Create an egress_rules: list that is empty.
On May 15, 2015 2:19 PM, "Rahul Mehrotra" <[email protected]> wrote:
> Thanks Brent that does explain a good detail about how security groups are
> handled by Ansible.
> I would still appreciate if you can answer this question.
>
> I am creating a security group using
>
> - name: Create HTTP Security Group
> local_action:
> module: ec2_group
> region: "{{ region }}"
> vpc_id: "{{ vpc }}"
> name: sg_http
> description: Security group for HTTP access
> rules:
> - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: 0.0.0.0/0
> register: sg_http
>
> However this created a security group with inbound http access but also
> full outbound (egress) access automatically. I do not want those egress
> rules to be present, how should I remove them.
>
>
> ----------------------------------------------------------------------------------------------------------------------------
>
> Rahul Mehrotra
> Cloud & DevOps Engineer, Nokia USA
> email: [email protected]
>
> [image: View Rahul Mehrotra's profile on LinkedIn]
> <http://www.linkedin.com/in/rahulmehrotra1>
>
> On Fri, May 15, 2015 at 11:00 AM, Brent Langston <[email protected]>
> wrote:
>
>> the security group module will just make your list of rules look like
>> whatever you have currently defined in yml. If you remove a rule from the
>> list, and run the task again, the rule will be removed from the security
>> group at aws. This hold true for both ingress and egress.
>>
>> In other words, for this module don't think "state: present" or "state:
>> absent" -- that is determined by the rule being defined or not.
>>
>> --------
>> Brent
>> --------
>>
>> On Fri, May 15, 2015 at 1:58 PM, Rahul Mehrotra <[email protected]>
>> wrote:
>>
>>>
>>> Hi,
>>> Can you please provide an example. I am specifically interested in
>>> removing egress rules allowing everything automatically added by AWS when
>>> security groups are created. Thank you
>>>
>>>
>>>
>>> ----------------------------------------------------------------------------------------------------------------------------
>>>
>>> Rahul Mehrotra
>>> Cloud & DevOps Engineer, Nokia USA
>>> email: [email protected]
>>>
>>> [image: View Rahul Mehrotra's profile on LinkedIn]
>>> <http://www.linkedin.com/in/rahulmehrotra1>
>>>
>>> On Fri, May 15, 2015 at 10:49 AM, Brent Langston <[email protected]>
>>> wrote:
>>>
>>>> remove the rule from the list.
>>>>
>>>> rules: []
>>>>
>>>> --------
>>>> Brent
>>>> --------
>>>>
>>>> On Fri, May 15, 2015 at 1:32 PM, Rahul Mehrotra <[email protected]>
>>>> wrote:
>>>>
>>>>>
>>>>> I have an Ansible script to create EC2 security group. It looks like
>>>>> this
>>>>>
>>>>> - name: Create HTTP Security Group
>>>>> local_action:
>>>>> module: ec2_group
>>>>> region: "{{ region }}"
>>>>> vpc_id: "{{ vpc }}"
>>>>> name: sg_http
>>>>> description: Security group for HTTP access
>>>>> rules:
>>>>> - proto: tcp
>>>>> from_port: 80
>>>>> to_port: 80
>>>>> cidr_ip: 0.0.0.0/0
>>>>> register: sg_http
>>>>>
>>>>> I would like to write a task which deletes the rule but not security
>>>>> group. I tried using the state as present, but it doesn't work
>>>>>
>>>>> - name: Delete HTTP Rule
>>>>> local_action:
>>>>> module: ec2_group
>>>>> region: "{{ region }}"
>>>>> vpc_id: "{{ vpc }}"
>>>>> name: sg_http
>>>>> description: Security group for HTTP access
>>>>> rules:
>>>>> - proto: tcp
>>>>> from_port: 80
>>>>> to_port: 80
>>>>> cidr_ip: 0.0.0.0/0
>>>>> state: absent
>>>>> register: sg_http
>>>>>
>>>>> What would be the better way to do this. Regards
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/4f8fbfa1-1f22-44a2-9c4e-bfdaeff2d2e5%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/ansible-project/4f8fbfa1-1f22-44a2-9c4e-bfdaeff2d2e5%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/5AkZ6-PlBRk/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To post to this group, send email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CABta7G0EiYqHrSUDVwT43aD7D68XJCTgHV8R--1vEvn1%2BjSsrA%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/ansible-project/CABta7G0EiYqHrSUDVwT43aD7D68XJCTgHV8R--1vEvn1%2BjSsrA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CABddCmAQFj2py-MoEXrqHJg%2B2yLwdWG_SjN7CJLi%2BhDiaeoNMw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CABddCmAQFj2py-MoEXrqHJg%2B2yLwdWG_SjN7CJLi%2BhDiaeoNMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/5AkZ6-PlBRk/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CABta7G3DDTUWurVxZbxVtEP4xxu4cfX1JTEUDWqb-ueeSaASrA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CABta7G3DDTUWurVxZbxVtEP4xxu4cfX1JTEUDWqb-ueeSaASrA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CABddCmBevz67_S7M%2B9gEtzkFayJ7QdmoLjwz0hOnhuhfdZkfjg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CABddCmBevz67_S7M%2B9gEtzkFayJ7QdmoLjwz0hOnhuhfdZkfjg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CABta7G2Ug2xcpejKusjNOahUC%2Bf-K-AnyvBuJBUvVA4qrNhmQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
