community.aws.api_gateway module – Manage AWS API Gateway APIs
Note
This module is part of the community.aws collection (version 9.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.aws
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.aws.api_gateway
.
New in community.aws 1.0.0
Synopsis
Allows for the management of API Gateway APIs.
Normally you should give the api_id since there is no other stable guaranteed unique identifier for the API. If you do not give api_id then a new API will be created each time this is run.
swagger_file and swagger_text are passed directly on to AWS transparently whilst swagger_dict is an ansible dict which is converted to JSON before the API definitions are uploaded.
Prior to release 5.0.0 this module was called
community.aws.aws_api_gateway
. The usage did not change.
Aliases: aws_api_gateway
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.28.0
botocore >= 1.31.0
Parameters
Parameter |
Comments |
---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The ID of the API you want to manage. |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
Enable API GW caching of backend responses. Choices:
|
|
Size in GB of the API GW cache, becomes effective when cache_enabled is true. Choices:
|
|
Use a The Choices:
|
|
Description of the deployment. Recorded and visible in the AWS console. Default: |
|
Type of endpoint configuration. Use This flag will only be used when creating a new API Gateway setup, not for updates. Choices:
|
|
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. The The ec2_url and s3_url aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Look up API gateway by either tags (and name if supplied) or by api_id. If lookup=tag and tags is not specified then no lookup for an existing API gateway is performed and a new API gateway will be created. When using lookup=tag, multiple matches being found will result in a failure and no changes will be made. To change the tags of a API gateway use lookup=id. Choices:
|
|
The name of the RestApi. |
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
If If the Tag keys beginning with Choices:
|
|
The AWS region to use. For global services such as IAM, Route53 and CloudFront, region is ignored. The See the Amazon AWS documentation for more information http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region. The Support for the |
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The name of the stage the API should be deployed to. |
|
Canary settings for the deployment of the stage. Dict with following settings:
Default: |
|
ENV variables for the stage. Define a dict of key values pairs for variables. Default: |
|
Create or delete API Gateway. Choices:
|
|
Swagger definitions API ansible dictionary which will be converted to JSON and uploaded. |
|
JSON or YAML file containing swagger definitions for API. Exactly one of swagger_file, swagger_text or swagger_dict must be present. |
|
Swagger definitions for API in JSON or YAML as a string direct from playbook. |
|
A dictionary representing the tags to be applied to the resource. If the |
|
Specifies whether active tracing with X-ray is enabled for the API GW stage. Choices:
|
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
Notes
Note
Tags are used to uniquely identify API gateway when the api_id is not supplied. version_added=6.2.0
Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
- name: Setup AWS API Gateway setup on AWS and deploy API definition
community.aws.api_gateway:
swagger_file: my_api.yml
stage: production
cache_enabled: true
cache_size: '1.6'
tracing_enabled: true
endpoint_type: EDGE
state: present
- name: Update API definition to deploy new version
community.aws.api_gateway:
api_id: 'abc123321cba'
swagger_file: my_api.yml
deploy_desc: Make auth fix available.
cache_enabled: true
cache_size: '1.6'
endpoint_type: EDGE
state: present
- name: Update API definitions and settings and deploy as canary
community.aws.api_gateway:
api_id: 'abc123321cba'
swagger_file: my_api.yml
cache_enabled: true
cache_size: '6.1'
canary_settings:
percentTraffic: 50.0
deploymentId: '123'
useStageCache: true
state: present
- name: Delete API gateway
amazon.aws.api_gateway:
name: ansible-rest-api
tags:
automation: ansible
lookup: tags
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
API id of the API endpoint created Returned: success Sample: |
|
AWS response from the API configure call Returned: success Sample: |
|
AWS response from the API deploy call Returned: success Sample: |
|
Actions performed against AWS API Returned: always Sample: |