[ansible-project] ec2_group task creates security group but not rules

[Dan Farrell]

Hi All, I'm just getting started trying to use ansible for provisioning and 
orchestration of cloud resources in AWS, so I'll apologize in advance for 
this noob question.

I've used ec2_group successfully before, but I can't figure out why this 
task isn't working.  I can see it run  the playlist is run, but the group 
is devoid of any egress or ingress rules. Can anybody spot what I'm doing 
wrong? 

TASK: [Create Jenkins Security Group] 
***************************************** 
skipping: [54.69.241.118]
skipping: [54.193.116.57]
changed: [54.164.169.157 -> 127.0.0.1]

TASK: [debug var=jenkins_sg] 
************************************************** 
ok: [54.193.116.57] => {
    "jenkins_sg": {
        "changed": false, 
        "skipped": true
    }
}
ok: [54.164.169.157] => {
    "jenkins_sg": {
        "changed": true, 
        "group_id": "sg-23494f46", 
        "invocation": {
            "module_args": "", 
            "module_name": "ec2_group"
        }
    }
}
ok: [54.69.241.118] => {
    "jenkins_sg": {
        "changed": false, 
        "skipped": true
    }
}


Here's how I have the task defined:

    - name: Create Jenkins Security Group
      local_action:
        module: ec2_group
        name: Jenkins SG
        description: Jenkins Security Group
        region: "{{preferred_region}}"
        vpc_id: "{{vpc}}"
        rules:
          - proto: tcp
            from_port: 22
            to_port: 22
            cidr: 0.0.0.0/0
          - proto: tcp
            from_port: 8080
            to_port: 8080
            cidr: 0.0.0.0/0
        rules_egress:
          - proto: all
            from_port: 0
            to_port: 65535
            cidr: 0.0.0.0/0
      when: ec2_region == preferred_region

And evidence that it has no rules set::

 $ aws --profile=farrellit ec2 describe-security-groups --group-id 
sg-23494f46
{
    "SecurityGroups": [
        {
            "IpPermissionsEgress": [], 
            "Description": "Jenkins Security Group", 
            "IpPermissions": [], 
            "GroupName": "Jenkins SG", 
            "VpcId": "vpc-f12baf94", 
            "OwnerId": "122377349983", 
            "GroupId": "sg-23494f46"
        }
    ]
}


Thanks very much for your time.   

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6b7f1e4c-eb8b-4e76-b708-4a52b28a90d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.