Thanks Brent that does explain a good detail about how security groups are
handled by Ansible.
I would still appreciate if you can answer this question.
I am creating a security group using
- name: Create HTTP Security Group
local_action:
module: ec2_group
region: "{{ region }}"
vpc_id: "{{ vpc }}"
name: sg_http
description: Security group for HTTP access
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
register: sg_http
However this created a security group with inbound http access but also
full outbound (egress) access automatically. I do not want those egress
rules to be present, how should I remove them.
----------------------------------------------------------------------------------------------------------------------------
Rahul Mehrotra
Cloud & DevOps Engineer, Nokia USA
email: [email protected]
[image: View Rahul Mehrotra's profile on LinkedIn]
<http://www.linkedin.com/in/rahulmehrotra1>
On Fri, May 15, 2015 at 11:00 AM, Brent Langston <[email protected]> wrote:
> the security group module will just make your list of rules look like
> whatever you have currently defined in yml. If you remove a rule from the
> list, and run the task again, the rule will be removed from the security
> group at aws. This hold true for both ingress and egress.
>
> In other words, for this module don't think "state: present" or "state:
> absent" -- that is determined by the rule being defined or not.
>
> --------
> Brent
> --------
>
> On Fri, May 15, 2015 at 1:58 PM, Rahul Mehrotra <[email protected]>
> wrote:
>
>>
>> Hi,
>> Can you please provide an example. I am specifically interested in
>> removing egress rules allowing everything automatically added by AWS when
>> security groups are created. Thank you
>>
>>
>>
>> ----------------------------------------------------------------------------------------------------------------------------
>>
>> Rahul Mehrotra
>> Cloud & DevOps Engineer, Nokia USA
>> email: [email protected]
>>
>> [image: View Rahul Mehrotra's profile on LinkedIn]
>> <http://www.linkedin.com/in/rahulmehrotra1>
>>
>> On Fri, May 15, 2015 at 10:49 AM, Brent Langston <[email protected]>
>> wrote:
>>
>>> remove the rule from the list.
>>>
>>> rules: []
>>>
>>> --------
>>> Brent
>>> --------
>>>
>>> On Fri, May 15, 2015 at 1:32 PM, Rahul Mehrotra <[email protected]>
>>> wrote:
>>>
>>>>
>>>> I have an Ansible script to create EC2 security group. It looks like
>>>> this
>>>>
>>>> - name: Create HTTP Security Group
>>>> local_action:
>>>> module: ec2_group
>>>> region: "{{ region }}"
>>>> vpc_id: "{{ vpc }}"
>>>> name: sg_http
>>>> description: Security group for HTTP access
>>>> rules:
>>>> - proto: tcp
>>>> from_port: 80
>>>> to_port: 80
>>>> cidr_ip: 0.0.0.0/0
>>>> register: sg_http
>>>>
>>>> I would like to write a task which deletes the rule but not security
>>>> group. I tried using the state as present, but it doesn't work
>>>>
>>>> - name: Delete HTTP Rule
>>>> local_action:
>>>> module: ec2_group
>>>> region: "{{ region }}"
>>>> vpc_id: "{{ vpc }}"
>>>> name: sg_http
>>>> description: Security group for HTTP access
>>>> rules:
>>>> - proto: tcp
>>>> from_port: 80
>>>> to_port: 80
>>>> cidr_ip: 0.0.0.0/0
>>>> state: absent
>>>> register: sg_http
>>>>
>>>> What would be the better way to do this. Regards
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/4f8fbfa1-1f22-44a2-9c4e-bfdaeff2d2e5%40googlegroups.com
>>>> <https://groups.google.com/d/msgid/ansible-project/4f8fbfa1-1f22-44a2-9c4e-bfdaeff2d2e5%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/5AkZ6-PlBRk/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CABta7G0EiYqHrSUDVwT43aD7D68XJCTgHV8R--1vEvn1%2BjSsrA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CABta7G0EiYqHrSUDVwT43aD7D68XJCTgHV8R--1vEvn1%2BjSsrA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CABddCmAQFj2py-MoEXrqHJg%2B2yLwdWG_SjN7CJLi%2BhDiaeoNMw%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CABddCmAQFj2py-MoEXrqHJg%2B2yLwdWG_SjN7CJLi%2BhDiaeoNMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/5AkZ6-PlBRk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CABta7G3DDTUWurVxZbxVtEP4xxu4cfX1JTEUDWqb-ueeSaASrA%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CABta7G3DDTUWurVxZbxVtEP4xxu4cfX1JTEUDWqb-ueeSaASrA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CABddCmBevz67_S7M%2B9gEtzkFayJ7QdmoLjwz0hOnhuhfdZkfjg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
