2' instance_type: t1.micro volumes: - - device_name: /dev/sda1 - volume_size: 100 - volume_type: io1 - iops: 3000 - delete_on_termination: true - encrypted: true - - device_name: /dev/sdb - ephemeral: ephemeral0 + - device_name: /dev/sda1 + volume_size: 100 + volume_type: io1 + iops: 3000 + delete_on_termination: true + encrypted: true + - device_name: /dev/sdb + ephemeral: ephemeral0 - name: create a launch configuration using a running instance id as a basis community.aws.autoscaling_launch_config: name: special instance_id: i-00a48b207ec59e948 key_name: default - security_groups: ['launch-wizard-2' ] + security_groups: + - 'launch-wizard-2' volumes: - - device_name: /dev/sda1 - volume_size: 120 - volume_type: io1 - iops: 3000 - delete_on_termination: true + - device_name: /dev/sda1 + volume_size: 120 + volume_type: io1 + iops: 3000 + delete_on_termination: true - name: create a launch configuration to omit the /dev/sdf EBS device that is included in the AMI image community.aws.autoscaling_launch_config: name: special image_id: ami-XXX key_name: default - security_groups: ['group', 'group2' ] + security_groups: + - 'group' + - 'group2' instance_type: t1.micro volumes: - - device_name: /dev/sdf - no_device: true + - device_name: /dev/sdf + no_device: true - name: Use EBS snapshot ID for volume block: - - name: Set Volume Facts - ansible.builtin.set_fact: - volumes: - - device_name: /dev/sda1 - volume_size: 20 - ebs: - snapshot: snap-XXXX - volume_type: gp2 - delete_on_termination: true - encrypted: false - - - name: Create launch configuration - community.aws.autoscaling_launch_config: - name: lc1 - image_id: ami-xxxx - assign_public_ip: true - instance_type: t2.medium - key_name: my-key - security_groups: "['sg-xxxx']" - volumes: "{{ volumes }}" - register: lc_info + - name: Set Volume Facts + ansible.builtin.set_fact: + volumes: + - device_name: /dev/sda1 + volume_size: 20 + ebs: + snapshot: snap-XXXX + volume_type: gp2 + delete_on_termination: true + encrypted: false + + - name: Create launch configuration + community.aws.autoscaling_launch_config: + name: lc1 + image_id: ami-xxxx + assign_public_ip: true + instance_type: t2.medium + key_name: my-key + security_groups: + - 'sg-xxxx' + volumes: "{{ volumes }}" + register: lc_info """ RETURN = r""" diff --git a/plugins/modules/batch_job_queue.py b/plugins/modules/batch_job_queue.py index c9e253d0652..4be42cbc56b 100644 --- a/plugins/modules/batch_job_queue.py +++ b/plugins/modules/batch_job_queue.py @@ -75,10 +75,10 @@ job_queue_state: ENABLED priority: 1 compute_environment_order: - - order: 1 - compute_environment: my_compute_env1 - - order: 2 - compute_environment: my_compute_env2 + - order: 1 + compute_environment: my_compute_env1 + - order: 2 + compute_environment: my_compute_env2 register: batch_job_queue_action - name: show results diff --git a/plugins/modules/cloudformation_stack_set.py b/plugins/modules/cloudformation_stack_set.py index 17e888b4f1b..ebb9403e8c5 100644 --- a/plugins/modules/cloudformation_stack_set.py +++ b/plugins/modules/cloudformation_stack_set.py @@ -201,7 +201,7 @@ - 123456789012 - 234567890123 regions: - - us-east-1 + - us-east-1 - name: The same type of update, but wait for the update to complete in all stacks community.aws.cloudformation_stack_set: @@ -217,7 +217,7 @@ - 123456789012 - 234567890123 regions: - - us-east-1 + - us-east-1 - name: Register new accounts (create new stack instances) with an existing stack set. community.aws.cloudformation_stack_set: @@ -234,7 +234,7 @@ - 234567890123 - 345678901234 regions: - - us-east-1 + - us-east-1 """ RETURN = r""" @@ -315,7 +315,6 @@ other: Type: "AWS::SNS::Topic" Properties: {} - """ import datetime diff --git a/plugins/modules/cloudfront_distribution.py b/plugins/modules/cloudfront_distribution.py index 52e7440f366..33299623e09 100644 --- a/plugins/modules/cloudfront_distribution.py +++ b/plugins/modules/cloudfront_distribution.py @@ -625,7 +625,9 @@ state: present distribution_id: E1RP5A2MJ8073O comment: modified by cloudfront.py again - aliases: [ 'www.my-distribution-source.com', 'zzz.aaa.io' ] + aliases: + - 'www.my-distribution-source.com' + - 'zzz.aaa.io' - name: update a distribution's aliases and comment using an alias as a reference community.aws.cloudfront_distribution: @@ -652,12 +654,12 @@ state: present caller_reference: unique test distribution ID origins: - - id: 'my test origin-000111' - domain_name: www.example.com - origin_path: /production - custom_headers: - - header_name: MyCustomHeaderName - header_value: MyCustomHeaderValue + - id: 'my test origin-000111' + domain_name: www.example.com + origin_path: /production + custom_headers: + - header_name: MyCustomHeaderName + header_value: MyCustomHeaderValue default_cache_behavior: target_origin_id: 'my test origin-000111' forwarded_values: @@ -665,7 +667,7 @@ cookies: forward: all headers: - - '*' + - '*' viewer_protocol_policy: allow-all smooth_streaming: true compress: true diff --git a/plugins/modules/cloudfront_invalidation.py b/plugins/modules/cloudfront_invalidation.py index b98b56be2d2..732d135e1e5 100644 --- a/plugins/modules/cloudfront_invalidation.py +++ b/plugins/modules/cloudfront_invalidation.py @@ -52,7 +52,6 @@ """ EXAMPLES = r""" - - name: create a batch of invalidations using a distribution_id for a reference community.aws.cloudfront_invalidation: distribution_id: E15BU8SDCGSG57 @@ -70,7 +69,6 @@ - /testpathone/test4.css - /testpathtwo/test5.js - /testpaththree/* - """ RETURN = r""" diff --git a/plugins/modules/cloudfront_origin_access_identity.py b/plugins/modules/cloudfront_origin_access_identity.py index 3c9340df611..bb5e3a01703 100644 --- a/plugins/modules/cloudfront_origin_access_identity.py +++ b/plugins/modules/cloudfront_origin_access_identity.py @@ -63,16 +63,15 @@ - name: update an existing origin access identity using caller_reference as an identifier community.aws.cloudfront_origin_access_identity: - origin_access_identity_id: E17DRN9XUOAHZX - caller_reference: this is an example reference - comment: this is a new comment + origin_access_identity_id: E17DRN9XUOAHZX + caller_reference: this is an example reference + comment: this is a new comment - name: delete an existing origin access identity using caller_reference as an identifier community.aws.cloudfront_origin_access_identity: - state: absent - caller_reference: this is an example reference - comment: this is a new comment - + state: absent + caller_reference: this is an example reference + comment: this is a new comment """ RETURN = r""" @@ -110,7 +109,6 @@ description: The fully qualified URI of the new origin access identity just created. returned: when initially created type: str - """ import datetime diff --git a/plugins/modules/codebuild_project.py b/plugins/modules/codebuild_project.py index 69fd2e463b5..1f4630f73ca 100644 --- a/plugins/modules/codebuild_project.py +++ b/plugins/modules/codebuild_project.py @@ -161,21 +161,22 @@ description: My nice little project service_role: "arn:aws:iam::123123:role/service-role/code-build-service-role" source: - # Possible values: BITBUCKET, CODECOMMIT, CODEPIPELINE, GITHUB, S3 - type: CODEPIPELINE - buildspec: '' + # Possible values: BITBUCKET, CODECOMMIT, CODEPIPELINE, GITHUB, S3 + type: CODEPIPELINE + buildspec: '' artifacts: - namespaceType: NONE - packaging: NONE - type: CODEPIPELINE - name: my_project + namespaceType: NONE + packaging: NONE + type: CODEPIPELINE + name: my_project environment: - computeType: BUILD_GENERAL1_SMALL - privilegedMode: "true" - image: "aws/codebuild/docker:17.09.0" - type: LINUX_CONTAINER - environmentVariables: - - { name: 'PROFILE', value: 'staging' } + computeType: BUILD_GENERAL1_SMALL + privilegedMode: "true" + image: "aws/codebuild/docker:17.09.0" + type: LINUX_CONTAINER + environmentVariables: + - name: 'PROFILE' + value: 'staging' encryption_key: "arn:aws:kms:us-east-1:123123:alias/aws/s3" region: us-east-1 state: present diff --git a/plugins/modules/config_aggregator.py b/plugins/modules/config_aggregator.py index 58866159028..48771080b45 100644 --- a/plugins/modules/config_aggregator.py +++ b/plugins/modules/config_aggregator.py @@ -80,9 +80,9 @@ state: present account_sources: account_ids: - - 1234567890 - - 0123456789 - - 9012345678 + - 1234567890 + - 0123456789 + - 9012345678 all_aws_regions: true """ diff --git a/plugins/modules/config_recorder.py b/plugins/modules/config_recorder.py index 2672664a5fe..510bbaa2307 100644 --- a/plugins/modules/config_recorder.py +++ b/plugins/modules/config_recorder.py @@ -71,8 +71,8 @@ state: present role_arn: 'arn:aws:iam::123456789012:role/AwsConfigRecorder' recording_group: - all_supported: true - include_global_types: true + all_supported: true + include_global_types: true """ RETURN = r"""#""" diff --git a/plugins/modules/config_rule.py b/plugins/modules/config_rule.py index 3b49c17465e..b86a528dd55 100644 --- a/plugins/modules/config_rule.py +++ b/plugins/modules/config_rule.py @@ -95,12 +95,11 @@ state: present description: 'This AWS Config rule checks for public write access on S3 buckets' scope: - compliance_types: - - 'AWS::S3::Bucket' + compliance_types: + - 'AWS::S3::Bucket' source: - owner: AWS - identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED' - + owner: AWS + identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED' """ RETURN = r"""#""" diff --git a/plugins/modules/data_pipeline.py b/plugins/modules/data_pipeline.py index 5a62784c6e9..85849324f33 100644 --- a/plugins/modules/data_pipeline.py +++ b/plugins/modules/data_pipeline.py @@ -144,23 +144,30 @@ - community.aws.data_pipeline: name: test-dp objects: - - "id": "DefaultSchedule" - "name": "Every 1 day" - "fields": + - id: "DefaultSchedule" + name: "Every 1 day" + fields: - "key": "period" "stringValue": "1 days" - "key": "type" "stringValue": "Schedule" - "key": "startAt" "stringValue": "FIRST_ACTIVATION_DATE_TIME" - - "id": "Default" - "name": "Default" - "fields": [ { "key": "resourceRole", "stringValue": "my_resource_role" }, - { "key": "role", "stringValue": "DataPipelineDefaultRole" }, - { "key": "pipelineLogUri", "stringValue": "s3://my_s3_log.txt" }, - { "key": "scheduleType", "stringValue": "cron" }, - { "key": "schedule", "refValue": "DefaultSchedule" }, - { "key": "failureAndRerunMode", "stringValue": "CASCADE" } ] + - id: "Default" + name: "Default" + fields: + - "key": "resourceRole" + "stringValue": "my_resource_role" + - "key": "role" + "stringValue": "DataPipelineDefaultRole" + - "key": "pipelineLogUri" + "stringValue": "s3://my_s3_log.txt" + - "key": "scheduleType" + "stringValue": "cron" + - "key": "schedule" + "refValue": "DefaultSchedule" + - "key": "failureAndRerunMode" + "stringValue": "CASCADE" state: active # Activate pipeline @@ -174,7 +181,6 @@ name: test-dp region: us-west-2 state: absent - """ RETURN = r""" diff --git a/plugins/modules/directconnect_virtual_interface.py b/plugins/modules/directconnect_virtual_interface.py index ec0c87099a4..da76d57372d 100644 --- a/plugins/modules/directconnect_virtual_interface.py +++ b/plugins/modules/directconnect_virtual_interface.py @@ -242,7 +242,6 @@ state: absent connection_id: dxcon-XXXXXXXX virtual_interface_id: dxv-XXXXXXXX - """ import traceback diff --git a/plugins/modules/dms_replication_subnet_group.py b/plugins/modules/dms_replication_subnet_group.py index 6f847d8e35f..772a54aa1fd 100644 --- a/plugins/modules/dms_replication_subnet_group.py +++ b/plugins/modules/dms_replication_subnet_group.py @@ -51,7 +51,7 @@ state: present identifier: "dev-sngroup" description: "Development Subnet Group asdasdas" - subnet_ids: ['subnet-id1','subnet-id2'] + subnet_ids: ['subnet-id1', 'subnet-id2'] """ RETURN = r""" # """ diff --git a/plugins/modules/ec2_ami_copy.py b/plugins/modules/ec2_ami_copy.py index 170a564e15d..bb5a30ea117 100644 --- a/plugins/modules/ec2_ami_copy.py +++ b/plugins/modules/ec2_ami_copy.py @@ -104,8 +104,8 @@ region: eu-west-1 source_image_id: ami-xxxxxxx tags: - Name: My-Super-AMI - Patch: 1.2.3 + Name: My-Super-AMI + Patch: 1.2.3 tag_equality: true - name: Encrypted AMI copy diff --git a/plugins/modules/ec2_carrier_gateway.py b/plugins/modules/ec2_carrier_gateway.py index e02b1a7ded5..97d62b5fc42 100644 --- a/plugins/modules/ec2_carrier_gateway.py +++ b/plugins/modules/ec2_carrier_gateway.py @@ -53,8 +53,8 @@ vpc_id: vpc-abcdefgh state: present tags: - Tag1: tag1 - Tag2: tag2 + Tag1: tag1 + Tag2: tag2 register: cagw - name: Delete Carrier gateway diff --git a/plugins/modules/ec2_carrier_gateway_info.py b/plugins/modules/ec2_carrier_gateway_info.py index 43d77d59aa6..67ee30e55e5 100644 --- a/plugins/modules/ec2_carrier_gateway_info.py +++ b/plugins/modules/ec2_carrier_gateway_info.py @@ -45,7 +45,7 @@ community.aws.ec2_carrier_gateway_info: region: ap-southeast-2 filters: - "tag:Name": "cagw-123" + "tag:Name": "cagw-123" register: cagw_info - name: Gather information about a specific carrier gateway by CarrierGatewayId diff --git a/plugins/modules/ec2_placement_group.py b/plugins/modules/ec2_placement_group.py index ccdd7d54785..3cdb5be219e 100644 --- a/plugins/modules/ec2_placement_group.py +++ b/plugins/modules/ec2_placement_group.py @@ -75,10 +75,8 @@ community.aws.ec2_placement_group: name: my-cluster state: absent - """ - RETURN = r""" placement_group: description: Placement group attributes @@ -97,7 +95,6 @@ description: PG strategy type: str sample: "cluster" - """ try: diff --git a/plugins/modules/ec2_placement_group_info.py b/plugins/modules/ec2_placement_group_info.py index 75cbc72585c..05b37488cfe 100644 --- a/plugins/modules/ec2_placement_group_info.py +++ b/plugins/modules/ec2_placement_group_info.py @@ -39,14 +39,13 @@ - name: List two placement groups. community.aws.ec2_placement_group_info: names: - - my-cluster - - my-other-cluster + - my-cluster + - my-other-cluster register: specific_ec2_placement_groups - ansible.builtin.debug: msg: > {{ specific_ec2_placement_groups | json_query("[?name=='my-cluster']") }} - """ @@ -68,7 +67,6 @@ description: PG strategy type: str sample: "cluster" - """ try: diff --git a/plugins/modules/ec2_snapshot_copy.py b/plugins/modules/ec2_snapshot_copy.py index ce73191cb79..2cf994caaba 100644 --- a/plugins/modules/ec2_snapshot_copy.py +++ b/plugins/modules/ec2_snapshot_copy.py @@ -81,7 +81,7 @@ region: eu-west-1 source_snapshot_id: snap-xxxxxxx tags: - Name: Snapshot-Name + Name: Snapshot-Name - name: Encrypted Snapshot copy community.aws.ec2_snapshot_copy: diff --git a/plugins/modules/ec2_transit_gateway.py b/plugins/modules/ec2_transit_gateway.py index 9b50cb21b9c..19876984dba 100644 --- a/plugins/modules/ec2_transit_gateway.py +++ b/plugins/modules/ec2_transit_gateway.py @@ -91,9 +91,9 @@ asn: 64514 auto_associate: false auto_propagate: false - dns_support: True + dns_support: true description: "nonprod transit gateway" - purge_tags: False + purge_tags: false state: present region: us-east-1 tags: diff --git a/plugins/modules/ec2_transit_gateway_vpc_attachment.py b/plugins/modules/ec2_transit_gateway_vpc_attachment.py index 301fefb0513..cfb6809a803 100644 --- a/plugins/modules/ec2_transit_gateway_vpc_attachment.py +++ b/plugins/modules/ec2_transit_gateway_vpc_attachment.py @@ -109,13 +109,13 @@ transit_gateway: 'tgw-123456789abcdef01' name: AnsibleTest-1 subnets: - - subnet-00000000000000000 - - subnet-11111111111111111 - - subnet-22222222222222222 - ipv6_support: True - purge_subnets: True - dns_support: True - appliance_mode_support: True + - subnet-00000000000000000 + - subnet-11111111111111111 + - subnet-22222222222222222 + ipv6_support: true + purge_subnets: true + dns_support: true + appliance_mode_support: true tags: TestTag: changed data in Test Tag @@ -124,10 +124,10 @@ state: present id: 'tgw-attach-0c0c5fd0b0f01d1c9' name: AnsibleTest-1 - ipv6_support: True - purge_subnets: False - dns_support: False - appliance_mode_support: True + ipv6_support: true + purge_subnets: false + dns_support: false + appliance_mode_support: true # Delete the transit gateway - community.aws.ec2_transit_gateway_vpc_attachment: diff --git a/plugins/modules/ec2_vpc_egress_igw.py b/plugins/modules/ec2_vpc_egress_igw.py index 0a309b4863c..1bd65f501c8 100644 --- a/plugins/modules/ec2_vpc_egress_igw.py +++ b/plugins/modules/ec2_vpc_egress_igw.py @@ -40,7 +40,6 @@ vpc_id: vpc-abcdefgh state: present register: eigw - """ RETURN = r""" diff --git a/plugins/modules/ec2_vpc_nacl.py b/plugins/modules/ec2_vpc_nacl.py index 46f7086bc85..cf109de1c8b 100644 --- a/plugins/modules/ec2_vpc_nacl.py +++ b/plugins/modules/ec2_vpc_nacl.py @@ -83,7 +83,6 @@ """ EXAMPLES = r""" - # Complete example to create and delete a network ACL # that allows SSH, HTTP and ICMP in, and all traffic out. - name: "Create and associate production DMZ network ACL with DMZ subnets" @@ -97,16 +96,16 @@ Project: phoenix Description: production DMZ ingress: - # rule no, protocol, allow/deny, cidr, icmp_type, icmp_code, - # port from, port to - - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22] - - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80] - - [205, 'tcp', 'allow', '::/0', null, null, 80, 80] - - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8] - - [305, 'ipv6-icmp', 'allow', '::/0', 0, 8] + # rule no, protocol, allow/deny, cidr, icmp_type, icmp_code, + # port from, port to + - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22] + - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80] + - [205, 'tcp', 'allow', '::/0', null, null, 80, 80] + - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8] + - [305, 'ipv6-icmp', 'allow', '::/0', 0, 8] egress: - - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null] - - [105, 'all', 'allow', '::/0', null, null, null, null] + - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null] + - [105, 'all', 'allow', '::/0', null, null, null, null] state: 'present' - name: "Remove the ingress and egress rules - defaults to deny all" @@ -141,6 +140,7 @@ nacl_id: acl-33b4ee5b state: absent """ + RETURN = r""" task: description: The result of the create, or delete action. diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 465c9c852eb..2a731bf23e4 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -209,8 +209,8 @@ peering_id: "{{ vpc_peer.peering_id }}" profile: bot03_profile_for_cross_account state: reject - """ + RETURN = r""" peering_id: description: The id of the VPC peering connection created/deleted. diff --git a/plugins/modules/ec2_vpc_vgw_info.py b/plugins/modules/ec2_vpc_vgw_info.py index d8bfcc78ecb..6ab311c038f 100644 --- a/plugins/modules/ec2_vpc_vgw_info.py +++ b/plugins/modules/ec2_vpc_vgw_info.py @@ -45,7 +45,7 @@ region: ap-southeast-2 profile: production filters: - "tag:Name": "main-virt-gateway" + "tag:Name": "main-virt-gateway" register: vgw_info - name: Gather information about a specific virtual gateway by VpnGatewayIds diff --git a/plugins/modules/ecs_cluster.py b/plugins/modules/ecs_cluster.py index c354724c9c6..7d427a58d57 100644 --- a/plugins/modules/ecs_cluster.py +++ b/plugins/modules/ecs_cluster.py @@ -103,7 +103,7 @@ weight: 1 - capacity_provider: FARGATE_SPOT weight: 100 - purge_capacity_providers: True + purge_capacity_providers: true - name: Cluster deletion community.aws.ecs_cluster: @@ -117,8 +117,8 @@ delay: 10 repeat: 10 register: task_output - """ + RETURN = r""" activeServicesCount: description: how many services are active in this cluster diff --git a/plugins/modules/ecs_service.py b/plugins/modules/ecs_service.py index 3230e2e4a5b..e832fa3b5d5 100644 --- a/plugins/modules/ecs_service.py +++ b/plugins/modules/ecs_service.py @@ -320,10 +320,10 @@ desired_count: 0 network_configuration: subnets: - - subnet-abcd1234 + - subnet-abcd1234 security_groups: - - sg-aaaa1111 - - my_security_group + - sg-aaaa1111 + - my_security_group # Simple example to delete - community.aws.ecs_service: @@ -357,8 +357,8 @@ desired_count: 3 deployment_configuration: deployment_circuit_breaker: - enable: True - rollback: True + enable: true + rollback: true # With capacity_provider_strategy (added in version 4.0) - community.aws.ecs_service: diff --git a/plugins/modules/ecs_tag.py b/plugins/modules/ecs_tag.py index 109b974eea6..dd09096ea4c 100644 --- a/plugins/modules/ecs_tag.py +++ b/plugins/modules/ecs_tag.py @@ -86,7 +86,7 @@ cluster_name: mycluster resource_type: cluster tags: - Name: foo + Name: foo state: absent purge_tags: true """ diff --git a/plugins/modules/ecs_task.py b/plugins/modules/ecs_task.py index dfd7d9a7902..169ff4c7b0b 100644 --- a/plugins/modules/ecs_task.py +++ b/plugins/modules/ecs_task.py @@ -117,63 +117,63 @@ - name: Start a task community.aws.ecs_task: - operation: start - cluster: console-sample-app-static-cluster - task_definition: console-sample-app-static-taskdef - task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" - tags: - resourceName: a_task_for_ansible_to_run - type: long_running_task - network: internal - version: 1.4 - container_instances: + operation: start + cluster: console-sample-app-static-cluster + task_definition: console-sample-app-static-taskdef + task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" + tags: + resourceName: a_task_for_ansible_to_run + type: long_running_task + network: internal + version: 1.4 + container_instances: - arn:aws:ecs:us-west-2:123456789012:container-instance/79c23f22-876c-438a-bddf-55c98a3538a8 - started_by: ansible_user - network_configuration: - subnets: + started_by: ansible_user + network_configuration: + subnets: - subnet-abcd1234 - security_groups: + security_groups: - sg-aaaa1111 - my_security_group register: task_output - name: RUN a task on Fargate community.aws.ecs_task: - operation: run - cluster: console-sample-app-static-cluster - task_definition: console-sample-app-static-taskdef - task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" - started_by: ansible_user - launch_type: FARGATE - network_configuration: - subnets: + operation: run + cluster: console-sample-app-static-cluster + task_definition: console-sample-app-static-taskdef + task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" + started_by: ansible_user + launch_type: FARGATE + network_configuration: + subnets: - subnet-abcd1234 - security_groups: + security_groups: - sg-aaaa1111 - my_security_group register: task_output - name: RUN a task on Fargate with public ip assigned community.aws.ecs_task: - operation: run - count: 2 - cluster: console-sample-app-static-cluster - task_definition: console-sample-app-static-taskdef - task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" - started_by: ansible_user - launch_type: FARGATE - network_configuration: - assign_public_ip: true - subnets: + operation: run + count: 2 + cluster: console-sample-app-static-cluster + task_definition: console-sample-app-static-taskdef + task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" + started_by: ansible_user + launch_type: FARGATE + network_configuration: + assign_public_ip: true + subnets: - subnet-abcd1234 register: task_output - name: Stop a task community.aws.ecs_task: - operation: stop - cluster: console-sample-app-static-cluster - task_definition: console-sample-app-static-taskdef - task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" + operation: stop + cluster: console-sample-app-static-cluster + task_definition: console-sample-app-static-taskdef + task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a" """ RETURN = r""" diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 4c4aefc2032..25a786e4f4c 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -658,40 +658,41 @@ - name: Create task definition community.aws.ecs_taskdefinition: containers: - - name: simple-app - cpu: 10 - essential: true - image: "httpd:2.4" - memory: 300 - mountPoints: - - containerPath: /usr/local/apache2/htdocs - sourceVolume: my-vol - portMappings: - - containerPort: 80 - hostPort: 80 - logConfiguration: - logDriver: awslogs - options: - awslogs-group: /ecs/test-cluster-taskdef - awslogs-region: us-west-2 - awslogs-stream-prefix: ecs - - name: busybox - command: - - > - /bin/sh -c "while true; do echo 'Amazon ECS Sample App

Amazon ECS Sample App

Congratulations! -

Your application is now running on a container in Amazon ECS.

' > top; /bin/date > date ; echo '
' > bottom; - cat top date bottom > /usr/local/apache2/htdocs/index.html ; sleep 1; done" - cpu: 10 - entryPoint: - - sh - - "-c" - essential: false - image: busybox - memory: 200 - volumesFrom: - - sourceContainer: simple-app + - name: simple-app + cpu: 10 + essential: true + image: "httpd:2.4" + memory: 300 + mountPoints: + - containerPath: /usr/local/apache2/htdocs + sourceVolume: my-vol + portMappings: + - containerPort: 80 + hostPort: 80 + logConfiguration: + logDriver: awslogs + options: + awslogs-group: /ecs/test-cluster-taskdef + awslogs-region: us-west-2 + awslogs-stream-prefix: ecs + - name: busybox + command: + - > + /bin/sh -c "while true; do echo 'Amazon ECS Sample App

Amazon ECS Sample App

+

Congratulations!

+

Your application is now running on a container in Amazon ECS.

' > top; /bin/date > date ; echo '
' > bottom; + cat top date bottom > /usr/local/apache2/htdocs/index.html ; sleep 1; done" + cpu: 10 + entryPoint: + - sh + - "-c" + essential: false + image: busybox + memory: 200 + volumesFrom: + - sourceContainer: simple-app volumes: - - name: my-vol + - name: my-vol family: test-cluster-taskdef state: present register: task_output @@ -700,26 +701,26 @@ community.aws.ecs_taskdefinition: family: nginx containers: - - name: nginx - essential: true - image: "nginx" - portMappings: - - containerPort: 8080 - hostPort: 8080 - cpu: 512 - memory: 1024 + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 + cpu: 512 + memory: 1024 state: present - name: Create task definition community.aws.ecs_taskdefinition: family: nginx containers: - - name: nginx - essential: true - image: "nginx" - portMappings: - - containerPort: 8080 - hostPort: 8080 + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 launch_type: FARGATE cpu: 512 memory: 1024 @@ -730,36 +731,36 @@ community.aws.ecs_taskdefinition: family: nginx containers: - - name: nginx - essential: true - image: "nginx" - portMappings: - - containerPort: 8080 - hostPort: 8080 - cpu: 512 - memory: 1024 - dependsOn: - - containerName: "simple-app" - condition: "start" + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 + cpu: 512 + memory: 1024 + dependsOn: + - containerName: "simple-app" + condition: "start" # Create Task Definition with Environment Variables and Secrets - name: Create task definition community.aws.ecs_taskdefinition: family: nginx containers: - - name: nginx - essential: true - image: "nginx" - environment: - - name: "PORT" - value: "8080" - secrets: - # For variables stored in Secrets Manager - - name: "NGINX_HOST" - valueFrom: "arn:aws:secretsmanager:us-west-2:123456789012:secret:nginx/NGINX_HOST" - # For variables stored in Parameter Store - - name: "API_KEY" - valueFrom: "arn:aws:ssm:us-west-2:123456789012:parameter/nginx/API_KEY" + - name: nginx + essential: true + image: "nginx" + environment: + - name: "PORT" + value: "8080" + secrets: + # For variables stored in Secrets Manager + - name: "NGINX_HOST" + valueFrom: "arn:aws:secretsmanager:us-west-2:123456789012:secret:nginx/NGINX_HOST" + # For variables stored in Parameter Store + - name: "API_KEY" + valueFrom: "arn:aws:ssm:us-west-2:123456789012:parameter/nginx/API_KEY" launch_type: FARGATE cpu: 512 memory: 1GB @@ -771,22 +772,22 @@ community.aws.ecs_taskdefinition: family: nginx containers: - - name: nginx - essential: true - image: "nginx" - portMappings: - - containerPort: 8080 - hostPort: 8080 - cpu: 512 - memory: 1024 - healthCheck: - command: + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 + cpu: 512 + memory: 1024 + healthCheck: + command: - CMD-SHELL - /app/healthcheck.py - interval: 60 - retries: 3 - startPeriod: 15 - timeout: 15 + interval: 60 + retries: 3 + startPeriod: 15 + timeout: 15 state: present """ diff --git a/plugins/modules/efs.py b/plugins/modules/efs.py index df79babc92c..6b9390f2b4d 100644 --- a/plugins/modules/efs.py +++ b/plugins/modules/efs.py @@ -112,21 +112,21 @@ state: present name: myTestEFS tags: - Name: myTestNameTag - purpose: file-storage + Name: myTestNameTag + purpose: file-storage targets: - - subnet_id: subnet-748c5d03 - security_groups: [ "sg-1a2b3c4d" ] + - subnet_id: subnet-748c5d03 + security_groups: ["sg-1a2b3c4d"] - name: Modifying EFS data community.aws.efs: state: present name: myTestEFS tags: - name: myAnotherTestTag + name: myAnotherTestTag targets: - - subnet_id: subnet-7654fdca - security_groups: [ "sg-4c5d6f7a" ] + - subnet_id: subnet-7654fdca + security_groups: ["sg-4c5d6f7a"] - name: Set a lifecycle policy community.aws.efs: @@ -134,8 +134,8 @@ name: myTestEFS transition_to_ia: 7 targets: - - subnet_id: subnet-7654fdca - security_groups: [ "sg-4c5d6f7a" ] + - subnet_id: subnet-7654fdca + security_groups: ["sg-4c5d6f7a"] - name: Remove a lifecycle policy community.aws.efs: @@ -143,8 +143,8 @@ name: myTestEFS transition_to_ia: None targets: - - subnet_id: subnet-7654fdca - security_groups: [ "sg-4c5d6f7a" ] + - subnet_id: subnet-7654fdca + security_groups: ["sg-4c5d6f7a"] - name: Deleting EFS community.aws.efs: @@ -241,7 +241,6 @@ "name": "my-efs", "key": "Value" } - """ from time import sleep diff --git a/plugins/modules/efs_info.py b/plugins/modules/efs_info.py index 76952337b97..3a170a3915b 100644 --- a/plugins/modules/efs_info.py +++ b/plugins/modules/efs_info.py @@ -55,10 +55,10 @@ - name: Searching all EFS instances with tag Name = 'myTestNameTag', in subnet 'subnet-1a2b3c4d' and with security group 'sg-4d3c2b1a' community.aws.efs_info: tags: - Name: myTestNameTag + Name: myTestNameTag targets: - - subnet-1a2b3c4d - - sg-4d3c2b1a + - subnet-1a2b3c4d + - sg-4d3c2b1a register: result - ansible.builtin.debug: @@ -164,7 +164,6 @@ "name": "my-efs", "key": "Value" } - """ diff --git a/plugins/modules/efs_tag.py b/plugins/modules/efs_tag.py index c8e5a1f1667..0f51434716b 100644 --- a/plugins/modules/efs_tag.py +++ b/plugins/modules/efs_tag.py @@ -66,7 +66,7 @@ resource: fsap-78945ff state: absent tags: - Name: foo + Name: foo purge_tags: true - name: Remove all tags diff --git a/plugins/modules/eks_nodegroup.py b/plugins/modules/eks_nodegroup.py index 2e13ddb9130..f9bbb785762 100644 --- a/plugins/modules/eks_nodegroup.py +++ b/plugins/modules/eks_nodegroup.py @@ -202,7 +202,7 @@ community.aws.eks_nodegroup: name: test_nodegroup cluster_name: test_cluster - wait: yes + wait: true state: absent """ diff --git a/plugins/modules/elasticache_parameter_group.py b/plugins/modules/elasticache_parameter_group.py index 00f2af19a08..fa7f87a2f78 100644 --- a/plugins/modules/elasticache_parameter_group.py +++ b/plugins/modules/elasticache_parameter_group.py @@ -51,8 +51,8 @@ EXAMPLES = r""" # Note: These examples do not set authentication details, see the AWS Guide for details. - -- hosts: localhost +- name: Create, modify and delete a parameter group + hosts: localhost connection: local tasks: - name: 'Create a test parameter group' @@ -65,7 +65,7 @@ community.aws.elasticache_parameter_group: name: 'test-param-group' values: - activerehashing: yes + activerehashing: true client-output-buffer-limit-normal-hard-limit: 4 state: 'present' - name: 'Reset all modifiable parameters for the test parameter group' diff --git a/plugins/modules/elasticbeanstalk_app.py b/plugins/modules/elasticbeanstalk_app.py index bf11afbb2bf..1aaa4c4d8fe 100644 --- a/plugins/modules/elasticbeanstalk_app.py +++ b/plugins/modules/elasticbeanstalk_app.py @@ -57,7 +57,6 @@ - community.aws.elasticbeanstalk_app: app_name: Sample_App state: absent - """ RETURN = r""" diff --git a/plugins/modules/elb_classic_lb_info.py b/plugins/modules/elb_classic_lb_info.py index 8ac3b1f1c6a..5329e5b81db 100644 --- a/plugins/modules/elb_classic_lb_info.py +++ b/plugins/modules/elb_classic_lb_info.py @@ -50,14 +50,13 @@ # Gather information about a set of ELBs - community.aws.elb_classic_lb_info: names: - - frontend-prod-elb - - backend-prod-elb + - frontend-prod-elb + - backend-prod-elb register: elb_info - ansible.builtin.debug: msg: "{{ item.dns_name }}" loop: "{{ elb_info.elbs }}" - """ RETURN = r""" diff --git a/plugins/modules/elb_network_lb.py b/plugins/modules/elb_network_lb.py index 82ec8700625..22e419328d9 100644 --- a/plugins/modules/elb_network_lb.py +++ b/plugins/modules/elb_network_lb.py @@ -194,7 +194,6 @@ community.aws.elb_network_lb: name: myelb state: absent - """ RETURN = r""" diff --git a/plugins/modules/elb_target.py b/plugins/modules/elb_target.py index d7dfaf824cb..22074d496de 100644 --- a/plugins/modules/elb_target.py +++ b/plugins/modules/elb_target.py @@ -105,11 +105,9 @@ target_id: i-1234567 target_port: 8080 state: present - """ RETURN = r""" - """ from time import sleep diff --git a/plugins/modules/elb_target_group.py b/plugins/modules/elb_target_group.py index 4eb38f4c2d4..71a859ead28 100644 --- a/plugins/modules/elb_target_group.py +++ b/plugins/modules/elb_target_group.py @@ -270,7 +270,7 @@ Port: 80 state: present wait_timeout: 200 - wait: True + wait: true - name: Create a target group with IP address targets community.aws.elb_target_group: @@ -290,7 +290,7 @@ Port: 80 state: present wait_timeout: 200 - wait: True + wait: true # Using lambda as targets require that the target group # itself is allow to invoke the lambda function. @@ -303,7 +303,7 @@ name: my-lambda-targetgroup target_type: lambda state: present - modify_targets: False + modify_targets: false register: out - name: second, allow invoke of the lambda @@ -321,8 +321,7 @@ target_type: lambda state: present targets: - - Id: arn:aws:lambda:eu-central-1:123456789012:function:my-lambda-function - + - Id: arn:aws:lambda:eu-central-1:123456789012:function:my-lambda-function """ RETURN = r""" diff --git a/plugins/modules/elb_target_group_info.py b/plugins/modules/elb_target_group_info.py index bf02db21f15..d0b013bfd09 100644 --- a/plugins/modules/elb_target_group_info.py +++ b/plugins/modules/elb_target_group_info.py @@ -59,7 +59,6 @@ names: - tg1 - tg2 - """ RETURN = r""" diff --git a/plugins/modules/elb_target_info.py b/plugins/modules/elb_target_info.py index add122416d9..ad0b3c74b30 100644 --- a/plugins/modules/elb_target_info.py +++ b/plugins/modules/elb_target_info.py @@ -35,96 +35,95 @@ EXAMPLES = r""" # practical use case - dynamically de-registering and re-registering nodes - - name: Get EC2 Metadata - amazon.aws.ec2_metadata_facts: - - - name: Get initial list of target groups - delegate_to: localhost - community.aws.elb_target_info: - instance_id: "{{ ansible_ec2_instance_id }}" - region: "{{ ansible_ec2_placement_region }}" - register: target_info - - - name: save fact for later - ansible.builtin.set_fact: - original_tgs: "{{ target_info.instance_target_groups }}" - - - name: Deregister instance from all target groups - delegate_to: localhost - community.aws.elb_target: - target_group_arn: "{{ item.0.target_group_arn }}" - target_port: "{{ item.1.target_port }}" - target_az: "{{ item.1.target_az }}" - target_id: "{{ item.1.target_id }}" - state: absent - target_status: "draining" - region: "{{ ansible_ec2_placement_region }}" - with_subelements: - - "{{ original_tgs }}" - - "targets" - - # This avoids having to wait for 'elb_target' to serially deregister each - # target group. An alternative would be to run all of the 'elb_target' - # tasks async and wait for them to finish. - - - name: wait for all targets to deregister simultaneously - delegate_to: localhost - community.aws.elb_target_info: - get_unused_target_groups: false - instance_id: "{{ ansible_ec2_instance_id }}" - region: "{{ ansible_ec2_placement_region }}" - register: target_info - until: (target_info.instance_target_groups | length) == 0 - retries: 60 - delay: 10 - - - name: reregister in elbv2s - community.aws.elb_target: - region: "{{ ansible_ec2_placement_region }}" - target_group_arn: "{{ item.0.target_group_arn }}" - target_port: "{{ item.1.target_port }}" - target_az: "{{ item.1.target_az }}" - target_id: "{{ item.1.target_id }}" - state: present - target_status: "initial" - with_subelements: - - "{{ original_tgs }}" - - "targets" - - # wait until all groups associated with this instance are 'healthy' or - # 'unused' - - name: wait for registration - community.aws.elb_target_info: - get_unused_target_groups: false - instance_id: "{{ ansible_ec2_instance_id }}" - region: "{{ ansible_ec2_placement_region }}" - register: target_info - until: (target_info.instance_target_groups | - map(attribute='targets') | - flatten | - map(attribute='target_health') | - rejectattr('state', 'equalto', 'healthy') | - rejectattr('state', 'equalto', 'unused') | - list | - length) == 0 - retries: 61 - delay: 10 +- name: Get EC2 Metadata + amazon.aws.ec2_metadata_facts: + +- name: Get initial list of target groups + delegate_to: localhost + community.aws.elb_target_info: + instance_id: "{{ ansible_ec2_instance_id }}" + region: "{{ ansible_ec2_placement_region }}" + register: target_info + +- name: save fact for later + ansible.builtin.set_fact: + original_tgs: "{{ target_info.instance_target_groups }}" + +- name: Deregister instance from all target groups + delegate_to: localhost + community.aws.elb_target: + target_group_arn: "{{ item.0.target_group_arn }}" + target_port: "{{ item.1.target_port }}" + target_az: "{{ item.1.target_az }}" + target_id: "{{ item.1.target_id }}" + state: absent + target_status: "draining" + region: "{{ ansible_ec2_placement_region }}" + with_subelements: + - "{{ original_tgs }}" + - "targets" + + # This avoids having to wait for 'elb_target' to serially deregister each + # target group. An alternative would be to run all of the 'elb_target' + # tasks async and wait for them to finish. + +- name: wait for all targets to deregister simultaneously + delegate_to: localhost + community.aws.elb_target_info: + get_unused_target_groups: false + instance_id: "{{ ansible_ec2_instance_id }}" + region: "{{ ansible_ec2_placement_region }}" + register: target_info + until: (target_info.instance_target_groups | length) == 0 + retries: 60 + delay: 10 + +- name: reregister in elbv2s + community.aws.elb_target: + region: "{{ ansible_ec2_placement_region }}" + target_group_arn: "{{ item.0.target_group_arn }}" + target_port: "{{ item.1.target_port }}" + target_az: "{{ item.1.target_az }}" + target_id: "{{ item.1.target_id }}" + state: present + target_status: "initial" + with_subelements: + - "{{ original_tgs }}" + - "targets" + +# wait until all groups associated with this instance are 'healthy' or +# 'unused' +- name: wait for registration + community.aws.elb_target_info: + get_unused_target_groups: false + instance_id: "{{ ansible_ec2_instance_id }}" + region: "{{ ansible_ec2_placement_region }}" + register: target_info + until: (target_info.instance_target_groups | + map(attribute='targets') | + flatten | + map(attribute='target_health') | + rejectattr('state', 'equalto', 'healthy') | + rejectattr('state', 'equalto', 'unused') | + list | + length) == 0 + retries: 61 + delay: 10 # using the target groups to generate AWS CLI commands to reregister the # instance - useful in case the playbook fails mid-run and manual # rollback is required - - name: "reregistration commands: ELBv2s" - ansible.builtin.debug: - msg: > - aws --region {{ansible_ec2_placement_region}} elbv2 - register-targets --target-group-arn {{item.target_group_arn}} - --targets{%for target in item.targets%} - Id={{target.target_id}}, - Port={{target.target_port}}{%if target.target_az%},AvailabilityZone={{target.target_az}} - {%endif%} - {%endfor%} - loop: "{{target_info.instance_target_groups}}" - +- name: "reregistration commands: ELBv2s" + ansible.builtin.debug: + msg: > + aws --region {{ansible_ec2_placement_region}} elbv2 + register-targets --target-group-arn {{item.target_group_arn}} + --targets{%for target in item.targets%} + Id={{target.target_id}}, + Port={{target.target_port}}{%if target.target_az%},AvailabilityZone={{target.target_az}} + {%endif%} + {%endfor%} + loop: "{{target_info.instance_target_groups}}" """ RETURN = r""" diff --git a/plugins/modules/mq_broker.py b/plugins/modules/mq_broker.py index 25377407c2c..79ed8118d52 100644 --- a/plugins/modules/mq_broker.py +++ b/plugins/modules/mq_broker.py @@ -152,7 +152,7 @@ register: result until: "result.broker['BrokerState'] == 'RUNNING'" retries: 15 - delay: 60 + delay: 60 - name: create or update broker with almost all parameter set including credentials community.aws.mq_broker: @@ -174,11 +174,11 @@ - subnet_xxx - subnet_yyy users: - - Username: 'initial-user' - Password': 'plain-text-password' - ConsoleAccess: true + - Username: 'initial-user' + Password': 'plain-text-password' + ConsoleAccess: true tags: - - env: Test + env: Test creator: ansible authentication_strategy: 'SIMPLE' auto_minor_version_upgrade: true diff --git a/plugins/modules/mq_user.py b/plugins/modules/mq_user.py index 0daf4e5b6e6..68e1fd62912 100644 --- a/plugins/modules/mq_user.py +++ b/plugins/modules/mq_user.py @@ -67,7 +67,7 @@ broker_id: "aws-mq-broker-id" username: "sample_user1" console_access: false - groups: [ "g1", "g2" ] + groups: ["g1", "g2"] password: "plain-text-password" - name: allow console access and update group list - relying on default state @@ -76,7 +76,7 @@ username: "sample_user1" region: "{{ aws_region }}" console_access: true - groups: [ "g1", "g2", "g3" ] + groups: ["g1", "g2", "g3"] - name: remove user - setting all credentials explicitly community.aws.mq_user: diff --git a/plugins/modules/networkfirewall.py b/plugins/modules/networkfirewall.py index 2cab7e26dfc..f7fe63f3307 100644 --- a/plugins/modules/networkfirewall.py +++ b/plugins/modules/networkfirewall.py @@ -115,21 +115,21 @@ state: present policy: 'ExamplePolicy' subnets: - - 'subnet-123456789abcdef01' + - 'subnet-123456789abcdef01' # Create an AWS Network Firewall with various options, don't wait for creation # to finish. - community.aws.networkfirewall: name: 'ExampleFirewall' state: present - delete_protection: True + delete_protection: true description: "An example Description" policy: 'ExamplePolicy' - policy_change_protection: True + policy_change_protection: true subnets: - - 'subnet-123456789abcdef01' - - 'subnet-abcdef0123456789a' - subnet_change_protection: True + - 'subnet-123456789abcdef01' + - 'subnet-abcdef0123456789a' + subnet_change_protection: true tags: ExampleTag: Example Value another_tag: another_example diff --git a/plugins/modules/networkfirewall_rule_group.py b/plugins/modules/networkfirewall_rule_group.py index da67247aa96..9300036c5c7 100644 --- a/plugins/modules/networkfirewall_rule_group.py +++ b/plugins/modules/networkfirewall_rule_group.py @@ -365,8 +365,8 @@ domain_names: - 'example.com' - '.example.net' - filter_https: True - filter_http: True + filter_https: true + filter_http: true action: allow source_ips: '192.0.2.0/24' @@ -392,7 +392,6 @@ name: 'MinimalGroup' type: 'stateful' state: absent - """ RETURN = r""" diff --git a/plugins/modules/networkfirewall_rule_group_info.py b/plugins/modules/networkfirewall_rule_group_info.py index 3cf03e58baa..8b3c9d2305f 100644 --- a/plugins/modules/networkfirewall_rule_group_info.py +++ b/plugins/modules/networkfirewall_rule_group_info.py @@ -66,7 +66,6 @@ - community.aws.networkfirewall_rule_group_info: name: ExampleRuleGroup type: stateful - """ RETURN = r""" diff --git a/plugins/modules/opensearch.py b/plugins/modules/opensearch.py index 1c8f0deb582..d89e173bba2 100644 --- a/plugins/modules/opensearch.py +++ b/plugins/modules/opensearch.py @@ -450,16 +450,16 @@ auto_tune_options: enabled: true maintenance_schedules: - - start_at: "2025-01-12" - duration: - value: 1 - unit: "HOURS" - cron_expression_for_recurrence: "cron(0 12 * * ? *)" - - start_at: "2032-01-12" - duration: - value: 2 - unit: "HOURS" - cron_expression_for_recurrence: "cron(0 12 * * ? *)" + - start_at: "2025-01-12" + duration: + value: 1 + unit: "HOURS" + cron_expression_for_recurrence: "cron(0 12 * * ? *)" + - start_at: "2032-01-12" + duration: + value: 2 + unit: "HOURS" + cron_expression_for_recurrence: "cron(0 12 * * ? *)" tags: Environment: Development Application: Search @@ -478,7 +478,6 @@ cluster_config: instance_count: 40 wait: true - """ import datetime diff --git a/plugins/modules/redshift_subnet_group.py b/plugins/modules/redshift_subnet_group.py index 3d693cc23ac..2ae3a24059e 100644 --- a/plugins/modules/redshift_subnet_group.py +++ b/plugins/modules/redshift_subnet_group.py @@ -51,8 +51,8 @@ group_name: redshift-subnet group_description: Redshift subnet group_subnets: - - 'subnet-aaaaa' - - 'subnet-bbbbb' + - 'subnet-aaaaa' + - 'subnet-bbbbb' - name: Remove subnet group community.aws.redshift_subnet_group: diff --git a/plugins/modules/s3_logging.py b/plugins/modules/s3_logging.py index 193455a4be2..3a78749945f 100644 --- a/plugins/modules/s3_logging.py +++ b/plugins/modules/s3_logging.py @@ -56,7 +56,6 @@ community.aws.s3_logging: name: mywebsite.com state: absent - """ try: diff --git a/plugins/modules/s3_metrics_configuration.py b/plugins/modules/s3_metrics_configuration.py index d90e7d0e603..4e62b7bf8e4 100644 --- a/plugins/modules/s3_metrics_configuration.py +++ b/plugins/modules/s3_metrics_configuration.py @@ -93,7 +93,6 @@ bucket_name: my-bucket id: EntireBucket state: absent - """ try: diff --git a/plugins/modules/s3_website.py b/plugins/modules/s3_website.py index 38c411b1fe2..1c212d11789 100644 --- a/plugins/modules/s3_website.py +++ b/plugins/modules/s3_website.py @@ -68,7 +68,6 @@ suffix: home.htm error_key: errors/404.htm state: present - """ RETURN = r""" diff --git a/plugins/modules/ses_identity.py b/plugins/modules/ses_identity.py index e324a7e12f7..785519bd3ba 100644 --- a/plugins/modules/ses_identity.py +++ b/plugins/modules/ses_identity.py @@ -84,7 +84,7 @@ - Whether or not to enable feedback forwarding. - This can only be false if both I(bounce_notifications) and I(complaint_notifications) specify SNS topics. type: 'bool' - default: True + default: true extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules @@ -115,7 +115,7 @@ community.aws.sns_topic: name: "complaints-topic" state: present - purge_subscriptions: False + purge_subscriptions: false register: topic_info - name: Deliver feedback to topic instead of owner email @@ -124,11 +124,11 @@ state: present complaint_notifications: topic: "{{ topic_info.sns_arn }}" - include_headers: True + include_headers: true bounce_notifications: topic: "{{ topic_info.sns_arn }}" - include_headers: False - feedback_forwarding: False + include_headers: false + feedback_forwarding: false # Create an SNS topic for delivery notifications and leave complaints # Being forwarded to the identity owner email @@ -136,7 +136,7 @@ community.aws.sns_topic: name: "delivery-notifications-topic" state: present - purge_subscriptions: False + purge_subscriptions: false register: topic_info - name: Delivery notifications to topic diff --git a/plugins/modules/sns_topic.py b/plugins/modules/sns_topic.py index 03e69d8c40f..0fe7fbe3390 100644 --- a/plugins/modules/sns_topic.py +++ b/plugins/modules/sns_topic.py @@ -179,7 +179,7 @@ numMinDelayRetries: 2 numNoDelayRetries: 2 backoffFunction: "linear" - disableSubscriptionOverrides: True + disableSubscriptionOverrides: true defaultThrottlePolicy: maxReceivesPerSecond: 10 subscriptions: diff --git a/plugins/modules/sts_session_token.py b/plugins/modules/sts_session_token.py index 044a6367b58..cb9f99fd3a9 100644 --- a/plugins/modules/sts_session_token.py +++ b/plugins/modules/sts_session_token.py @@ -73,8 +73,7 @@ resource: i-xyzxyz01 state: present tags: - MyNewTag: value - + MyNewTag: value """ try: diff --git a/plugins/modules/waf_condition.py b/plugins/modules/waf_condition.py index aed48130d3c..5b08cb6de86 100644 --- a/plugins/modules/waf_condition.py +++ b/plugins/modules/waf_condition.py @@ -139,71 +139,70 @@ """ EXAMPLES = r""" - - name: create WAF byte condition - community.aws.waf_condition: - name: my_byte_condition - filters: +- name: create WAF byte condition + community.aws.waf_condition: + name: my_byte_condition + filters: - field_to_match: header position: STARTS_WITH target_string: Hello header: Content-type - type: byte - - - name: create WAF geo condition - community.aws.waf_condition: - name: my_geo_condition - filters: - - country: US - - country: AU - - country: AT - type: geo - - - name: create IP address condition - community.aws.waf_condition: - name: "{{ resource_prefix }}_ip_condition" - filters: - - ip_address: "10.0.0.0/8" - - ip_address: "192.168.0.0/24" - type: ip - - - name: create WAF regex condition - community.aws.waf_condition: - name: my_regex_condition - filters: - - field_to_match: query_string - regex_pattern: - name: greetings - regex_strings: - - '[hH]ello' - - '^Hi there' - - '.*Good Day to You' - type: regex - - - name: create WAF size condition - community.aws.waf_condition: - name: my_size_condition - filters: - - field_to_match: query_string - size: 300 - comparison: GT - type: size - - - name: create WAF sql injection condition - community.aws.waf_condition: - name: my_sql_condition - filters: - - field_to_match: query_string - transformation: url_decode - type: sql - - - name: create WAF xss condition - community.aws.waf_condition: - name: my_xss_condition - filters: - - field_to_match: query_string - transformation: url_decode - type: xss - + type: byte + +- name: create WAF geo condition + community.aws.waf_condition: + name: my_geo_condition + filters: + - country: US + - country: AU + - country: AT + type: geo + +- name: create IP address condition + community.aws.waf_condition: + name: "{{ resource_prefix }}_ip_condition" + filters: + - ip_address: "10.0.0.0/8" + - ip_address: "192.168.0.0/24" + type: ip + +- name: create WAF regex condition + community.aws.waf_condition: + name: my_regex_condition + filters: + - field_to_match: query_string + regex_pattern: + name: greetings + regex_strings: + - '[hH]ello' + - '^Hi there' + - '.*Good Day to You' + type: regex + +- name: create WAF size condition + community.aws.waf_condition: + name: my_size_condition + filters: + - field_to_match: query_string + size: 300 + comparison: GT + type: size + +- name: create WAF sql injection condition + community.aws.waf_condition: + name: my_sql_condition + filters: + - field_to_match: query_string + transformation: url_decode + type: sql + +- name: create WAF xss condition + community.aws.waf_condition: + name: my_xss_condition + filters: + - field_to_match: query_string + transformation: url_decode + type: xss """ RETURN = r""" diff --git a/plugins/modules/waf_rule.py b/plugins/modules/waf_rule.py index a744d8747d8..87a02bbbdda 100644 --- a/plugins/modules/waf_rule.py +++ b/plugins/modules/waf_rule.py @@ -73,24 +73,24 @@ """ EXAMPLES = r""" - - name: create WAF rule - community.aws.waf_rule: - name: my_waf_rule - conditions: - - name: my_regex_condition - type: regex - negated: false - - name: my_geo_condition - type: geo - negated: false - - name: my_byte_condition - type: byte - negated: true - - - name: remove WAF rule - community.aws.waf_rule: - name: "my_waf_rule" - state: absent +- name: create WAF rule + community.aws.waf_rule: + name: my_waf_rule + conditions: + - name: my_regex_condition + type: regex + negated: false + - name: my_geo_condition + type: geo + negated: false + - name: my_byte_condition + type: byte + negated: true + +- name: remove WAF rule + community.aws.waf_rule: + name: "my_waf_rule" + state: absent """ RETURN = r""" diff --git a/plugins/modules/waf_web_acl.py b/plugins/modules/waf_web_acl.py index b8e4d9e6290..021ca568d80 100644 --- a/plugins/modules/waf_web_acl.py +++ b/plugins/modules/waf_web_acl.py @@ -87,21 +87,21 @@ """ EXAMPLES = r""" - - name: create web ACL - community.aws.waf_web_acl: - name: my_web_acl - rules: - - name: my_rule - priority: 1 - action: block - default_action: block - purge_rules: true - state: present - - - name: delete the web acl - community.aws.waf_web_acl: - name: my_web_acl - state: absent +- name: create web ACL + community.aws.waf_web_acl: + name: my_web_acl + rules: + - name: my_rule + priority: 1 + action: block + default_action: block + purge_rules: true + state: present + +- name: delete the web acl + community.aws.waf_web_acl: + name: my_web_acl + state: absent """ RETURN = r""" diff --git a/plugins/modules/wafv2_web_acl.py b/plugins/modules/wafv2_web_acl.py index acc5345be34..054c093c532 100644 --- a/plugins/modules/wafv2_web_acl.py +++ b/plugins/modules/wafv2_web_acl.py @@ -246,7 +246,6 @@ content: '{ message: "Your request has been blocked due to too many HTTP requests coming from your IP" }' region: us-east-1 state: present - """ RETURN = r""" diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt index e69de29bb2d..67d3693df63 100644 --- a/tests/sanity/ignore-2.14.txt +++ b/tests/sanity/ignore-2.14.txt @@ -0,0 +1,2 @@ +plugins/connection/aws_ssm.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 +plugins/inventory/aws_mq.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index e69de29bb2d..67d3693df63 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -0,0 +1,2 @@ +plugins/connection/aws_ssm.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 +plugins/inventory/aws_mq.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt new file mode 100644 index 00000000000..67d3693df63 --- /dev/null +++ b/tests/sanity/ignore-2.16.txt @@ -0,0 +1,2 @@ +plugins/connection/aws_ssm.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 +plugins/inventory/aws_mq.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt new file mode 100644 index 00000000000..67d3693df63 --- /dev/null +++ b/tests/sanity/ignore-2.17.txt @@ -0,0 +1,2 @@ +plugins/connection/aws_ssm.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 +plugins/inventory/aws_mq.py yamllint:unparsable-with-libyaml # bug in ansible-test - https://github.com/ansible/ansible/issues/82353 diff --git a/tox.ini b/tox.ini index e425f3a6494..179ed761c7c 100644 --- a/tox.ini +++ b/tox.ini @@ -4,7 +4,7 @@ envlist = clean,ansible{2.12,2.13}-py{38,39,310}-{with_constraints,without_const # Tox4 supports labels which allow us to group the environments rather than dumping all commands into a single environment labels = format = flynt, black, isort - lint = complexity-report, black-lint, isort-lint, flake8-lint, flynt-lint + lint = complexity-report, ansible-lint, black-lint, isort-lint, flake8-lint, flynt-lint units = ansible{2.12,2.13}-py{38,39,310}-{with_constraints,without_constraints} [common] @@ -36,6 +36,12 @@ deps = flake8-html commands = -flake8 --select C90 --max-complexity 10 --format=html --htmldir={posargs:complexity} plugins +[testenv:ansible-lint] +deps = + ansible-lint +commands = + ansible-lint {toxinidir}/plugins + [testenv:black] depends = flynt, isort