amazon.aws.elb_classic_lb module – Creates, updates or destroys an Amazon ELB
Note
This module is part of the amazon.aws collection (version 6.5.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install amazon.aws.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: amazon.aws.elb_classic_lb.
New in amazon.aws 1.0.0
Synopsis
Creates, updates or destroys an Amazon Elastic Load Balancer (ELB).
This module was renamed from
amazon.aws.ec2_elb_lbto amazon.aws.elb_classic_lb in version 2.1.0 of the amazon.aws collection.
Aliases: ec2_elb_lb
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.22.0
botocore >= 1.25.0
Parameters
Parameter |
Comments |
|---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
A dictionary of access logs configuration settings (see examples). |
|
When set to When set to Choices:
|
|
The interval for publishing the access logs to S3. Choices:
|
|
The S3 bucket to deliver access logs to. See https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html for more information about the necessary S3 bucket policies. Required when enabled=True. |
|
Where in the S3 bucket to deliver the logs. If the prefix is not provided or set to Default: |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
Wait a specified timeout allowing connections to drain before terminating an instance. Set to |
|
Distribute load across all configured Availability Zones. Defaults to Choices:
|
|
Use a The Choices:
|
|
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. The The ec2_url and s3_url aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
A dictionary of health check configuration settings (see examples). |
|
The number of consecutive health checks successes required before moving the instance to the Healthy state. |
|
The approximate interval, in seconds, between health checks of an individual instance. |
|
The URI path which the ELB health check will query when performing a health check. Required when ping_protocol=HTTP or ping_protocol=HTTPS. |
|
The TCP port to which the ELB will connect when performing a health check. |
|
The protocol which the ELB health check will use when performing a health check. Valid values are |
|
The amount of time, in seconds, after which no response means a failed health check. |
|
The number of consecutive health check failures required before moving the instance to the Unhealthy state. |
|
ELB connections from clients and to servers are timed out after this amount of time. |
|
List of instance ids to attach to this ELB. |
|
List of ports/protocols for this ELB to listen on (see examples). Required when state=present and the ELB doesn’t exist. |
|
The port on which the instance is listening. |
|
The protocol to use for routing traffic to instances. Valid values are |
|
The port on which the load balancer will listen. |
|
The transport protocol to use for routing. Valid values are |
|
Enable proxy protocol for the listener. Beware, ELB controls for the proxy protocol are based on the instance_port. If you have multiple listeners talking to the same instance_port, this will affect all of them. Choices:
|
|
The Amazon Resource Name (ARN) of the SSL certificate. |
|
The name of the ELB. The name of an ELB must be less than 32 characters and unique per-region per-account. |
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
Purge existing instance ids on ELB that are not found in instance_ids. Choices:
|
|
Purge existing listeners on ELB that are not found in listeners. Choices:
|
|
Purge existing subnets on the ELB that are not found in subnets. Because it is not permitted to add multiple subnets from the same availability zone, subnets to be purged will be removed before new subnets are added. This may cause a brief outage if you try to replace all subnets at once. Choices:
|
|
If purge_tags=true and tags is set, existing tags will be purged from the resource to match exactly what is defined by tags parameter. If the tags parameter is not set then tags will not be modified, even if purge_tags=True. Tag keys beginning with Choices:
|
|
Purge existing availability zones on ELB that are not found in zones. Choices:
|
|
The AWS region to use. For global services such as IAM, Route53 and CloudFront, region is ignored. The See the Amazon AWS documentation for more information http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region. The Support for the |
|
The scheme to use when creating the ELB. For a private VPC-visible ELB use If you choose to update your scheme with a different value the ELB will be destroyed and a new ELB created. Defaults to scheme=internet-facing. Choices:
|
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
A list of security groups to apply to the ELB. |
|
A list of security group names to apply to the ELB. |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Create or destroy the ELB. Choices:
|
|
A dictionary of stickiness policy settings. Policy will be applied to all listeners (see examples). |
|
The name of the application cookie used for stickiness. Required if enabled=true and type=application. Ignored if enabled=false. |
|
When enabled=false session stickiness will be disabled for all listeners. Choices:
|
|
The time period, in seconds, after which the cookie should be considered stale. If this parameter is not specified, the stickiness session lasts for the duration of the browser session. Ignored if enabled=false. |
|
The type of stickiness policy to apply. Required if enabled=true. Ignored if enabled=false. Choices:
|
|
A list of VPC subnets to use when creating the ELB. Mutually exclusive with zones. |
|
A dictionary representing the tags to be applied to the resource. If the tags parameter is not set then tags will not be modified. |
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
|
When creating, deleting, or adding instances to an ELB, if wait=true Ansible will wait for both the load balancer and related network interfaces to finish creating/deleting. Support for waiting when adding instances was added in release 2.1.0. Choices:
|
|
Used in conjunction with wait. Number of seconds to wait for the ELB to be terminated. A maximum of 600 seconds (10 minutes) is allowed. Default: |
|
List of availability zones to enable on this ELB. Mutually exclusive with subnets. |
Notes
Note
The ec2_elb fact previously set by this module was deprecated in release 2.1.0 and since release 4.0.0 is no longer set.
Support for purge_tags was added in release 2.1.0.
Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Basic provisioning example (non-VPC)
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http # options are http, https, ssl, tcp
load_balancer_port: 80
instance_port: 80
proxy_protocol: True
- protocol: https
load_balancer_port: 443
instance_protocol: http # optional, defaults to value of protocol setting
instance_port: 80
# ssl certificate required for https or ssl
ssl_certificate_id: "arn:aws:iam::123456789012:server-certificate/company/servercerts/ProdServerCert"
# Internal ELB example
- amazon.aws.elb_classic_lb:
name: "test-vpc"
scheme: internal
state: present
instance_ids:
- i-abcd1234
purge_instance_ids: true
subnets:
- subnet-abcd1234
- subnet-1a2b3c4d
listeners:
- protocol: http # options are http, https, ssl, tcp
load_balancer_port: 80
instance_port: 80
# Configure a health check and the access logs
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: present
zones:
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
health_check:
ping_protocol: http # options are http, https, ssl, tcp
ping_port: 80
ping_path: "/index.html" # not required for tcp or ssl
response_timeout: 5 # seconds
interval: 30 # seconds
unhealthy_threshold: 2
healthy_threshold: 10
access_logs:
interval: 5 # minutes (defaults to 60)
s3_location: "my-bucket" # This value is required if access_logs is set
s3_prefix: "logs"
# Ensure ELB is gone
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: absent
# Ensure ELB is gone and wait for check (for default timeout)
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: absent
wait: true
# Ensure ELB is gone and wait for check with timeout value
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: absent
wait: true
wait_timeout: 600
# Normally, this module will purge any listeners that exist on the ELB
# but aren't specified in the listeners parameter. If purge_listeners is
# false it leaves them alone
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
purge_listeners: false
# Normally, this module will leave availability zones that are enabled
# on the ELB alone. If purge_zones is true, then any extraneous zones
# will be removed
- amazon.aws.elb_classic_lb:
name: "test-please-delete"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
purge_zones: true
# Creates a ELB and assigns a list of subnets to it.
- amazon.aws.elb_classic_lb:
state: present
name: 'New ELB'
security_group_ids: 'sg-123456, sg-67890'
subnets: 'subnet-123456,subnet-67890'
purge_subnets: true
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
# Create an ELB with connection draining, increased idle timeout and cross availability
# zone load balancing
- amazon.aws.elb_classic_lb:
name: "New ELB"
state: present
connection_draining_timeout: 60
idle_timeout: 300
cross_az_load_balancing: "yes"
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
# Create an ELB with load balancer stickiness enabled
- amazon.aws.elb_classic_lb:
name: "New ELB"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
stickiness:
type: loadbalancer
enabled: true
expiration: 300
# Create an ELB with application stickiness enabled
- amazon.aws.elb_classic_lb:
name: "New ELB"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
stickiness:
type: application
enabled: true
cookie: SESSIONID
# Create an ELB and add tags
- amazon.aws.elb_classic_lb:
name: "New ELB"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
tags:
Name: "New ELB"
stack: "production"
client: "Bob"
# Delete all tags from an ELB
- amazon.aws.elb_classic_lb:
name: "New ELB"
state: present
zones:
- us-east-1a
- us-east-1d
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
tags: {}
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Load Balancer attributes Returned: always |
|
The name of the policy used to control if the ELB is using a application cookie stickiness policy. Returned: when state is not ‘absent’ Sample: |
|
A description of the backend policy applied to the ELB (instance-port:policy-name). Returned: when state is not ‘absent’ Sample: |
|
The maximum time, in seconds, to keep the existing connections open before deregistering the instances. Returned: when state is not ‘absent’ Sample: |
|
Either Returned: when state is not ‘absent’ Sample: |
|
The DNS name of the ELB. Returned: when state is not ‘absent’ Sample: |
|
A dictionary describing the health check used for the ELB. Returned: when state is not ‘absent’ |
|
The number of consecutive successful health checks before marking an instance as healthy. Returned: success Sample: |
|
The time, in seconds, between each health check. Returned: success Sample: |
|
The Protocol, Port, and for HTTP(S) health checks the path tested by the health check. Returned: success Sample: |
|
The time, in seconds, after which an in progress health check is considered failed due to a timeout. Returned: success Sample: |
|
The number of consecutive failed health checks before marking an instance as unhealthy. Returned: success Sample: |
|
The ID of the Amazon Route 53 hosted zone for the load balancer. Returned: when state is not ‘absent’ Sample: |
|
The DNS name of the load balancer when using a custom hostname. Returned: when state is not ‘absent’ Sample: |
|
The length of of time before an idle connection is dropped by the ELB. Returned: when state is not ‘absent’ Sample: |
|
The number of instances attached to the ELB in an in-service state. Returned: when state is not ‘absent’ Sample: |
|
A list of dictionaries describing the health of each instance attached to the ELB. Returned: when state is not ‘absent’ |
|
A human readable description of why the instance is not in service. Returned: when state is not ‘absent’ Sample: |
|
The ID of the instance. Returned: when state is not ‘absent’ Sample: |
|
A code describing why the instance is not in service. Returned: when state is not ‘absent’ Sample: |
|
The current service state of the instance. Returned: when state is not ‘absent’ Sample: |
|
A list of the IDs of instances attached to the ELB. Returned: when state is not ‘absent’ Sample: |
|
The name of the policy used to control if the ELB is using a cookie stickiness policy. Returned: when state is not ‘absent’ Sample: |
|
A list of lists describing the listeners attached to the ELB. The nested list contains the listener port, the instance port, the listener protoco, the instance port, and where appropriate the ID of the SSL certificate for the port. Returned: when state is not ‘absent’ Sample: |
|
The name of the ELB. This name is unique per-region, per-account. Returned: when state is not ‘absent’ Sample: |
|
The number of instances attached to the ELB in an out-of-service state. Returned: when state is not ‘absent’ Sample: |
|
The name of the policy used to control if the ELB operates using the Proxy protocol. Returned: when the proxy protocol policy exists. Sample: |
|
The AWS region in which the ELB is running. Returned: always Sample: |
|
Whether the ELB is an Returned: when state is not ‘absent’ Sample: |
|
A list of the IDs of the Security Groups attached to the ELB. Returned: when state is not ‘absent’ Sample: |
|
A minimal description of the current state of the ELB. Valid values are Returned: always Sample: |
|
A list of the subnet IDs attached to the ELB. Returned: when state is not ‘absent’ Sample: |
|
A dictionary describing the tags attached to the ELB. Returned: when state is not ‘absent’ Sample: |
|
The number of instances attached to the ELB in an unknown state. Returned: when state is not ‘absent’ Sample: |
|
A list of the AWS regions in which the ELB is running. Returned: when state is not ‘absent’ Sample: |