boto3_elb¶
Manage Elastic Load Balancers (ELB) using boto3.¶
Renamed from
boto_elbtoboto3_elband updated to call the refactoredboto3_elbexecution module.
Create and destroy ELBs. Be aware that this interacts with Amazon’s services, and so may incur charges.
- depends:
boto3 >= 1.28.0
botocore >= 1.31.0
This module uses boto3, which can be installed via package, or pip.
Create and destroy Elastic Load Balancers (ELB). Be aware that this interacts with Amazon’s services, and so may incur charges.
This module uses boto3, which can be installed via package, or pip.
This module accepts explicit ELB credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in the minion’s config file or as a profile. For example, to specify them in the minion’s config file:
elb.keyid: GKTADJGHEIQSXMKKRBJ08H
elb.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It’s also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- availability_zones:
- us-east-1a
- us-east-1c
- us-east-1d
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
- listeners:
- elb_port: 443
instance_port: 80
elb_protocol: HTTPS
instance_protocol: HTTP
certificate: 'arn:aws:iam::1111111:server-certificate/mycert'
policies:
- my-ssl-policy
- cookie-policy
- elb_port: 8210
instance_port: 8210
elb_protocol: TCP
- backends:
- instance_port: 80
policies:
- enable-proxy-protocol
- health_check:
target: 'HTTP:80/'
- attributes:
cross_zone_load_balancing:
enabled: true
access_log:
enabled: true
s3_bucket_name: 'mybucket'
s3_bucket_prefix: 'my-logs'
emit_interval: 5
connecting_settings:
idle_timeout: 60
- cnames:
- name: mycname.example.com.
zone: example.com.
ttl: 60
- name: myothercname.example.com.
zone: example.com.
- security_groups:
- my-security-group
- policies:
- policy_name: my-ssl-policy
policy_type: SSLNegotiationPolicyType
policy:
Protocol-TLSv1.2: true
Protocol-SSLv3: false
Server-Defined-Cipher-Order: true
ECDHE-ECDSA-AES128-GCM-SHA256: true
- policy_name: cookie-policy
policy_type: LBCookieStickinessPolicyType
policy: {} # no policy means this is a session cookie
- policy_name: enable-proxy-protocol
policy_type: ProxyProtocolPolicyType
policy:
ProxyProtocol: true
# Using a profile from pillars
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
# Passing in a profile
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It’s possible to specify attributes from pillars by specifying a pillar. You can override the values defined in the pillard by setting the attributes on the resource. The module will use the default pillar key ‘boto_elb_attributes’, which allows you to set default attributes for all ELB resources.
Setting the attributes pillar:
my_elb_attributes:
cross_zone_load_balancing:
enabled: true
connection_draining:
enabled: true
timeout: 20
access_log:
enabled: true
s3_bucket_name: 'mybucket'
s3_bucket_prefix: 'my-logs'
emit_interval: 5
Overriding the attribute values on the resource:
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- attributes_from_pillar: my_elb_attributes
# override cross_zone_load_balancing:enabled
- attributes:
cross_zone_load_balancing:
enabled: false
- profile: myelbprofile
It’s possible to specify cloudwatch alarms that will be setup along with the ELB. Note the alarm name will be defined by the name attribute provided, plus the ELB resource name.
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
- alarms:
UnHealthyHostCount:
name: 'ELB UnHealthyHostCount **MANAGED BY SALT**'
attributes:
metric: UnHealthyHostCount
namespace: AWS/ELB
statistic: Average
comparison: '>='
threshold: 1.0
period: 600
evaluation_periods: 6
unit: null
description: ELB UnHealthyHostCount
alarm_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
insufficient_data_actions: []
ok_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
You can also use alarms from pillars, and override values from the pillar alarms by setting overrides on the resource. Note that ‘boto_elb_alarms’ will be used as a default value for all resources, if defined and can be used to ensure alarms are always set for a resource.
Setting the alarms in a pillar:
my_elb_alarm:
UnHealthyHostCount:
name: 'ELB UnHealthyHostCount **MANAGED BY SALT**'
attributes:
metric: UnHealthyHostCount
namespace: AWS/ELB
statistic: Average
comparison: '>='
threshold: 1.0
period: 600
evaluation_periods: 6
unit: null
description: ELB UnHealthyHostCount
alarm_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
insufficient_data_actions: []
ok_actions: ['arn:aws:sns:us-east-1:12345:myalarm']
Overriding the alarm values on the resource:
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
- alarms_from_pillar: my_elb_alarm
# override UnHealthyHostCount:attributes:threshold
- alarms:
UnHealthyHostCount:
attributes:
threshold: 2.0
Tags can also be set:
Ensure myelb ELB exists:
boto3_elb.present:
- name: myelb
- region: us-east-1
- profile: myelbprofile
- tags:
MyTag: 'My Tag Value'
OtherTag: 'My Other Value'
Added in version 1.0.0.
- saltext.boto3.states.boto3_elb.__virtual__()[source]¶
Only load if the boto3_elb execution module is available.
- saltext.boto3.states.boto3_elb.present(name, listeners, availability_zones=None, subnets=None, subnet_names=None, security_groups=None, scheme='internet-facing', health_check=None, attributes=None, attributes_from_pillar='boto_elb_attributes', cnames=None, alarms=None, alarms_from_pillar='boto_elb_alarms', policies=None, policies_from_pillar='boto_elb_policies', backends=None, region=None, key=None, keyid=None, profile=None, wait_for_sync=True, tags=None, instance_ids=None, instance_names=None)[source]¶
Ensure the ELB exists.
- name
Name of the ELB.
- availability_zones
A list of availability zones for this ELB.
- listeners
A list of listener lists; example:
[ ['443', 'HTTPS', 'arn:aws:iam::1111111:server-certificate/mycert'], ['8443', '80', 'HTTPS', 'HTTP', 'arn:aws:iam::1111111:server-certificate/mycert'] ]
- subnets
A list of subnet IDs in your VPC to attach to your LoadBalancer.
- subnet_names
A list of subnet names in your VPC to attach to your LoadBalancer.
- security_groups
The security groups assigned to your LoadBalancer within your VPC. Must be passed either as a list or a comma-separated string.
For example, a list:
- security_groups: - secgroup-one - secgroup-two
Or as a comma-separated string:
- security_groups: secgroup-one,secgroup-two
- scheme
The type of a LoadBalancer,
internet-facingorinternal. Once set, can not be modified.- health_check
A dict defining the health check for this ELB.
- attributes
A dict defining the attributes to set on this ELB. Unknown keys will be silently ignored.
See the
salt.modules.boto3_elb.set_attributesfunction for recognized attributes.- attributes_from_pillar
name of pillar dict that contains attributes. Attributes defined for this specific state will override those from pillar.
- cnames
A list of cname dicts with attributes needed for the DNS add_record state. By default the boto_route53.add_record state will be used, which requires: name, zone, ttl, and identifier. See the boto_route53 state for information about these attributes. Other DNS modules can be called by specifying the provider keyword. the cnames dict will be passed to the state as kwargs.
See the
salt.states.boto_route53state for information about these attributes.- alarms:
a dictionary of name->boto_cloudwatch_alarm sections to be associated with this ELB. All attributes should be specified except for dimension which will be automatically set to this ELB.
See the
salt.states.boto_cloudwatch_alarmstate for information about these attributes.- alarms_from_pillar:
name of pillar dict that contains alarm settings. Alarms defined for this specific state will override those from pillar.
- region
Region to connect to.
- key
Secret key to be used.
- keyid
Access key to be used.
- profile
A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
- wait_for_sync
Wait for an INSYNC change status from Route53.
- tags
dict of tags
- instance_ids
list of instance ids. The state will ensure that these, and ONLY these, instances are registered with the ELB. This is additive with instance_names.
- instance_names
list of instance names. The state will ensure that these, and ONLY these, instances are registered with the ELB. This is additive with instance_ids.
- saltext.boto3.states.boto3_elb.register_instances(name, instances, region=None, key=None, keyid=None, profile=None)[source]¶
Add EC2 instance(s) to an Elastic Load Balancer. Removing an instance from the
instanceslist does not remove it from the ELB.- name
The name of the Elastic Load Balancer to add EC2 instances to.
- instances
A list of EC2 instance IDs that this Elastic Load Balancer should distribute traffic to. This state will only ever append new instances to the ELB. EC2 instances already associated with this ELB will not be removed if they are not in the
instanceslist.
add-instances: boto3_elb.register_instances: - name: myloadbalancer - instances: - instance-id1 - instance-id2