ec2_group (as of Ansible 2.4) doesn't support usage of pl-xxxxx (prefix
lists) typically employed by VPC endpoints.
So I went down the rabbit hole of doing this via a command module. The
command works on the prompt. How do I get this to work?
ERROR! Syntax Error while loading YAML.
The error appears to have been in
'/Users/dgirard/Documents/kraken/git/Ansible-aws-security/EC2-Security-Groups/SG-uat.yml'
: line 2384, column 150, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
# aws ec2 authorize-security-group-egress --group-id "{{ sg_id }}"
--region "{{ region }}" --profile "{{ profile }}" --ip-permissions
'[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds":
[{"PrefixListId": "pl-63a5400a"}]}]'
command: aws ec2 authorize-security-group-egress --group-id "{{ sg_id
}}" --region us-east-1 --profile utility --ip-permissions '[{"IpProtocol":
"tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds": [{"PrefixListId":
"pl-63a5400a"}]}]'
^
here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
exception type: <class 'yaml.scanner.ScannerError'>
exception: mapping values are not allowed in this context
in "<unicode string>", line 2384, column 150
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/55d2a210-4798-4677-a66c-be1f2b148bff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
