community.aws.elb_target_group module – Manage a target group for an Application or Network load balancer
Note
This module is part of the community.aws collection (version 9.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.aws
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.aws.elb_target_group
.
New in community.aws 1.0.0
Synopsis
Manage an AWS Elastic Load Balancer target group. See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html or https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html for details.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.28.0
botocore >= 1.31.0
Parameters
Parameter |
Comments |
---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
Use a The Choices:
|
|
Indicates whether the load balancer terminates connections at the end of the deregistration timeout. Using this option is only supported when attaching to a Network Load Balancer (NLB). Choices:
|
|
The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. |
|
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. The The ec2_url and s3_url aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The approximate amount of time, in seconds, between health checks of an individual target. |
|
The ping path that is the destination on the targets for health checks. The path must be defined in order to set a health check. Requires the health_check_protocol parameter to be set. |
|
The port the load balancer uses when performing health checks on targets. Can be set to ‘traffic-port’ to match target port. When not defined will default to the port on which each target receives traffic from the load balancer. |
|
The protocol the load balancer uses when performing health checks on targets. Choices:
|
|
The amount of time, in seconds, during which no response from a target means a failed health check. |
|
The number of consecutive health checks successes required before considering an unhealthy target healthy. |
|
The type of load balancing algorithm to use. Changing the load balancing algorithm is only supported when used with Application Load Balancers (ALB). If not set AWS will default to Choices:
|
|
Whether or not to alter existing targets in the group to match what is passed with the module Choices:
|
|
The name of the target group. |
|
The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. Required when state is |
|
Indicates whether client IP preservation is enabled. The default is disabled if the target group type is preserve_client_ip_enabled is supported only by Network Load Balancers. Choices:
|
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
The protocol to use for routing traffic to the targets. Required when state is Choices:
|
|
Specifies protocol version. The protocol_version parameter is immutable and cannot be changed when updating an elb_target_group. Choices:
|
|
Indicates whether Proxy Protocol version 2 is enabled. The value is proxy_protocol_v2_enabled is supported only by Network Load Balancers. Choices:
|
|
If If the Tag keys beginning with Choices:
|
|
The AWS region to use. For global services such as IAM, Route53 and CloudFront, region is ignored. The See the Amazon AWS documentation for more information http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region. The Support for the |
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
Create or destroy the target group. Choices:
|
|
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the application-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). |
|
The name of the application cookie. Required if stickiness_type=app_cookie. |
|
Indicates whether sticky sessions are enabled. Choices:
|
|
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). |
|
The type of sticky sessions. Valid values are If not set AWS will default to |
|
The HTTP codes to use when checking for a successful response from a target. Accepts multiple values (for example, “200,202”) or a range of values (for example, “200-299”). Requires the health_check_protocol parameter to be set. |
|
A dictionary representing the tags to be applied to the resource. If the |
|
The type of target that you must specify when registering targets with this target group. The possible values are The default behavior is Choices:
|
|
A list of targets to assign to the target group. This parameter defaults to an empty list. Unless you set the ‘modify_targets’ parameter then all existing targets will be removed from the group. The list should be an Id and a Port parameter. See the Examples for detail. |
|
The number of consecutive health check failures required before considering a target unhealthy. |
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
|
The identifier of the virtual private cloud (VPC). Required when state is |
|
Whether or not to wait for the target group. Choices:
|
|
The time to wait for the target group. Default: |
Notes
Note
Once a target group has been created, only its health check can then be modified using subsequent calls
Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Create a target group with a default health check
community.aws.elb_target_group:
name: mytargetgroup
protocol: http
port: 80
vpc_id: vpc-01234567
state: present
- name: Create a target group with protocol_version 'GRPC'
community.aws.elb_target_group:
name: mytargetgroup
protocol: http
port: 80
vpc_id: vpc-01234567
protocol_version: GRPC
state: present
- name: Modify the target group with a custom health check
community.aws.elb_target_group:
name: mytargetgroup
protocol: http
port: 80
vpc_id: vpc-01234567
health_check_protocol: http
health_check_path: /health_check
health_check_port: 80
successful_response_codes: 200
health_check_interval: 15
health_check_timeout: 3
healthy_threshold_count: 4
unhealthy_threshold_count: 3
state: present
- name: Delete a target group
community.aws.elb_target_group:
name: mytargetgroup
state: absent
- name: Create a target group with instance targets
community.aws.elb_target_group:
name: mytargetgroup
protocol: http
port: 81
vpc_id: vpc-01234567
health_check_protocol: http
health_check_path: /
successful_response_codes: "200,250-260"
targets:
- Id: i-01234567
Port: 80
- Id: i-98765432
Port: 80
state: present
wait_timeout: 200
wait: true
- name: Create a target group with IP address targets
community.aws.elb_target_group:
name: mytargetgroup
protocol: http
port: 81
vpc_id: vpc-01234567
health_check_protocol: http
health_check_path: /
successful_response_codes: "200,250-260"
target_type: ip
targets:
- Id: 10.0.0.10
Port: 80
AvailabilityZone: all
- Id: 10.0.0.20
Port: 80
state: present
wait_timeout: 200
wait: true
# Using lambda as targets require that the target group
# itself is allow to invoke the lambda function.
# therefore you need first to create an empty target group
# to receive its arn, second, allow the target group
# to invoke the lambda function and third, add the target
# to the target group
- name: first, create empty target group
community.aws.elb_target_group:
name: my-lambda-targetgroup
target_type: lambda
state: present
modify_targets: false
register: out
- name: second, allow invoke of the lambda
community.aws.lambda_policy:
state: "{{ state | default('present') }}"
function_name: my-lambda-function
statement_id: someID
action: lambda:InvokeFunction
principal: elasticloadbalancing.amazonaws.com
source_arn: "{{ out.target_group_arn }}"
- name: third, add target
community.aws.elb_target_group:
name: my-lambda-targetgroup
target_type: lambda
state: present
targets:
- Id: arn:aws:lambda:eu-central-1:123456789012:function:my-lambda-function
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Indicates whether the load balancer terminates connections at the end of the deregistration timeout. Returned: when state present Sample: |
|
The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. Returned: when state present Sample: |
|
The approximate amount of time, in seconds, between health checks of an individual target. Returned: when state present Sample: |
|
The destination for the health check request. Returned: when state present Sample: |
|
The port to use to connect with the target. Returned: when state present Sample: |
|
The protocol to use to connect with the target. Returned: when state present Sample: |
|
The amount of time, in seconds, during which no response means a failed health check. Returned: when state present Sample: |
|
The number of consecutive health checks successes required before considering an unhealthy target healthy. Returned: when state present Sample: |
|
The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group. Returned: when state present Sample: |
|
The type load balancing algorithm used. Returned: when state present Sample: |
|
The HTTP codes to use when checking for a successful response from a target. Returned: when state present Sample: |
|
The port on which the targets are listening. Returned: when state present Sample: |
|
The protocol to use for routing traffic to the targets. Returned: when state present Sample: |
|
Indicates whether sticky sessions are enabled. Returned: when state present Sample: |
|
The time period, in seconds, during which requests from a client should be routed to the same target. Returned: when state present Sample: |
|
The type of sticky sessions. Returned: when state present Sample: |
|
The tags attached to the target group. Returned: when state present Sample: |
|
The Amazon Resource Name (ARN) of the target group. Returned: when state present Sample: |
|
The name of the target group. Returned: when state present Sample: |
|
The number of consecutive health check failures required before considering the target unhealthy. Returned: when state present Sample: |
|
The ID of the VPC for the targets. Returned: when state present Sample: |