amazon.aws 3.5.0

Release Summary

Following the release of amazon.aws 5.0.0, 3.5.0 is a bugfix release and the final planned release for the 3.x series.

Minor Changes

• ec2_security_group - set type as list for rules->group_name as it can accept both str and list (#971).

Bugfixes

• ec2_metadata_facts - fix 'NoneType' object is not callable exception when using Ansible 2.13+ (#942).

amazon.aws 5.0.0

In this release we promoted many community modules to Red Hat supported status. Those modules have been moved from the community.aws to amazon.aws collection. This release also brings some new features, bugfixes, breaking changes and deprecated features.

The amazon.aws collection has dropped support for botocore<1.21.0 and boto3<1.18.0. Support for ansible-core<2.11 has also been dropped.

Major Changes

• autoscaling_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group.
• autoscaling_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group_info.
• cloudtrail - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudtrail.
• cloudwatch_metric_alarm - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatch_metric_alarm.
• cloudwatchevent_rule - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchevent_rule.
• cloudwatchlogs_log_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group.
• cloudwatchlogs_log_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_info.
• cloudwatchlogs_log_group_metric_filter - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_metric_filter.
• ec2_eip - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip.
• ec2_eip_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip_info.
• elb_application_lb - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb.
• elb_application_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb_info.
• execute_lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.execute_lambda.
• iam_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy.
• iam_policy_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy_info.
• iam_user - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user.
• iam_user_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user_info.
• kms_key - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key.
• kms_key_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key_info.
• lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda.
• lambda_alias - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_alias.
• lambda_event - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_event.
• lambda_execute - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_execute.
• lambda_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_info.
• lambda_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_policy.
• rds_cluster - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster.
• rds_cluster_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_info.
• rds_cluster_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_snapshot.
• rds_instance - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance.
• rds_instance_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_info.
• rds_instance_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_snapshot.
• rds_option_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group.
• rds_option_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group_info.
• rds_param_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_param_group.
• rds_snapshot_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_snapshot_info.
• rds_subnet_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_subnet_group.
• route53 - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53.
• route53_health_check - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_health_check.
• route53_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_info.
• route53_zone - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_zone.

Minor Changes

• Ability to record and replay the API interaction of a module for testing purpose. Show case the feature with an example (#998).
• Remove the empty init.py file from the distribution, they were not required anymore (#1018).
• amazon.aws modules - the ec2_url parameter has been renamed to endpoint_url for consistency, ec2_url remains as an alias (#992).
• aws_caller_info - minor linting fixes (#968).
• aws_ec2 - introduce the allow_duplicated_hosts configuration key (#1026).
• cloudformation - avoid catching Exception, catch more specific errors instead (#968).
  ...

amazon.aws 4.2.0

Minor Changes

• ec2_security_group - set type as list for rules->group_name as it can accept both str and list (#971).
• various modules - linting fixups (#953).

Deprecated Features

• module_utils.cloud - removal of the CloudRetry.backoff has been delayed until release 6.0.0. It is recommended to update custom modules to use jittered_backoff or exponential_backoff instead (#951).

amazon.aws 4.1.0

Minor Changes

• ec2_instance - expanded the use of the automatic retries on temporary failures (#927).
• s3_bucket - updated module to enable support for setting S3 Bucket Keys for SSE-KMS (#882).

Deprecated Features

• amazon.aws collection - due to the AWS SDKs announcing the end of support for Python less than 3.7 (https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/) support for Python less than 3.7 by this collection has been deprecated and will be removed in a release after 2023-05-31 (#935).

Bugfixes

• aws_ec2 - ensure the correct number of hosts are returned when tags as hostnames are used (#862).
• elb_application_lb - fix KeyError when balancing across two Target Groups (ansible-collections/community.aws#1089).
• elb_classic_lb - fix 'NoneType' object has no attribute bug when creating a new ELB in check mode with a health check (#915).
• elb_classic_lb - fix 'NoneType' object has no attribute bug when creating a new ELB using security group names (#914).

amazon.aws 3.4.0

Minor Changes

• ec2_instance - expanded the use of the automatic retries on temporary failures (#927).

Bugfixes

• elb_application_lb - fix KeyError when balancing across two Target Groups (ansible-collections/community.aws#1089).
• elb_classic_lb - fix 'NoneType' object has no attribute bug when creating a new ELB in check mode with a health check (#915).
• elb_classic_lb - fix 'NoneType' object has no attribute bug when creating a new ELB using security group names (#914).

amazon.aws 4.0.0

Major Changes

• amazon.aws collection - The amazon.aws collection has dropped support for botocore<1.20.0 and boto3<1.17.0. Most modules will continue to work with older versions of the AWS SDK, however compatibility with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (#574).

Minor Changes

• aws_s3 - Add validate_bucket_name option, to control bucket name validation (#615).
• aws_s3 - The aws_s3 module has been renamed to s3_object (#869).
• aws_s3 - resource_tags has been added as an alias for the tags parameter (#845).
• ec2_eni - Change parameter device_index data type to string when passing to describe_network_inter api call (#877).
• ec2_eni - resource_tags has been added as an alias for the tags parameter (#845).
• ec2_group - add egress_rules as an alias for rules_egress (#878).
• ec2_group - add purge_egress_rules as an alias for purge_rules_egress (#878).
• ec2_instance - Add missing metadata_options parameters (#715).
• ec2_key - resource_tags has been added as an alias for the tags parameter (#845).
• ec2_vpc_net - add support for managing VPCs by ID (#848).
• ec2_vpc_subnet - add support for OutpostArn param (#598).
• elb_classic_lb - resource_tags has been added as an alias for the tags parameter (#845).
• s3_bucket - Add validate_bucket_name option, to control bucket name validation (#615).
• s3_bucket - resource_tags has been added as an alias for the tags parameter (#845).

Breaking Changes / Porting Guide

• Tags beginning with aws: will not be removed when purging tags, these tags are reserved by Amazon and may not be updated or deleted (#817).
• amazon.aws collection - the profile parameter is now mutually exclusive with the aws_access_key, aws_secret_key and security_token parameters (#834).
• aws_az_info - the module alias aws_az_facts was deprecated in Ansible 2.9 and has now been removed (#832).
• aws_s3 - the default value for ensure overwrite has been changed to different instead of always so that the module is idempotent by default (#811).
• aws_ssm - on_denied and on_missing now both default to error, for consistency with both aws_secret and the base Lookup class (#617).
• ec2 - The ec2 module has been removed in release 4.0.0 and replaced by the ec2_instance module (#630).
• ec2_vpc_igw_info - The default value for convert_tags has been changed to True (#835).
• elb_classic_lb - the ec2_elb fact has been removed (#827).
• module_utils - Support for the original AWS SDK aka boto has been removed, including all relevant helper functions. All modules should now use the boto3/botocore AWS SDK (#630)

Deprecated Features

• aws_s3 - The S3_URL alias for the s3_url option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_ami - The DeviceName alias for the device_name option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_ami - The NoDevice alias for the no_device option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_ami - The VirtualName alias for the virtual_name option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_ami - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#846).
• ec2_instance - The default value for `instance_type` has been deprecated, in the future release you must set an instance_type or a launch_template (#587).
• ec2_instance - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#849).
• ec2_key - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#846).
• ec2_vol - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#846).
• ec2_vpc_dhcp_option_info - The DhcpOptionIds alias for the dhcp_option_ids option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_vpc_dhcp_option_info - The DryRun alias for the dry_run option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• ec2_vpc_endpoint - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#846).
• ec2_vpc_net - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#848).
• ec2_vpc_route_table - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True (#846).
• s3_bucket - The S3_URL alias for the s3_url option has been deprecated and will be removed in release 5.0.0 (ansible-collections/community.aws#795).
• s3_object - Support for creation and deletion of S3 buckets has been deprecated. Please use the amazon.aws.s3_bucket module to create and delete buckets (#869).

Removed Features (previously deprecated)

• cloudformation - the template_format option has been removed. It has been ignored by the module since Ansible 2.3 (#833).
• ec2_key - the wait_timeout option had no effect, was deprecated in release 1.0.0, and has now been removed (#830).
• ec2_key - the wait option had no effect, was deprecated in release 1.0.0, and has now been removed (#830).
• ec2_tag - the previously deprecated state list has been removed. To list tags on an EC2 resource the ec2_tag_info module can be used (#829).
• ec2_vol - the previously deprecated state list has been removed. To list volumes the ec2_vol_info module can be used (#828).
• module_utils.batch - the class ansible_collections.amazon.aws.plugins.module_utils.batch.AWSConnection has been removed. Please use AnsibleAWSModule.client() instead (#831).

Bugfixes

• ec2_group - fix uncaught exception when running with --diff and --check to create a new security group (#440).
• ec2_instance - Add a condition to handle default `instance_type` value for fix breaking on instance creation with launch template (#587).
• ec2_instance - raise an error when missing permission to stop instance when state is set to rebooted` (#671).
• ec2_vpc_igw - use gateway_id rather than filters to paginate if possible to fix 'NoneType' object is not subscriptable error (#766).
• ec2_vpc_net - fix a bug where CIDR configuration would be updated in check mode (ansible/ansible#62678).
• ec2_vpc_net - fix a bug where the module would get stuck if DNS options were updated in check mode (ansible/ansible#62677).
• elb_classic_lb - modify the return value of _format_listeners method to resolve a failure creating https listeners (#860).

amazon.aws 3.3.1

Release Summary

Various minor documentation fixes.

amazon.aws 3.3.0

Minor Changes

• aws_ec2 inventory - Allow for literal strings in hostname that don't match filter parameters in ec2 describe-instances (#826).
• aws_ssm - Add support for endpoint parameter (#837).
• module.utils.rds - add retry_codes to get_rds_method_attribute return data to use in call_method and add unit tests (#776).
• module.utils.rds - refactor to utilize get_rds_method_attribute return data (#776).
• module_utils - add new aliases aws_session_token and session_token to the security_token parameter to be more in-line with the boto SDK (#631).
• module_utils.rds - Add support and unit tests for addition/removal of IAM roles to/from a db instance in module_utils.rds with waiters (#714).

Bugfixes

• Include PSF-license.txt file for plugins/module_utils/_version.py.
• aws_account_attribute lookup plugin - fix linting errors in documentation data (#701).
• aws_ec2 inventory plugin - fix linting errors in documentation data (#701).
• aws_rds inventory plugin - fix linting errors in documentation data (#701).
• aws_resource_actions callback plugin - fix linting errors in documentation data (#701).
• aws_secret lookup plugin - fix linting errors in documentation data (#701).
• aws_service_ip_ranges lookup plugin - fix linting errors in documentation data (#701).
• aws_ssm - Fix environment variables for client configuration (e.g., AWS_PROFILE, AWS_ACCESS_KEY_ID) (#837).
• aws_ssm lookup plugin - fix linting errors in documentation data (#701).
• ec2_instance - ec2_instance module broken in Python 3.8 - dict keys modified during iteration (#709).
• module.utils.rds - Add waiter for promoting read replica to fix idempotency issue (#714).
• module.utils.rds - Catch InvalidDBSecurityGroupStateFault when modifying a db instance (#776).
• module.utils.s3 - Update validate_bucket_name minimum length to 3 (#802).

amazon.aws 2.3.0

Bugfixes

• aws_account_attribute lookup plugin - fix linting errors in documentation data (#701).
• aws_ec2 inventory plugin - fix linting errors in documentation data (#701).
• aws_rds inventory plugin - fix linting errors in documentation data (#701).
• aws_resource_actions callback plugin - fix linting errors in documentation data (#701).
• aws_secret lookup plugin - fix linting errors in documentation data (#701).
• aws_service_ip_ranges lookup plugin - fix linting errors in documentation data (#701).
• aws_ssm lookup plugin - fix linting errors in documentation data (#701).
• ec2_instance - ec2_instance module broken in Python 3.8 - dict keys modified during iteration (#709).
• module.utils.s3 - Update validate_bucket_name minimum length to 3 (#802).

amazon.aws 3.2.0

Minor Changes

• aws_secret - add pagination for bypath functionality (#591).
• ec2_instance - Fix scope of deprecation warning to not show warning when state in absent (#719).
• ec2_vpc_route_table - support associating internet gateways (#690).
• module_utils.elbv2 - Add support for alb specific attributes and compare_elb_attributes method to support check_mode in module_utils.elbv2 (#696).
• s3_bucket - Add support for enforced bucket owner object ownership (#694).

Bugfixes

• aws_ec2 inventory - use the iam_role_arn configuration parameter to assume the role before trying to call DescribeRegions if the regions configuration is not set and AWS credentials provided without enough privilege to perform the DescribeRegions action. (#566).
• ec2_vol - changing a volume from a type that does not support IOPS (like standard) to a type that does (like gp3) fails (#626).
• ec2_vpc_igw - fix 'NoneType' object is not subscriptable error (#691).
• ec2_vpc_igw - use paginator for describe internet gateways and add retry to fix NoneType object is not subscriptable error (#695).
• ec2_vpc_net - In check mode, ensure the module does not change the configuration. Handle case when Amazon-provided ipv6 block is enabled, then disabled, then enabled again. Do not disable IPv6 CIDR association (using Amazon pool) if ipv6_cidr property is not present in the task. If the VPC already exists and ipv6_cidr property, retain the current config (#631).