amazon.aws
amazon.aws copied to clipboard
ansible-collections
ec2_vpc_vpn - Add additional VPN tunnel options
SUMMARY
Add additional VPN tunnel options: StartupAction and LogOptions.
More details can be found here.
ISSUE TYPE
- Feature Pull Request
COMPONENT NAME
ec2_vpc_vpn
ADDITIONAL INFORMATION
Example execution:
- name: Create a connection with tunnel options
amazon.aws.ec2_vpc_vpn:
customer_gateway_id: cgw-XXXXXXXX
tunnel_options:
- LogOptions:
CloudWatchLogOptions:
LogEnabled: true
LogGroupArn: "arn:aws:logs:us-east-1:123412341234:log-group:/aws/vpn/example:*
LogOutputFormat: json
TunnelInsideCidr: 169.254.160.108/30
- LogOptions:
CloudWatchLogOptions:
LogEnabled: true
LogGroupArn: "arn:aws:logs:us-east-1:123412341234:log-group:/aws/vpn/example:*
LogOutputFormat: json
TunnelInsideCidr: 169.254.104.228/30
Docs Build 📝
Thank you for contribution!✨
The docsite for this PR is available for download as an artifact from this run: https://github.com/ansible-collections/amazon.aws/actions/runs/14211578012
You can compare to the docs for the main branch here:
https://ansible-collections.github.io/amazon.aws/branch/main
File changes:
Mcollections/amazon/aws/ec2_vpc_vpn_module.html
Click to see the diff comparison.
NOTE: only file modifications are shown here. New and deleted files are excluded. See the file list and check the published docs to see those files.
diff --git a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/ec2_vpc_vpn_module.html b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/ec2_vpc_vpn_module.html
index 6c51286..16db31c 100644
--- a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/ec2_vpc_vpn_module.html
+++ b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/ec2_vpc_vpn_module.html
@@ -488,12 +488,73 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-ec2-vpc-
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/LogOptions"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-logoptions"><strong>LogOptions</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/LogOptions" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
+<p><em class="ansible-option-versionadded">added in amazon.aws 9.4.0</em></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Options for VPN connection logging.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/LogOptions/CloudWatchLogOptions"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-logoptions-cloudwatchlogoptions"><strong>CloudWatchLogOptions</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/LogOptions/CloudWatchLogOptions" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Options for sending VPN connections logs to CloudWatch.</p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogEnabled"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-logoptions-cloudwatchlogoptions-logenabled"><strong>LogEnabled</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogEnabled" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Enable or disable VPN tunnel logging feature.</p>
+<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
+<ul class="simple">
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogGroupArn"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-logoptions-cloudwatchlogoptions-loggrouparn"><strong>LogGroupArn</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogGroupArn" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>ARN of the CloudWatch log group to send logs to.</p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogOutputFormat"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-logoptions-cloudwatchlogoptions-logoutputformat"><strong>LogOutputFormat</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/LogOptions/CloudWatchLogOptions/LogOutputFormat" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Log format.</p>
+<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
+<ul class="simple">
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"json"</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"text"</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-tunnel_options/PreSharedKey"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-presharedkey"><strong>PreSharedKey</strong></p>
<a class="ansibleOptionLink" href="#parameter-tunnel_options/PreSharedKey" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.</p>
</div></td>
</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-tunnel_options/StartupAction"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-startupaction"><strong>StartupAction</strong></p>
+<a class="ansibleOptionLink" href="#parameter-tunnel_options/StartupAction" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in amazon.aws 9.4.0</em></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The action to take when establishing the tunnel.</p>
+<p><code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-startupaction"><span class="std std-ref"><span class="pre">tunnel_options.StartupAction=add</span></span></a></code> means the customer gateway must initiate the IKE negotiation and bring up the tunnel.</p>
+<p><code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-startupaction"><span class="std std-ref"><span class="pre">tunnel_options.StartupAction=start</span></span></a></code> means the AWS must initiate the IKE negotiation and bring up the tunnel.</p>
+<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
+<ul class="simple">
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"add"</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"start"</span></code></p></li>
+</ul>
+</div></td>
+</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-tunnel_options/TunnelInsideCidr"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-ec2-vpc-vpn-module-parameter-tunnel-options-tunnelinsidecidr"><strong>TunnelInsideCidr</strong></p>
<a class="ansibleOptionLink" href="#parameter-tunnel_options/TunnelInsideCidr" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/07cae080290c49f1a12555b0e0741013
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 5m 31s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 46s :heavy_check_mark: ansible-test-splitter SUCCESS in 4m 14s :heavy_check_mark: integration-amazon.aws-1 SUCCESS in 18m 46s Skipped 43 jobs
![softwarefactory-project-zuul[bot] avatar](https://avatars.githubusercontent.com/in/6924?v=4 "Published by a pub.dev verified publisher"){kind=small}
Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/d207749fb3db47d6b59665c8be0ab402
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 42s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 27s :heavy_check_mark: ansible-test-splitter SUCCESS in 3m 49s :heavy_check_mark: integration-amazon.aws-1 SUCCESS in 18m 47s Skipped 43 jobs
Thanks for submitting this PR. Can you please add integration tests to test the feature?
Build failed. https://ansible.softwarefactory-project.io/zuul/buildset/338a7376ad7d4c9d8390cf2cc8ebd959
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 5m 08s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 52s :heavy_check_mark: ansible-test-splitter SUCCESS in 3m 54s :x: integration-amazon.aws-1 FAILURE in 34m 08s Skipped 43 jobs
Build failed. https://ansible.softwarefactory-project.io/zuul/buildset/d205aff089744680be486a314000ac28
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 36s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 12s :heavy_check_mark: ansible-test-splitter SUCCESS in 4m 13s :x: integration-amazon.aws-1 FAILURE in 29m 14s Skipped 43 jobs
Build failed. https://ansible.softwarefactory-project.io/zuul/buildset/6ba5004816a645d2b5bb965ec471b914
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 11s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 18s :heavy_check_mark: ansible-test-splitter SUCCESS in 4m 04s :x: integration-amazon.aws-1 FAILURE in 30m 20s Skipped 43 jobs
Build failed. https://ansible.softwarefactory-project.io/zuul/buildset/28e9a50f564a42ae9f7e4ad137930bb7
:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 56s :heavy_check_mark: build-ansible-collection SUCCESS in 10m 13s :heavy_check_mark: ansible-test-splitter SUCCESS in 4m 03s :x: integration-amazon.aws-1 FAILURE in 29m 18s Skipped 43 jobs
@GomathiselviS, it looks like the tests fail with a permission error:
botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the ModifyVpnTunnelOptions operation: You are not authorized to perform this operation. User: arn:aws:sts::966509639900:assumed-role/ansible-core-ci-test-prod/prod=remote=zuul-cloud is not authorized to perform: ec2:ModifyVpnTunnelOptions on resource: arn:aws:ec2:us-east-1:966509639900:vpn-connection/vpn-0ab0b3c865f30b91a because no identity-based policy allows the ec2:ModifyVpnTunnelOptions action.
What would be the best way to add the necessary permission to ansible-core-ci-test-prod role that Zuul uses?