Version information
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 6.0.0
- , , , , , , , , ,
Tasks:
- create_instance
- install_deps
- purge_instance
- show_instance
- show_securitygroup
- show_vpc
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-aws', '2.1.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
- Creating resources
- Creating a stack
- Managing resources from the command line
- Managing AWS infrastructure
Overview
The aws module manages Amazon Web Services (AWS) resources to build out cloud infrastructure.
Description
Amazon Web Services exposes a powerful API for creating and managing its infrastructure as a service platform. The aws module allows you to drive that API using Puppet code.
In the simplest case, this allows you to create new EC2 instances from Puppet code. More importantly, it allows you to describe your entire AWS infrastructure and to model the relationships between different components.
This module now includes tasks which will facilitate in installing the module dependencies and listing a subset of EC2 instances for you.
Setup
Requirements
- Puppet 4.7 or greater
- Ruby 1.9 or greater
- Amazon AWS Ruby SDK (available as a gem)
- Retries gem
Installing the aws module
-
Install the retries gem and the Amazon AWS Ruby SDK gem, using the same Ruby used by Puppet. For Puppet 4.x and beyond, install the gems with this command:
'/opt/puppetlabs/puppet/bin/gem install aws-sdk retries'
-
Set these environment variables for your AWS access credentials:
export AWS_ACCESS_KEY_ID=your_access_key_id export AWS_SECRET_ACCESS_KEY=your_secret_access_keyAlternatively, you can place the credentials in a file at '~/.aws/credentials' based on the following template:
[default] aws_access_key_id = your_access_key_id aws_secret_access_key = your_secret_access_keyIf you have Puppet running on AWS, and you're running the module examples, you can instead use IAM. To do this, assign the correct role to the instance from which you're running the examples. For a sample profile with all the required permissions, see the IAM profile example.
-
Finally, install the module with:
puppet module install puppetlabs-aws
A note on regions
By default the module looks through all regions in AWS when determining if something is available. This can be a little slow. If you know what you're doing you can speed things up by targeting a single region using an environment variable.
export AWS_REGION=eu-west-1
A note on proxies
By default the module accesses the AWS API directly, but if you're in an environment that doesn't have direct access you can provide a proxy setting for all traffic like so:
export PUPPET_AWS_PROXY=http://localhost:8888
Configuring the aws module using an ini file
The AWS region and HTTP proxy can be provided in a file called 'puppetlabs_aws_configuration.ini' in the Puppet confdir ('$settings::confdir') using this format:
[default]
region = us-east-1
http_proxy = http://proxy.example.com:80
Usage
Creating resources
You can set up EC2 instances with a variety of AWS features, as well as a VPC, security group, and load balancer.
Setup a VPC:
ec2_vpc { 'name-of-vpc':
ensure => present,
region => 'us-east-1',
cidr_block => '10.0.0.0/24',
tags => {
tag_name => 'value',
},
}
Setup a subnet:
ec2_vpc_subnet { 'name-of-subnet':
ensure => present,
region => 'us-east-1',
cidr_block => '10.0.0.0/24',
availability_zone => 'us-east-1a',
map_public_ip_on_launch => true,
vpc => 'name-of-vpc,
tags => {
tag_name => 'value',
},
}
Setup a security group:
ec2_securitygroup { 'name-of-security-group':
ensure => present,
region => 'us-east-1',
vpc => 'name-of-vpc',
description => 'a description of the group',
ingress => [{
protocol => 'tcp',
port => 22,
cidr => '0.0.0.0/0',
}],
tags => {
tag_name => 'value',
},
}
Setup an instance:
ec2_instance { 'name-of-instance':
ensure => running,
region => 'us-east-1',
availability_zone => 'us-east-1a',
image_id => 'ami-123456', # you need to select your own AMI
instance_type => 't2.micro',
key_name => 'name-of-existing-key',
subnet => 'name-of-subnet',
security_groups => ['name-of-security-group'],
tags => {
tag_name => 'value',
},
}
Setup a load balancer:
elb_loadbalancer { 'name-of-load-balancer':
ensure => present,
region => 'us-east-1',
availability_zones => ['us-east-1a', 'us-east-1b'],
instances => ['name-of-instance', 'another-instance'],
security_groups => ['name-of-security-group'],
listeners => [
{
protocol => 'HTTP',
load_balancer_port => 80,
instance_protocol => 'HTTP',
instance_port => 80,
},{
protocol => 'HTTPS',
load_balancer_port => 443,
instance_protocol => 'HTTPS',
instance_port => 8080,
ssl_certificate_id => 'arn:aws:iam::123456789000:server-certificate/yourcert.com',
policies => [
{
'policy_type' => 'SSLNegotiationPolicyType',
'policy_attributes' => {
'Protocol-TLSv1.1' => false,
'Protocol-TLSv1.2' => true,
}
}
]
}
],
health_check => {
'healthy_threshold' => '10',
'interval' => '30',
'target' => 'HTTP:80/health_check',
'timeout' => '5',
'unhealthy_threshold' => '2'
},
tags => {
tag_name => 'value',
},
}
To destroy any of these resources, set ensure => absent.
Creating a stack
Let's create a simple stack, with a load balancer, instances, and security groups.
WWW
+
|
+----------------|-----------------+
| +----------v-----------+ |
lb-sg | | lb-1 | |
| +----+------------+----+ |
+----------|------------|----------+
+----------|------------|----------+
| +----v----+ +----v----+ |
| | | | | |
web-sg | | web-1 | | web-2 | |
| | | | | |
| +----+----+ +----+----+ |
+----------|------------|----------+
+----------|------------|----------+
| +----v----+ | |
| | | | |
db-sg | | db-1 <-------+ |
| | | |
| +---------+ |
+----------------------------------+
We've supplied code for the creation of this stack in this module's tests directory. To run this code with Puppet apply, run:
puppet apply tests/create.pp --test
If you want to try this out from this directory without installing the module, run the following:
puppet apply tests/create.pp --modulepath ../ --test
To destroy the resources created by the above, run the following:
puppet apply tests/destroy.pp --test
Managing resources from the command line
The module has basic puppet resource support, so you can manage AWS resources from the command line.
For example, the following command lists all the security groups:
puppet resource ec2_securitygroup
You can also create new resources:
puppet resource ec2_securitygroup test-group ensure=present description="test description" region=us-east-1
and then destroy them, all from the command line:
puppet resource ec2_securitygroup test-group ensure=absent region=sa-east-1
Managing AWS infrastructure
You can use the aws module to audit AWS resources, launch autoscaling groups in VPC, perform unit testing, and more. The examples directory in the module contains a variety of usage examples that should give you an idea of what's possible:
- Puppet Enterprise: Start up a small Puppet Enterprise cluster using the AWS module.
- Managing DNS: Manage DNS records in Amazon Route53 using Puppet.
- Data Driven Manifests: Automatically generate resources based on a data structure.
- Hiera Example: Store common information like region or AMI id in Hiera.
- Infrastructure as YAML: Describe an entire infrastructure stack in YAML, and use
create_resourcesand Hiera to build your infrastructure. - Auditing Resources: Audit AWS resource changes and work alongside other tools.
- Unit Testing: Test your AWS code with Puppet testing tools like rspec-puppet.
- Virtual Private Cloud: Use the Puppet DSL to manage a AWS VPC environment.
- Using IAM permissions: Control the API permissions required by the module with an IAM profile.
- Elastic IP Addresses: Attach existing elastic IP addresses to instances managed by Puppet.
- Create your own abstractions: Use Puppet's defined types to better model your own infrastructure.
- Distribute instances across availability zones: Use the future parser and stdlib functions to launch instances balanced across different availability zones.
Reference
Types
cloudformation_stack: Create, update, or destroy a CloudFormation Stack.cloudfront_distribution: Sets up a CloudFront distribution.ec2_instance: Sets up an EC2 instance.ec2_securitygroup: Sets up an EC2 security group.ec2_volume: Sets up an EC2 EBS volume.elb_loadbalancer: Sets up an ELB load balancer.cloudwatch_alarm: Sets up a Cloudwatch Alarm.ec2_autoscalinggroup: Sets up an EC2 auto scaling group.ec2_elastic_ip: Sets up an Elastic IP and its association.ec2_launchconfiguration: Sets up an EC2 launch configuration to provide autoscaling support.ec2_scalingpolicy: Sets up an EC2 scaling policy.ec2_vpc: Sets up an AWS VPC.ec2_vpc_customer_gateway: Sets up an AWS VPC customer gateway.ec2_vpc_dhcp_options: Sets a DHCP option AWS VPC.ec2_vpc_internet_gateway: Sets up an EC2 VPC Internet Gateway.ec2_vpc_routetable: Sets up a VPC route table.ec2_vpc_subnet: Sets up a VPC subnet.ec2_vpc_vpn: Sets up an AWS Virtual Private Network.ec2_vpc_vpn_gateway: Sets up a VPN gateway.ecs_cluster: Manage an Ec2 Container Service cluster.ecs_service: Manage an Ec2 Container Service service.ecs_task_definition: Manage an Ec2 Container Service task definition.iam_group: Manage IAM groups and their membership.iam_instance_profile: Manage IAM instance profiles.iam_policy: Manage an IAM 'managed' policy.iam_policy_attachment: Manage an IAM 'managed' policy attachments.iam_role: Manage an IAM role.iam_user: Manage IAM users.kms: Manage KMS keys and their policies.rds_db_parameter_group: Allows read access to DB Parameter Groups.rds_db_securitygroup: Sets up an RDS DB Security Group.rds_db_subnet_group: Sets up an RDS DB Subnet Group.rds_instance: Sets up an RDS Database instance.route53_a_record: Sets up a Route53 DNS record.route53_aaaa_record: Sets up a Route53 DNS AAAA record.route53_cname_record: Sets up a Route53 CNAME record.route53_mx_record: Sets up a Route53 MX record.route53_ns_record: Sets up a Route53 DNS record.route53_ptr_record: Sets up a Route53 PTR record.route53_spf_record: Sets up a Route53 SPF record.route53_srv_record: Sets up a Route53 SRV record.route53_txt_record: Sets up a Route53 TXT record.route53_zone: Sets up a Route53 DNS zone.s3_bucket: Sets up an S3 bucket.sqs_queue: Sets up an SQS queue.
Parameters
Type: cloudformation_stack
capabilities
Optional.
The list of stack capabilities.
Valid values are: 'CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM', an empty list, or unspecified.
change_set_id
Read-only.
Unique identifier of the stack.
creation_time
Read-only.
The time at which the stack was created.
description
Read-only.
A user-defined description found in the cloud formation template associated with the stack.
disable_rollback
Optional.
Whether to disable rollback on stack creation failures.
Valid values are: true, false.
ensure
Required.
The ensure value for the stack.
'present' will create the stack but not apply updates.
'updated' will create or apply any updates to the stack.
'absent' will delete the stack.
Valid values are: 'present', 'updated', 'absent'.
id
Read-only.
The unique ID of the stack.
last_updated_time
Read-only.
The time the stack was last updated.
name
Required.
The name of the stack.
notification_arns
Optional.
List of SNS topic ARNs to which stack related events are published.
on_failure
Optional.
Determines what action will be taken if stack creation fails.
You can specify either 'on_failure' or 'disable_rollback', but not both.
Valid values are: 'DO_NOTHING', 'ROLLBACK', 'DELETE'.
outputs
Read-only.
A hash of stack outputs.
parameters
Optional.
A hash of input parameters.
policy_body
Optional.
Structure containing the stack policy body.
For more information, go to prevent updates to Stack Resources in the AWS CloudFormation User Guide.
You can specify either the policy_body or the policy_url parameter, but not both.
policy_url
Optional.
Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same region as the stack.
You can specify either the policy_body or the policy_url parameter, but not both.
region
Required.
The region in which to launch the stack.
resource_types
Optional.
The list of resource types that you have permissions to work with for this stack.
role_arn
Optional.
The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
status
Read-only.
The status of the stack.
Valid values are: 'CREATE_IN_PROGRESS', 'CREATE_FAILED', 'CREATE_COMPLETE', 'ROLLBACK_IN_PROGRESS', 'ROLLBACK_FAILED', 'ROLLBACK_COMPLETE', 'DELETE_IN_PROGRESS', 'DELETE_FAILED', 'DELETE_COMPLETE', 'UPDATE_IN_PROGRESS', 'UPDATE_COMPLETE_CLEANUP_IN_PROGRESS', 'UPDATE_COMPLETE', 'UPDATE_ROLLBACK_IN_PROGRESS', 'UPDATE_ROLLBACK_FAILED', 'UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS', 'UPDATE_ROLLBACK_COMPLETE', 'REVIEW_IN_PROGRESS'.
tags
Optional.
The tags for the instance.
template_body
Optional.
Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
For more information, go to Template Anatomy in the AWS CloudFormation User Guide.
template_url
Optional.
Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket.
For more information, go to the Template Anatomy in the AWS CloudFormation User Guide.
timeout_in_minutes
Optional.
The amount of time within which stack creation should complete.
Type: cloudfront_distribution
ensure
Specifies the basic state of the resource.
Valid values are: 'present', 'absent'.
arn
Read-only.
The AWS-generated ARN of the distribution.
id
Read-only.
The AWS-generated ID of the distribution.
status
Read-only.
The AWS-reported status of the distribution.
comment
Optional.
The comment on the distribution.
enabled
Optional.
Whether the distribution is enabled.
price_class
Optional.
The price class of the distribution.
Valid values are: 'all, 100, 200.
Default value: all.
Accepts one value only.
origins
Required.
An array of at least one origin. Each origin is a hash with the following keys:
type—
Required.
The origin type. 'S3' is not yet supported.
Valid values are: 'custom'.
id—
Required.
The origin ID. Must be unique within the distribution. Used to identify the origin for caching rules.
domain_name—
Required.
The origin domain name.
path—
Optional.
The origin path. Defaults to no path.
http_port—
Required for custom origins.
The port the origin is listening on for HTTP connections.
https_port—
Required for custom origins.
The port the origin is listening on for HTTPS connections.
protocol_policy—
Required for custom origins.
Which protocols the origin accepts.
Accepts only one value.
Valid values: 'http-only', 'https-only', 'match-viewer'.
protocols—
Required for custom origins.
An array of SSL and TLS versions the origin accepts.
Accepts at least one value.
Valid values: 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2'.
tags
Optional.
The tags for the distribution.
Accepts a key => value hash of tags.
Excludes 'Name' tag.
Type: ec2_instance
ensure
Specifies the basic state of the resource.
Valid values are: 'present', 'absent', 'running', 'stopped'.
name
Required.
The name of the instance. This is the value of the AWS Name tag.
security_groups
Optional.
The security groups with which to associate the instance.
Accepts an array of security group names.
tags
Optional.
The tags for the instance.
Accepts a key => value hash of tags.
user_data
Optional.
User data script to execute on new instance.
This parameter is set at creation only; it is not affected by updates.
key_name
The name of the key pair associated with this instance. This must be an existing key pair already uploaded to the region in which you're launching the instance.
This parameter is set at creation only; it is not affected by updates.
monitoring
Optional.
Whether or not monitoring is enabled for this instance.
This parameter is set at creation only; it is not affected by updates.
Valid values are: true, false.
Default value: false.
region
Required.
The region in which to launch the instance.
Valid values are:
See AWS Regions.
image_id
Required.
The image id to use for the instance.
This parameter is set at creation only; it is not affected by updates.
See Amazon Machine Image (AMI).
availability_zone
Optional.
The availability zone in which to place the instance.
This parameter is set at creation only; it is not affected by updates.
Valid values are:
See AWS Regions and Availability Zones.
instance_type
Required.
The type to use for the instance.
This parameter is set at creation only; it is not affected by updates.
See Amazon EC2 Instances for available types.
tenancy
Optional.
Dedicated instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that's dedicated to a single customer.
Valid values are: 'dedicated' and 'default'.
Default value: 'default'.
private_ip_address
Optional.
The private IP address for the instance.
This parameter is set at creation only; it is not affected by updates.
Valid values are:
Valid IPv4 address.
associate_public_ip_address
Optional.
Whether to assign a public interface in a VPC.
This parameter is set at creation only; it is not affected by updates.
Valid values are: true, false.
Default value: false.
subnet
Optional.
The VPC subnet to attach the instance to.
This parameter is set at creation only; it is not affected by updates.
Accepts the name of the subnet; this is the value of the Name tag for the subnet. If you're describing the subnet in Puppet, then this value is the name of the resource.
ebs_optimized
Optional.
Whether or not to use optimized storage for the instance.
This parameter is set at creation only; it is not affected by updates.
Valid values are: true, false.
Default value: false.
instance_initiated_shutdown_behavior
Optional.
Whether the instance stops or terminates when you initiate shutdown from the instance.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 'stop', 'terminate'.
Default value: 'stop'.
block_devices
Optional.
A list of block devices to associate with the instance.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of hashes with the 'device name', 'volume size', 'delete on termination flag', and 'volume type' specified:
block_devices => [
{
device_name => '/dev/sda1',
volume_size => 8,
delete_on_termination => 'true',
volume_type => 'gp2',
}
]
block_devices => [
{
device_name => '/dev/sda1',
snapshot_id => 'snap-29a6ca13',
}
]
instance_id
Read-only.
The AWS generated id for the instance.
hypervisor
Read-only.
The type of hypervisor running the instance.
virtualization_type
Read-only.
The underlying virtualization of the instance.
public_ip_address
Read-only.
The public IP address for the instance.
private_dns_name
Read-only.
The internal DNS name for the instance.
public_dns_name
Read-only.
The publicly available DNS name for the instance.
kernel_id
Read-only.
The ID of the kernel in use by the instance.
iam_instance_profile_name
The user provided name for the IAM profile to associate with the instance.
iam_instance_profile_arn
The Amazon Resource Name for the associated IAM profile.
interfaces
Read-only.
The AWS generated interfaces hash for the instance.
Type: ec2_securitygroup
name
Required.
The name of the security group. This is the value of the AWS Name tag.
region
Required.
The region in which to launch the security group.
Valid values are:
See AWS Regions.
ingress
Optional.
Rules for ingress traffic.
Accepts an array.
id
Read-only.
Unique string enumerated from existing resources uniquely identifying the security group.
tags
Optional.
The tags for the security group.
Accepts a key => value hash of tags.
description
Required.
A short description of the group.
This parameter is set at creation only; it is not affected by updates.
vpc
Optional.
The VPC to which the group should be associated.
This parameter is set at creation only; it is not affected by updates.
Accepts the value of the Name tag for the VPC.
Type: elb_loadbalancer
name
Required.
The name of the load balancer. This is the value of the AWS Name tag.
region
Required.
The region in which to launch the load balancer.
Valid values are:
See AWS Regions.
listeners
Required.
The ports and protocols the load balancer listens to.
Accepts an array of the following values:
- protocol
- load_balancer_port
- instance_protocol
- instance_port
- ssl_certificate_id (required if protocol is HTTPS)
- policy_names (optional array of policy name strings for HTTPS)
health_check
The configuration for an ELB health check used to determine the health of the back- end instances.
Accepts a hash with the following keys:
- healthy_threshold
- interval
- target
- timeout
- unhealthy_threshold
tags
Optional.
The tags for the load balancer.
This parameter is set at creation only; it is not affected by updates.
Accepts a key => value hash of tags.
subnets
Optional.
The subnet in which the load balancer should be launched.
Accepts an array of subnet names, i.e., the Name tags on the subnets. You can only set one of 'availability_zones' or 'subnets'.
security_groups
Optional.
The security groups to associate with the load balancer (VPC only).
Accepts an array of security group names, i.e., the Name tag on the security groups.
availability_zones
Optional.
The availability zones in which to launch the load balancer.
This parameter is set at creation only; it is not affected by updates.
Accepts an array on availability zone codes.
Valid values are:
See AWS Regions and Availability Zones. You can only set one of 'availability_zones' or 'subnets'.
instances
Optional.
The instances to associate with the load balancer.
Valid values are:
Accepts an array of names, i.e., the Name tag on the instances.
scheme
Optional.
Whether the load balancer is internal or public facing.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 'internal', 'internet-facing'.
Default value: 'internet-facing' and makes the load balancer publicly available.
Type: ec2_volume
name
Required.
The name of the volume.
region
Required.
The region in which to create the volume.
Valid values are:
See AWS Regions.
size
Conditional.
The size of the EBS volume in GB. if restoring from snapshot this parameter is not required.
iops
Optional.
Only valid for Provisioned IOPS SSD volumes. The number of I/O operations per second (IOPS) to provision for the volume, with a maximum ratio of 50 IOPS/GiB.
availability_zone
Required.
The availability zones in which to create the volume.
Accepts an array of availability zone codes.
Valid values are:
See AWS Regions and Availability Zones.
volume_type
Required.
The volume type. This can be gp2 for General Purpose SSD, io1 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic volumes.
encrypted
Optional.
Specifies whether the volume should be encrypted. Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are automatically encrypted. There is no way to create an encrypted volume from an unencrypted snapshot or vice versa.
kms_key_id
Optional.
The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used.
snapshot_id
Optional.
The snapshot from which to create the volume.
Type: cloudwatch_alarm
name
Required.
The name of the alarm. This is the value of the AWS Name tag.
metric
Required.
The name of the metric to track.
namespace
Required.
The namespace of the metric to track.
statistic
Required.
The statistic to track for the metric.
period
Required.
The periodicity of the alarm check, i.e., how often the alarm check should run.
evaluation_periods
Required.
The number of checks to use to confirm the alarm.
threshold
Required.
The threshold used to trigger the alarm.
comparison_operator
Required.
The operator to use to test the metric.
region
Required.
The region in which to launch the instances.
Valid values are:
See AWS Regions.
dimensions
Optional.
The dimensions by which to filter the alarm by.
For more information about EC2 dimensions, see AWS Dimensions and Metrics documentation.
alarm_actions
Optional.
The actions to trigger when the alarm triggers.
This parameter is set at creation only; it is not affected by updates.
This parameter currently supports only named scaling policies.
Type: ec2_autoscalinggroup
name
Required.
The name of the auto scaling group. This is the value of the AWS Name tag.
min_size
Required.
The minimum number of instances in the group.
max_size
Required.
The maximum number of instances in the group.
desired_capacity
Optional.
The number of EC2 instances that should be running in the group. This number must be greater than or equal to the minimum size of the group and less than or equal to the maximum size of the group.
Default value: min_size.
default_cooldown
Optional.
The amount of time, in seconds, after a scaling activity completes before another scaling activity can start.
health_check_type
Optional.
The service to use for the health checks.
Valid values are: 'EC2' and 'ELB'.
health_check_grace_period
Optional.
The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.
Default value: 300. This parameter is required if you are adding an ELB health check.
new_instances_protected_from_scale_in
Optional.
Indicates whether newly launched instances are protected from termination by Auto Scaling when scaling in.
Default value: true.
region
Required.
The region in which to launch the instances.
Valid values are:
See AWS Regions.
launch_configuration
Required.
The name of the launch configuration to use for the group. This is the value of the AWS Name tag.
availability_zones
Required.
The availability zones in which to launch the instances.
Accepts an array of availability zone codes.
Valid values are:
See AWS Regions and Availability Zones.
load_balancers
Optional.
A list of load balancer names that should be attached to this autoscaling group.
target_groups
Optional.
A list of ELBv2 Target Group names that should be attached to this autoscaling group.
subnets
Optional.
The subnets to associate with the autoscaling group.
termination_policies
Optional.
A list of termination policies to use when scaling in instances.
Valid values are:
See Controlling Which Instances Auto Scaling Terminates During Scale In.
tags
Optional.
The tags to assign to the autoscaling group.
Accepts a key => value hash of tags. The tags are not propagated to launched instances.
Type: ec2_elastic_ip
ensure
Specifies that basic state of the resource.
Valid values are: 'attached', 'detached'.
name
Required.
The IP address of the Elastic IP.
Valid values are:
A valid IPv4 address of an already existing elastic IP.
region
Required.
The region in which the Elastic IP is found.
Valid values are:
See AWS Regions.
instance
Required.
The name of the instance associated with the Elastic IP. This is the value of the AWS Name tag.
Type: ec2_launchconfiguration
name
Required.
The name of the launch configuration. This is the value of the AWS Name tag.
security_groups
Required.
The security groups to associate with the instances.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of security group names, i.e., the Name tags on the security groups.
user_data
Optional.
User data script to execute on new instances.
This parameter is set at creation only; it is not affected by updates.
key_name
Optional.
The name of the key pair associated with this instance.
This parameter is set at creation only; it is not affected by updates.
region
Required.
The region in which to launch the instances.
Valid values are:
See AWS Regions.
instance_type
Required.
The type to use for the instances.
This parameter is set at creation only; it is not affected by updates.
See Amazon EC2 Instances for available types.
image_id
Required.
The image id to use for the instances.
This parameter is set at creation only; it is not affected by updates.
See Amazon Machine Image (AMI).
block_device_mappings
Optional.
A list of block devices to associate with the instance.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of hashes with the device name and either the volume size or snapshot id specified:
block_devices => [
{
device_name => '/dev/sda1',
volume_size => 8,
}
]
block_devices => [
{
device_name => '/dev/sda1',
volume_type => 'gp2',
}
]
vpc
Optional.
A hint to specify the VPC. This is useful when detecting ambiguously named security groups that might exist in different VPCs, such as 'default'.
This parameter is set at creation only; it is not affected by updates.
Type: ec2_scalingpolicy
name
Required.
The name of the scaling policy. This is the value of the AWS Name tag.
scaling_adjustment
Required.
The amount to adjust the size of the group by.
Valid values are:
Dependent on adjustment_type chosen.
See AWS Dynamic Scaling documentation.
region
Required.
The region in which to launch the policy.
Valid values are:
See AWS Regions.
adjustment_type
Required.
The type of policy.
Accepts a string specifying the policy adjustment type.
Valid values are:
See Adjustment Type documentation.
auto_scaling_group
Required.
The name of the auto scaling group to attach the policy to. This is the value of the AWS Name tag.
This parameter is set at creation only; it is not affected by updates.
Type: ec2_vpc
name
Required.
The name of the VPC. This is the value of the AWS Name tag.
region
Optional.
The region in which to launch the VPC.
Valid values are:
See AWS Regions.
cidr_block
Optional.
The IP range for the VPC.
This parameter is set at creation only; it is not affected by updates.
dhcp_options
Optional.
The name of DHCP option set to use for this VPC.
This parameter is set at creation only; it is not affected by updates.
instance_tenancy
Optional.
The supported tenancy options for instances in this VPC.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 'default', 'dedicated'.
Default value: 'default'.
enable_dns_support
Optional.
Whether or not DNS resolution is supported for the VPC.
Valid values are: true, false.
Default value: true.
enable_dns_hostnames
Optional.
Whether or not instances launched in the VPC get public DNS hostnames.
Valid values are: true, false.
Default value: true.
tags
Optional.
The tags to assign to the VPC.
Accepts a key => value hash of tags.
Type: ec2_vpc_customer_gateway
name
Required.
The name of the customer gateway. This is the value of the AWS Name tag.
ip_address
Required.
The IPv4 address for the customer gateway.
This parameter is set at creation only; it is not affected by updates.
Valid values are:
A valid IPv4 address.
bgp_asn
Required.
The Autonomous System Numbers for the customer gateway.
This parameter is set at creation only; it is not affected by updates.
tags
Optional.
The tags for the customer gateway.
Accepts a key => value hash of tags.
region
Optional.
The region in which to launch the customer gateway.
Valid values are:
See AWS Regions.
type
The type of customer gateway. 'ipsec.1' is currently the only supported value.
Valid values are: 'ipsec.1'
Default value: 'ipsec.1'
Type: ec2_vpc_dhcp_options
name
Required.
The name of the DHCP options set. This is the value of the AWS Name tag.
tags
Optional.
Tags for the DHCP option set.
Accepts a key => value hash of tags.
region
Optional.
The region in which to assign the DHCP option set.
Valid values are:
See AWS Regions.
domain_name
Optional.
The domain name for the DHCP options.
This parameter is set at creation only; it is not affected by updates.
Valid values are:
An array or a single valid domain. An array is converted to a space separated list, as Linux supports. Other OSes may not support more than one according to Amazon.
domain_name_servers
Optional.
A list of domain name servers to use for the DHCP options set.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of domain server names.
ntp_servers
Optional.
A list of NTP servers to use for the DHCP options set.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of NTP server names.
netbios_name_servers
Optional.
A list of netbios name servers to use for the DHCP options set.
This parameter is set at creation only; it is not affected by updates.
Accepts an array.
netbios_node_type
Optional.
The netbios node type.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 1, 2, 4, 8.
Type: ec2_vpc_internet_gateway
name
Required.
The name of the internet gateway. This is the value of the AWS Name tag.
tags
Optional.
Tags to assign to the internet gateway.
Accepts a key => value hash of tags.
region
Optional.
The region in which to launch the internet gateway.
Valid values are:
See AWS Regions.
vpc
Optional.
The vpc to assign this internet gateway to.
This parameter is set at creation only; it is not affected by updates.
Type: ec2_vpc_routetable
name
Required.
The name of the route table. This is the value of the AWS Name tag.
vpc
Optional.
VPC to assign the route table to.
This parameter is set at creation only; it is not affected by updates.
region
Optional.
The region in which to launch the route table.
Valid values are:
See AWS Regions.
routes
Optional.
Individual routes for the routing table.
This parameter is set at creation only; it is not affected by updates.
Accepts an array of 'destination_cidr_block' and 'gateway' values:
routes => [
{
destination_cidr_block => '10.0.0.0/16',
gateway => 'local'
},{
destination_cidr_block => '0.0.0.0/0',
gateway => 'sample-igw'
},
],
tags
Optional.
Tags to assign to the route table.
Accepts a key => value hash of tags.
Type: ec2_vpc_subnet
name
Required.
The name of the subnet. This is the value of the AWS Name tag.
vpc
Optional.
VPC to assign the subnet to.
This parameter is set at creation only; it is not affected by updates.
region
Required.
The region in which to launch the subnet.
Valid values are:
See AWS Regions.
cidr_block
Optional.
The IP address range for the subnet.
This parameter is set at creation only; it is not affected by updates.
availability_zone
Optional.
The availability zone in which to launch the subnet.
This parameter is set at creation only; it is not affected by updates.
tags
Optional.
Tags to assign to the subnet.
Accepts a key => value hash of tags.
route_table
The route table to attach to the subnet.
This parameter is set at creation only; it is not affected by updates.
routes
Optional.
Individual routes for the routing table.
Accepts an array of 'destination_cidr_block' and 'gateway' values:
id
Read-only.
Unique string enumerated from existing resources uniquely identifying the subnet.
routes => [
{
destination_cidr_block => '10.0.0.0/16',
gateway => 'local'
},{
destination_cidr_block => '0.0.0.0/0',
gateway => 'sample-igw'
},
],
tags
Optional.
Tags to assign to the route table.
Accepts a key => value hash of tags.
Type: ec2_vpc_vpn
name
Required.
The name of the VPN. This is the value of the AWS Name tag.
vpn_gateway
Required.
The VPN gateway to attach to the VPN.
This parameter is set at creation only; it is not affected by updates.
customer_gateway
Required.
The customer gateway to attach to the VPN.
This parameter is set at creation only; it is not affected by updates.
type
Optional.
The type of VPN gateway. 'ipsec.1' is currently the only supported value.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 'ipsec.1'
Default value: 'ipsec.1'
routes
Optional.
The list of routes for the VPN.
This parameter is set at creation only; it is not affected by updates.
Valid values are:
IP ranges like: 'routes => ['0.0.0.0/0']'
static_routes
Optional.
Whether or not to use static routes.
This parameter is set at creation only; it is not affected by updates.
Valid values are: true, false.
Default value: true.
region
Optional.
The region in which to launch the VPN.
Valid values are:
See AWS Regions.
tags
Optional.
The tags for the VPN.
Accepts a key => value hash of tags.
Type: ec2_vpc_vpn_gateway
name
Required.
The name of the VPN gateway.
Accepts the value of the VPN gateway's Name tag.
tags
Optional.
The tags to assign to the VPN gateway.
Accepts a key => value hash of tags.
vpc
Required.
The VPN to attach the VPN gateway to.
This parameter is set at creation only; it is not affected by updates.
region
Required.
The region in which to launch the VPN gateway.
Valid values are:
See AWS Regions.
availability_zone
Optional.
The availability zone in which to launch the VPN gateway.
This parameter is set at creation only; it is not affected by updates.
type
Optional.
The type of VPN gateway. 'ipsec.1' is currently the only supported value.
This parameter is set at creation only; it is not affected by updates.
Valid values are: 'ipsec.1'
Default value: 'ipsec.1'
Type: ecs_cluster
Type representing ECS clusters.
ecs_cluster { 'medium':
ensure => present,
}
name
Required.
The name of the cluster to manage.
Type: ecs_service
ecs_service { 'dockerdockerdockerdocker':
ensure => present,
desired_count => 1,
task_definition => 'dockerdocker',
cluster => 'medium',
deployment_configuration => {
'maximum_percent' => 200,
'minimum_healthy_percent' => 50
},
load_balancers => [
{
'container_name' => 'mycontainername',
'container_port' => '8080',
'load_balancer_name' => 'name-of-loadbalancer-elb'
}
}
cluster
Required.
The name of the cluster to assign the service to.
deployment_configuration
The deployment configuration of the service.
A hash with the keys of "maximum_percent" and "minimum_healthy_percent" with integer values representing percent.
desired_count
A count of this service that should be running.
load_balancers
An array of hashes representing the load balancers to assign to a service.
name
Required.
The name of the cluster to manage.
role
The short name of the role to assign to the cluster upon creation.
task_definition
Required.
The name of the task definition to run.
Type: ecs_task_definition
Type representing ECS clusters.
ECS task definitions can be a bit fussy. To discover the existing containers we use the 'name' option within a container definition to calculate the differences between what is, and what should be. Omitting the 'name' option may be done, but it would result in a new container being generated each Puppet run, and thus a new task definition. For this reason it is recommended that the 'name' option be defined in each container definition and that the name chosen be unique within an 'ecs_task_definition' resource.
ecs_task_definition { 'dockerdocker':
container_definitions => [
{
'name' => 'zleslietesting',
'cpu' => '1024',
'environment' => {
'one' => '1',
'two' => '2',
},
'essential' => 'true',
'image' => 'debian:jessie',
'memory' => '512',
'port_mappings' => [
{
'container_port' => '8081',
'host_port' => '8082',
'protocol' => 'tcp',
},
],
}
],
}
It's important to consider the behavior of the provider in the case of missing container options.
If the task for an 'ecs_task_definition' has been discovered to exist, then the discovered container options are merged with the requested options. This results in the following behavior: Container options not defined in the puppet resource, but are found to exist in the discovered running container are copied from the running container.
In the case where a user wishes to remove an option from the container, one of the following can be applied.
-
Name the container something else. This results in a failure to match the existing container against the desired container, and replaces the container entirely.
-
Set an empty value for the option. This results in the option specified by the user replacing the value defined in the existing container. For string options, simply setting the value to
'', or as an array value[], etc.
container_definitions
An array of hashes representing the container definition. See the example above.
name
Required.
The name of the task to manage.
volumes
An array of hashes to handle for the task. The hashes representing a volume should be in the following form:
{
name => "StringNameForReference",
host => {
source_path => "/some/path",
},
}
replace_image
A boolean to turn off the replacement of container images. This enables Puppet to create, but not modify the image of a container once created. This is useful in environments where external CI tooling is responsible for modifying the image of a container, allowing a dualistic approach for managing ECS.
role
A string of the short name or full ARN of the IAM role that containers in this task should assume.
Type: iam_group
iam_group { 'root':
ensure => present,
members => [ 'alice', 'bob' ]
}
members
Required.
An array of user names to include in the group. Users not specified in this array will be removed.
Type: iam_instance_profile
iam_instance_profile { 'my_iam_role':
ensure => present,
roles => [ 'my_iam_role' ],
}
ensure
Specifies the basic state of the resource.
Valid values are: 'present', 'absent'.
name
Required.
The name of the IAM instance profile.
roles
Optional.
The IAM role(s) to associate this instance profile with.
Accepts an array for multiple roles.
Type: iam_policy
IAMPolicies manage access to AWS resources. The 'iam_policy' type only manages the document content of the policy, and not which entities have the policy attached. See the 'iam_policy_attachment' type for managing the application of the policy created with the 'iam_policy' type.
iam_policy { 'root':
ensure => present,
document => '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}',
}
It is worth noting here that the 'iam_policy' type will allow the creation of an IAM policy who's name is identical to the built-in policies. In such a case when two policies exist with the same name, one built-in and one user-defined, the user-defined is selected for management.
document
Required.
A string containing the IAM policy in JSON format.
Type: iam_policy_attachment
The 'iam_policy_attachment' resource manages which entities are attached to the named policy. See the note in the 'iam_policy' above about duplicate policy name selection.
You only need to set the 'users', 'groups' or 'roles' parameters to manage the policy attachments for those resources. Leaving one of those parameters undefined ignores the attachment for those entities. Defining attachment for an entity as an empty array will detach all entities of that flavor from the named policy.
iam_policy_attachment { 'root':
groups => ['root'],
users => [],
}
groups
Optional.
An array of group names to attach to the policy.
If not mentioned in this array it will be detached from the policy.
users
Optional.
An array of user names to attach to the policy.
If not mentioned in this array it will be detached from the policy.
roles
Optional.
An array of role names to attach to the policy.
If not mentioned in this array it will be detached from the policy.
Type: iam_role
The 'iam_role' type manages IAM roles.
iam_role { 'devtesting':
ensure => present,
policy_document => '[
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]',
}
All parameters are read-only once created.
ensure
Specifies the basic state of the resource.
Valid values are: 'present', 'absent'.
name
The name of the IAM role
path
Optional.
Role path
policy_document
A string containing the IAM policy in JSON format which controls which entities may assume this role.
Default:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
arn
The Amazon Resource Name for this IAM role.
Type: iam_user
The 'iam_user' type manages user accounts in IAM. Only the user's name is required as the title of the resource.
iam_user { 'alice':
ensure => present,
}
iam_user { 'bob':
ensure => present,
}
Type: kms
The 'kms' type manages KMS key lifecycle and their policies. The name of the resource is prefixed with 'alias/' to set the alias of the KMS key, since keys themselves don't have any notion of name, outside of an attached alias.
kms { 'somekey':
ensure => present,
policy => template('my/policy.json'),
}
The above resource may be viewable elsewhere as 'alias/somekey'.
policy
The JSON policy document to manage on the given KMS key.
Type: rds_db_parameter_group
Note that currently, this type can only be listed via puppet resource, but cannot be created by Puppet.
name
The name of the parameter group.
region
The region in the parameter group is present.
Valid values are:
See AWS Regions.
description
The description of the parameter group.
Valid values are: A string.
family
The name of the database family with which the parameter group is compatible; for instance, 'mysql5.1'.
Type: rds_db_securitygroup
name
Required.
The name of the RDS DB security group.
description
A description of the RDS DB security group.
Valid values are: A string.
This parameter is set at creation only; it is not affected by updates.
region
Required.
The region in which to launch the parameter group.
Valid values are:
See AWS Regions.
owner_id
Read-only.
The internal AWS id of the owner of the security group.
security_groups
Read-only.
Details of any EC2 security groups attached to the RDS security group.
ip_ranges
Read-only.
Details of any ip_ranges attached to the RDS security group and their current state.
Type: rds_db_subnet_group
name
Required The name of the RDS DB subnet group.
description
Required A description for the RDS DB subnet group.
region
Required The region in which to create the subnet group. For valid values, see AWS Regions.
vpc
Required The name of the VPC to create the subnet group in. This parameter is set at group creation only. It is not affected by updates.
subnets
Required A list of subnet names to include in the subnet group. AWS requires at least two subnets.
Type: rds_instance
name
Required.
The name of the RDS Instance.
db_name
Generally the name of database to be created. For Oracle this is the SID. Should not be set for MSSQL.
region
Required.
The region in which to launch the parameter group.
Valid values are:
See AWS Regions.
db_instance_class
Required.
The size of the database instance.
Valid values are:
See the AWS documentation for the list of sizes.
availability_zone
Optional.
The availability zone in which to place the instance.
Valid values are:
See AWS Regions and Availability Zones.
engine
Required.
The type of database to use. Current options can be found using the 'rds-describe-db-engine-versions' command from the AWS CLI.
This parameter is set at creation only; it is not affected by updates.
engine_version
The version of the database to use. Current options can be found using the 'rds-describe-db-engine-versions' command from the AWS CLI.
This parameter is set at creation only; it is not affected by updates.
allocated_storage
Required.
The size of the database in gigabytes. Note that minimum size constraints exist, which vary depending on the database engine selected.
This parameter is set at creation only; it is not affected by updates.
license_model
The nature of the license for commercial database products. Currently supported values are license-included, bring-your-own-license or general-public-license.
This parameter is set at creation only; it is not affected by updates.
storage_type
The type of storage to back the database with. Currently supported values are standard, gp2 or io1.
This parameter is set at creation only; it is not affected by updates.
iops
The number of provisioned IOPS (input/output operations per second) to be initially allocated for the instance.
This parameter is set at creation only; it is not affected by updates.
master_username
The name of the master user for the database instance.
This parameter is set at creation only; it is not affected by updates.
master_user_password
The password for the master user.
This parameter is set at creation only; it is not affected by updates.
multi_az
Boolean. Required if you intend to run the instance across multiple availability zones.
This parameter is set at creation only; it is not affected by updates.
db_subnet
The name of an existing DB Subnet, for launching RDS instances in VPC.
This parameter is set at creation only; it is not affected by updates.
db_security_groups
Names of the database security groups to associate with the instance.
This parameter is set at creation only; it is not affected by updates.
vpc_security_groups
Names of the VPC security groups to associate with the RDS instance. Also accepts security group IDs for backwards-compatibility.
endpoint
Read-only.
The DNS address of the database.
port
Read-only.
The port that the database is listening on.
skip_final_snapshot
Determines whether a final DB snapshot is created before the DB instance is deleted.
Default value: false.
db_parameter_group
The name of an associated DB parameter group.
Valid values are: A string.
This parameter is set at creation only; it is not affected by updates.
restore_snapshot
Specify the snapshot name to optionally trigger creating the RDS DB from a snapshot.
final_db_snapshot_identifier
The name of the snapshot created when the instance is terminated. Note that skip_final_snapshot must be set to false.
backup_retention_period
The number of days to retain backups.
Default value: '30 days'.
rds_tags
Optional.
The tags for the instance.
Accepts a key => value hash of tags.
Type: route53
The route53 types set up various types of Route53 records:
-
route53_a_record: Sets up a Route53 DNS record. -
route53_aaaa_record: Sets up a Route53 DNS AAAA record. -
route53_cname_record: Sets up a Route53 CNAME record. -
route53_mx_record: Sets up a Route53 MX record. -
route53_ns_record: Sets up a Route53 DNS record. -
route53_ptr_record: Sets up a Route53 PTR record. -
route53_spf_record: Sets up a Route53 SPF record. -
route53_srv_record: Sets up a Route53 SRV record. -
route53_txt_record: Sets up a Route53 TXT record. -
route53_zone: Sets up a Route53 DNS zone.
All Route53 record types use the same parameters:
zone
Required.
The zone associated with this record.
name
Required.
The name of DNS record.
ttl
Optional.
The time to live for the record.
Accepts an integer.
values
Required.
When not using alias_target. The values of the record.
Accepts an array.
Conflicts with alias_target.
name
Required.
The name of DNS zone group. This is the value of the AWS Name tag.
alias_target
Required.
When not using values the name of the alias resource to target.
Conflicts with values.
alias_target_zone
Required.
When using alias_target the ID of the zone in which the alias_target resides.
Type: route53_zone
name
Required.
The name of DNS zone. This is the value of the AWS Name tag. Trailing dot is optional.
id
Read-only.
The AWS-generated alphanumeric ID of the zone, excluding the leading "/hostedzone/".
is_private
Optional.
True if the zone is private. Private zones require at least one associated VPC. False if the zone is public (default). Set at creation and cannot be changed.
record_count
Read-only.
The AWS-reported number of records in the zone. Includes NS and SOA records, so new zones start with two records.
comment
Optional.
The comment on the zone.
tags
Optional.
The tags for the zone.
Accepts a key => value hash of tags. Excludes 'Name' tag.
vpcs
Conditional.
For private zones, an array of at least one VPC. Each VPC is a hash with the following keys:
region— Required Region the VPC is in.vpc— Required Name of the VPC. Puppet will display the VPC ID if it has no name, but cannot manage VPC associations by ID; they must be named.
For public zones, validated but not used.
Type: s3_bucket
name
Required.
The name of the bucket to managed.
policy
A JSON parsable string of the policy to apply to the bucket.
Type: sqs_queue
name
Required.
The name of the SQS queue.
region
Required.
The region in which to create the SQS Queue.
Valid values are:
See AWS Regions.
delay_seconds
Optional.
The time in seconds that the delivery of all messages in the queue will be delayed.
Default value: 0.
message_retention_period
Optional.
The number of seconds Amazon SQS retains a message.
Default value: 345600.
maximum_message_size
Optional.
The limit of how many bytes a message can contain before Amazon SQS rejects it.
visibility_timeout
Optional.
The number of seconds during which Amazon SQS prevents other consuming components from receiving and processing a message.
Default value: 30.
Limitations
This module requires Ruby 1.9 or later and is only tested on Puppet versions 3.4 and later.
At the moment this module only supports a few of the resources in the AWS API. These resources also exist a bit outside the normal host level resources like 'package', 'file', 'user', etc.
We're really interested to see how people use these new resources, and what else you would like to be able to do with the module.
Note that this module also requires at least Ruby 1.9 and is only tested on Puppet versions from 3.4.
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Types in this module release
Supported Version 2.1.0
This release includes:
- Japanese language support added.
- Puppet Tasks are supported.
- Support for the AWS SDK v3.
- Region support for GovCloud merged.
- Loadbalancers are now region specific.
Supported Version 2.0.0
This release includes:
- Drop support for Puppet 3
- RDS extensions including snapshot restore and VPC support
- Support for managing EC2 volumes
- Support for SSD-based EBS volumes and made these the default for storage
- Early IAM (role, group, instance profile) and KMS support
- S3 bucket support with policy management
- ECS (service, task, role) support
- Support for CloudFormation
As well as following fixes and improvements:
- Initial internationalization support, including a Japanese README
- Acceptance test fixes and updates
- Public DNS resolution and hostname properties for VPC
- Support for private Route53 zones
- Remove securitygroup autorequire to allow circular dependencies
- Allow security group mutual peering
- Initial support for CloudFront
- Filter sensitive data during VCR recording
- Initial support for elbv2 load balancers
- Support for ELB listener modification
- Allow security group changes for ec2_instance
- Improve ELB enumeration performance
- Add visibility_timeout property to sqs_queue
- Launch configuration/block device mappings
- Health check management and insync property for ELB
- Replace read-only failures with warning
- Add alias_target property for Route53
- Retry for ELB request limits
- Add dns_name property to elb_loadbalancer
- Add block_device_mappings for launch_config type
- associate_public_ip_address for ec2 instances
- Dedicated tenancy for ec2 instances
- Tags support and additional properties for ec2_autoscalinggroup
- Remove default netbios_node_type value for ec2_vpc_dhcp_options
Supported Version 1.4.0
This release includes:
- The set of instances that are associated with an ELB can now be modified.
- Added 'ssl_certificate_id' property to elb_loadbalancer.
- Added support for Debian 8.
As well as following fixes and improvements:
- Fixed issues related to the region property being displayed/returned incorrectly.
- Fixed parsing of puppetlabs_aws_configuration.ini
- Documentation improvements.
- Multiple test improvements.
- Rubocop updates.
- Fixed issue with elb_loadbalancer availability_zones synchronisation detection.
- Use the VPC's default subnet when none is specified on the ec2_instance.
- Enable puppet resource command usage across regions for ec2_vpc (and maybe others).
- Allow replacing the subnets of a elb_loadbalancer completely.
- Allow the use of elb_loadbalancer without availability zones, or using the default subnets (for each availability zone).
- Make default subnet choice idempotent for the ec2_instance resource.
2015-12-09 - Supported Version 1.3.0
This release includes:
- A new type and provider for managing SQS resources in AWS
- Support for using a credentials file for agents
- Support for PTR resources in Route53
- Allow snapshots to be used when mounting block devices for instances
As well as following fixes:
- Correctly handle timeouts when prefetching resources
- Fix error reporting for Route53 resources
- Correctly handle large sets of Route53 resource by paging through larger results sets
- Fixed an issue where routes that have don't have a gateway cause failures when loading routetables
- Correctly limit the association of EIPs to pending or running instances
Thanks to @jae2 @lattwood, @tamsky, Chris Pick, @cwood, @mikeslattery @rfletcher and the folks at ServiceChannel for contributing to this release.
2015-09-04 - Supported Version 1.2.0
This release includes:
- The ability to manage a backup retention policy for RDS instances
- Improvements to the Route53 and ELB types to make them more robust
As well as following fixes:
- Support managing RDS instances in VPC subnets
- Updates to the IAM profile
- The Puppet Enterprise example now uses the correct download URL
Thanks to @aharden, @vazhnov, @rfletcher, @bashtoni, @claflico for contributing to this release.
2015-07-22 - Supported Version 1.1.1
This release includes:
- Update to the metadata for the upcoming release of PE
- Update to the gem installation instructions in the README
2015-06-16 - Supported Version 1.1.0
This release includes:
- Support for managing RDS databases
- Instances now support assigning an IAM instance profile when created
- Large performance improvements for many resources, which should also allow for the management of larger AWS environments
- More examples and lots of small improvement to the documentation
- Updated IAM profile
Thanks to @jhoblitt, @daveseff and @pjfoley for contributing to this release.
2015-03-25 - Supported Version 1.0.0
This release includes:
- Integration with VPC for Autoscaling groups, instances and security groups
- Support for managing Elastic IP addresses
- Additional DNS types for the Route53 support
- Detailed documentation on the properties of each type
- Better error messaging in case of AWS failures
- Extensive validation of types
2015-02-26 - Version 0.3.0
This release includes support for:
- Autoscaling groups
- VPC (Virtual Private Cloud - the AWS internal network)
- Route53 DNS
This also improves the other resources (instances, security groups and elastic load balancers), includes examples of the new resources and expands the acceptance testing suite.
In total that's 19 types/providers, 16 of them new from the previous release.
2014-12-16 - Version 0.2.0
Builds on existing support for instances, security groups and load balancers, plus:
- Allows editing of existing security group ingress rules
- Exposes lots of information about instances to puppet resource
- Adds lots of new usage examples
- Adds a comprehensive acceptance testing suite
2014-11-03 - Version 0.1.0
Initial release includes nominal support for:
- EC2 Instances
- Security Groups
- Elastic Load Balancer (ELB)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.