Tagging EC2 VPC route tables and gateways
643 views
Skip to first unread message
Steven Ringo
Sep 22, 2014, 1:06:04 AM9/22/14
to ansible...@googlegroups.com
Hi,
We are looking at having a policy that all resources on AWS have tags.
I would like to add tags to route tables and gateways. It doesn't seem to be available using `ec2_vpc`, where these are initially defined. There also seems to be no way to get this data out of the system, either with a registered variable (when a new VPC is created), or with the ec2 inventory module. I also can't seem to work out how to use `ec2_facts` module.
If anyone knows if this possible or how I may go about doing this, that would be great.
Thanks,
Steve
Michael DeHaan
Sep 22, 2014, 1:20:29 PM9/22/14
to ansible...@googlegroups.com
A few questions:
Thanks!
(A) So I infer that you are asking for a way to set automatically applied tags for instances added to a VPC. Do you know if this is ordinarily possible in AWS?
(B) When you say "there is no way to get this data out of the system", which is this data specifically?
(C) With regard to the ec2_facts module, this module returns variables about an instance obtained by the instance querying the metadata service. Do you want to see what variables it returns or are you looking for more information about how to invoke it?
Thanks!
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/364d2e33-4361-46df-8820-d15fce8c488d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Steven Ringo
Sep 22, 2014, 7:03:03 PM9/22/14
to ansible...@googlegroups.com
Hi,
> (A) So I infer that you are asking for a way to set automatically applied tags for instances added to a VPC. Do you know if this is ordinarily possible in AWS?
When you create a VPC using `ec2_vpc` it creates the VPC as well as some other AWS objects — subnets, route tables and internet gateways respectively, as specified when calling the module.
The module returns the vpc id as well as the subnet ids. However it does not return the gateway nor the route table id values.
I would like to tag these if possible. The tagging doesn't need to be automatic though. Can use ec2_tag, however I am unable to obtain these ids which leads me to the next question...
> (B) When you say "there is no way to get this data out of the system", which is this data specifically?
Both the returned value from the ec2_vpc and using the ec2 inventory module don't enumerate the route tables and gateways (and some other aws objects). I realise this is EC2 inventory, and not AWS inventory, so if there's another inventory module or similar way to get this, that would be great.
> (C) With regard to the ec2_facts module, this module returns variables about an instance obtained by the instance querying the metadata service. Do you want to see what variables it returns or are you looking for more information about how to invoke it?
I just realised that you need to be running ec2_facts on the ec2 machine itself, and it returns that machine's metadata. Have added some additional information to the docs — PR #9102.
Thanks so much.
Steve
> (A) So I infer that you are asking for a way to set automatically applied tags for instances added to a VPC. Do you know if this is ordinarily possible in AWS?
The module returns the vpc id as well as the subnet ids. However it does not return the gateway nor the route table id values.
I would like to tag these if possible. The tagging doesn't need to be automatic though. Can use ec2_tag, however I am unable to obtain these ids which leads me to the next question...
> (B) When you say "there is no way to get this data out of the system", which is this data specifically?
> (C) With regard to the ec2_facts module, this module returns variables about an instance obtained by the instance querying the metadata service. Do you want to see what variables it returns or are you looking for more information about how to invoke it?
Thanks so much.
Steve
kevin wessel
Mar 4, 2015, 12:31:19 AM3/4/15
to ansible...@googlegroups.com
Hi Steve,
I am not sure why the ec2_vpc module doesn't support this.
I have modified the module by adding the following lines below line 423 in the current version:
# Create resource tags
new_rt_tags = rt.get('resource_tags', None)
if new_rt_tags:
# Check to see if our route table is available so that we can add relevant resource tags.
while len(vpc_conn.get_all_route_tables(filters={ 'route-table-id': new_rt.id })) == 0:
time.sleep(0.1)
vpc_conn.create_tags(new_rt.id, new_rt_tags)
All that you need to do now is the following when creating your route tables:
route_tables:
- subnets:
- "{{ dmz_az1_cidr }}"
- "{{ dmz_az2_cidr }}"
routes:
- dest: 0.0.0.0/0
gw: igw
resource_tags: { "Name" : dmz" } <-------------
- subnets:
- "{{ web_az1_cidr }}"
routes:
- dest: 0.0.0.0/0
gw: "{{ nat1.instances[0].id }}"
resource_tags: { "Name" : "nataz1" } <-------------
I have submitted my change to Ansible however it takes some time before it may be approved.
Kind Regards,
Kevin Wessel
I am not sure why the ec2_vpc module doesn't support this.
I have modified the module by adding the following lines below line 423 in the current version:
# Create resource tags
new_rt_tags = rt.get('resource_tags', None)
if new_rt_tags:
# Check to see if our route table is available so that we can add relevant resource tags.
while len(vpc_conn.get_all_route_tables(filters={ 'route-table-id': new_rt.id })) == 0:
time.sleep(0.1)
vpc_conn.create_tags(new_rt.id, new_rt_tags)
All that you need to do now is the following when creating your route tables:
route_tables:
- subnets:
- "{{ dmz_az1_cidr }}"
- "{{ dmz_az2_cidr }}"
routes:
- dest: 0.0.0.0/0
gw: igw
resource_tags: { "Name" : dmz" } <-------------
- subnets:
- "{{ web_az1_cidr }}"
routes:
- dest: 0.0.0.0/0
gw: "{{ nat1.instances[0].id }}"
resource_tags: { "Name" : "nataz1" } <-------------
I have submitted my change to Ansible however it takes some time before it may be approved.
Kind Regards,
Kevin Wessel
Herby Gillot
Mar 4, 2015, 12:22:13 PM3/4/15
to ansible...@googlegroups.com
Steven, Kevin,
You could also check out:
Route tables: https://github.com/preo/ansible-modules-core/tree/ec2-vpc-subnet-route-tables/
IGWs: https://github.com/preo/ansible-modules-core/tree/ec2-vpc-igw/
Specifically:
https://github.com/preo/ansible-modules-core/blob/ec2-vpc-subnet-route-tables/cloud/amazon/ec2_vpc_route_table.py
https://github.com/preo/ansible-modules-core/blob/ec2-vpc-igw/cloud/amazon/ec2_vpc_igw.py
Though the latter module may be lacking on the tags front.
You could also check out:
Route tables: https://github.com/preo/ansible-modules-core/tree/ec2-vpc-subnet-route-tables/
IGWs: https://github.com/preo/ansible-modules-core/tree/ec2-vpc-igw/
Specifically:
https://github.com/preo/ansible-modules-core/blob/ec2-vpc-subnet-route-tables/cloud/amazon/ec2_vpc_route_table.py
https://github.com/preo/ansible-modules-core/blob/ec2-vpc-igw/cloud/amazon/ec2_vpc_igw.py
Though the latter module may be lacking on the tags front.
Reply all
Reply to author
Forward
0 new messages