Jump to: navigation, search

Heat/VPC Resources Support

OpenStack Networking was integrated in the Folsom release and as there is a good fit between OS Networking and Virtual Private Cloud, the Heat team decided to implement of the AWS VPC resources during the Grizzly release.

The following table describes the current support of VPC in Heat but be aware that it may be out of date as the Heat team is bridging the gaps :-)

CloudFormation resource Heat implementation Comment
AWS::EC2::VPC Partial Creates a network and a router.

The internal id of the network is used for the VpcId attribute.

No support for the CidrBlock attribute, it is accepted but unused.

No support for the InstanceTenancy attribute. It defines the tenancy mode of instances launched in the VPC: default (=shared or dedicated hardware) or dedicated (=only dedicated hardware).

AWS::EC2::Subnet Partial Creates a subnet and associates the subnet to the network's router.

No support in Networking for the AvailabilityZone attribute.

AWS::EC2::NetworkInterface Partial Creates a port.

The GroupSet attribute maps to an existing security group in OpenStack Networking.

No support in OpenStack Networking for the Description attribute.

No support in OpenStack Networking for the SourceDestCheck attribute. By default, An EC2 instance doesn't receive traffic which isn't destined to one of its private IP address. This flag must be turned off for NAT instances.

AWS::EC2::InternetGateway Ok Associates all routers of the network to an external network.

The creation generates no additional Networking resource but one (and only one) network with attribute 'router:external' must exist first.

AWS::EC2::CustomerGateway None No equivalent yet.
AWS::EC2::VPNGateway None No equivalent yet.
AWS::EC2::VPNConnection None No equivalent yet.
AWS::EC2::VPCGatewayAttachment Partial AWS::EC2::VPCGatewayAttachment creation associates all VPC network's routers to the external network.

No support for the VpnGatewayId attribute yet.

AWS::EC2::RouteTable Partial Creates a new router which gets added to the Neutron network associated to the VpcId.
AWS::EC2::SubnetRouteTableAssocation Partial Associates the subnet (SubnetId attribute) with the given router (RouteTableId attribute).
AWS::EC2::Route None No equivalent yet.
AWS::EC2::DHCPOptions None Not supported but subnets have a 'DNS nameservers' attribute.
AWS::EC2::VPCDHCPOptionsAssociation None There is a mismatch between OpenStack Networking (DHCP options apply to a subnet) and VPC (DHCP options apply to a network).
AWS::EC2::NetworkAcl None No equivalent yet.
AWS::EC2::NetworkAclEntry None No equivalent yet.
AWS::EC2::SubnetNetworkAclAssocation None No equivalent yet.
AWS::EC2::SecurityGroup Partial Maps to Nova security groups.Creates a security group if no group with the same name already exists.

Should be updated to create/modify Neutron security group when the VpcId attribute is passed (see https://blueprints.launchpad.net/heat/+spec/quantum-security-group).

AWS::EC2::SecurityGroupIngress Partial Partial Resource wrapped inside the AWS::EC2::SecurityGroup resource. It should be a standalone resource for full support.
AWS::EC2::SecurityGroupEgress None No equivalent yet.
AWS::EC2::EIP Partial The creation of the floating IP address relies on Nova which proxies the request to OpenStack Networking.

The name of the network allocating the floating IP addresses is defined by the default_floating_pool parameter in nova.conf (default value: "nova")

AWS::EC2::EIPAssociation Partial See below

Like for all AWS resources exposed in Heat, there is no support of the Tags attribute but this is first a Nova & Networking limitation but a blueprint exists to track the issue.

Existing VPC/Heat gaps:


Finally remember that using AWS resources in Heat templates is not mandatory as you still have the opportunity to use the Networking resources (in the OS::Neutron::* namespace for now). If you don't care about AWS CloudFormation compatibility, it is even recommended to stick with these native resources as they map perfectly with the Neutron components.