ec2_vpc_route_table and gateways vs peering

Archives Ansible Project
1

It seems that ec2_vpc_route_table will not purge igw or nat gateways even if purge=true, which is very nice. But it DOES purge routes associated with peering. Shouldn’t peering routes be treated in the same as gateways?

2

My assumption was incorrect. The module does not make any special considerations for gateways.

Which leaves the problem of retaining certain routes without having to use purge=false. I don’t want to use purge=false because that leaves us to manually clean up the routes. And we need to add routes after the table was created for things like vpc peering. But don’t want the peering routes to get purged if when ec2_vpc_route_table is run again. A bit of circular mess.

What I am doing now is something like this:

`

  • name: get existing public routes
    ec2_vpc_route_table_facts:
    filters:
    “tag:Name”: “{{ ec2_vpc_name }}-public”
    register: __public_route_table_routes

  • assert:
    that: (__public_route_table_routes.route_tables | length) <= 1

  • name: create public route table

vars:
subnets: “{{ __public_subnets.results | map(attribute=‘subnet.id’) | list }}”
public_routes: “{{ __public_route_table_routes.route_tables[0] | default({‘routes’:}) }}”
igw_routes:

  • dest: 0.0.0.0/0
    gateway_id: “{{ __igw.gateway_id }}”
    peering_routes: “{{ public_routes.routes | peering_routes_spec() | list }}”
    routes: “{{ igw_routes | union(peering_routes) }}”
    ec2_vpc_route_table:
    vpc_id: “{{ __vpc.vpc.id }}”
    region: “{{ ec2_region }}”
    tags:
    Name: “{{ ec2_vpc_name }}-public”
    cost: “{{ env | cost_tag }}”
    env: “{{ env }}”
    managed_by: ansible
    route_table_type: public
    subnets: “{{ subnets }}”
    routes: “{{ routes }}”
    register: __public_route_table
    `

Where peering_routes_spec() is

def peering_routes_spec(items): results = [] for item in items: vpc_peering_connection_id = item['vpc_peering_connection_id'] if vpc_peering_connection_id != None and vpc_peering_connection_id.startswith('pcx-'): results.append({"dest":item['destination_cidr_block'], "vpc_peering_connection_id": vpc_peering_connection_id}) return results

What would be really nice is if the module support some type of excludes for the purging.

3

Something like this in ensure_routes where it collects the routes to purge

`
if purge_routes_exclude_pcx and r.get(‘VpcPeeringConnectionId’) and r[‘VpcPeeringConnectionId’].startswith(‘pcx-’):
continue
if purge_routes_exclude_igw and r.get(‘GatewayId’) and r[‘GatewayId’].startswith(‘igw-’):
continue
if purge_routes_exclude_nat and r.get(‘GatewayId’) and r[‘GatewayId’].startswith(‘nat-’):
continue

`