Hi Pshem,
Please find below the content of my playbook.
---
- hosts: localhost
become: yes
become_method: sudo
vars_files:
- ec2-vars/sam.yml
roles:
- { role: security }
Below is my role.
- name: Bstar ec2 group
- ec2_group:
name: bright_pedda
description: an example EC2 group
vpc_id: vpc-1ab4277e
region: ap-southeast-2a
aws_secret_key: AKIAJ2H25HM333T2WEIQ
aws_access_key: 30uio86RAQssiOUUAGFpTcQ4UOEHvWlPTAJ++pA8
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 10.0.0.0/8
- proto: tcp
from_port: 443
to_port: 443
group_id: amazon-elb/sg-87654321/amazon-elb-sg
- proto: tcp
from_port: 3306
to_port: 3306
group_id: 123412341234/sg-87654321/exact-name-of-sg
- proto: udp
from_port: 10050
to_port: 10050
cidr_ip: 10.0.0.0/8
- proto: udp
from_port: 10051
to_port: 10051
group_id: sg-12345678
- proto: icmp
from_port: 8 # icmp type, -1 = any type
to_port: -1 # icmp subtype, -1 = any subtype
cidr_ip: 10.0.0.0/8
- proto: all
# the containing group name may be specified here
group_name: Bstar_SecurityGroups
rules_egress:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
cidr_ipv6: 64:ff9b::/96
group_name: example-other
# description to use if example-other needs to be created
group_desc: other example EC2 group
Regards,
Reddy
On Wednesday, 17 January 2018 06:56:00 UTC+11, Pshem Kowalczyk wrote:
>
> It seems like you have any tasks in your playbook. Could you show the
> content of the playbook?
>
> kind regards
> Pshem
>
>
> On Tue, 16 Jan 2018 at 16:58 Reddy Myyb <[email protected] <javascript:>>
> wrote:
>
>> Hi Pshem,
>> I have made it as a task and able to run. The play runs successfully, but
>> I can't see the security group in my aws console. The out put says
>> changed=0. I'm running teh play frm one VPC and the creation is on other
>> VPC. My output below. PLease let me know if there's anything I need to
>> change.
>>
>> PLAY [localhost]
>> *************************************************************************************************************
>>
>> TASK [Gathering Facts]
>> *******************************************************************************************************
>> ok: [localhost]
>>
>> PLAY RECAP
>> *******************************************************************************************************************
>> localhost : ok=1 changed=0 unreachable=0
>> failed=0
>>
>> Regards,
>> Reddy
>>
>> On Sunday, 14 January 2018 19:12:50 UTC+11, Pshem Kowalczyk wrote:
>>
>>> This looks like a definition of a role, not a play. If you want this to
>>> be a play you have to turn this into the 'tasks' section of the yaml file
>>> and specify at least hosts you want this ran against.
>>>
>>> kind regards
>>> Pshem
>>>
>>>
>>> On Sun, 14 Jan 2018 at 19:17 Reddy Myyb <[email protected]> wrote:
>>>
>> The script to create aws security group is not working anymore. I have
>>>> ansible 2.3.1.0, my script as below.
>>>>
>>>> - name: Bstar ec2 group
>>>> ec2_group:
>>>> name: bright_star
>>>> description: an example EC2 group
>>>> vpc_id: vpc-1ab4e
>>>> region: ap-southeast-2a
>>>> aws_secret_key: SKEY
>>>> aws_access_key: AKEY
>>>> rules:
>>>> - proto: tcp
>>>> from_port: 80
>>>> to_port: 80
>>>> cidr_ip: 0.0.0.0/0
>>>> - proto: tcp
>>>> from_port: 22
>>>> to_port: 22
>>>> cidr_ip: 10.0.0.0/8
>>>> - proto: tcp
>>>> from_port: 443
>>>> to_port: 443
>>>> group_id: amazon-elb/sg-87654321/amazon-elb-sg
>>>> - proto: tcp
>>>> from_port: 3306
>>>> to_port: 3306
>>>> group_id: 123412341234/sg-87654321/exact-name-of-sg
>>>> - proto: udp
>>>> from_port: 10050
>>>> to_port: 10050
>>>> cidr_ip: 10.0.0.0/8
>>>> - proto: udp
>>>> from_port: 10051
>>>> to_port: 10051
>>>> group_id: sg-12345678
>>>> - proto: icmp
>>>> from_port: 8 # icmp type, -1 = any type
>>>> to_port: -1 # icmp subtype, -1 = any subtype
>>>> cidr_ip: 10.0.0.0/8
>>>> - proto: all
>>>> # the containing group name may be specified here
>>>> group_name: Bstar_SecurityGroups
>>>> rules_egress:
>>>> - proto: tcp
>>>> from_port: 80
>>>> to_port: 80
>>>> cidr_ip: 0.0.0.0/0
>>>> cidr_ipv6: 64:ff9b::/96
>>>> group_name: example-other
>>>> # description to use if example-other needs to be created
>>>> group_desc: other example EC2 group
>>>>
>>>> Please provide the correct module for security group.
>>>>
>>>> Below is the error message:
>>>>
>>>> ERROR! 'ec2_group' is not a valid attribute for a Play
>>>>
>>>> The error appears to have been in '/home/devopsadmin/dev/security.yml':
>>>> line 1, column 3, but may
>>>> be elsewhere in the file depending on the exact syntax problem.
>>>>
>>>> The offending line appears to be:
>>>>
>>>>
>>>> - name: Bstar ec2 group
>>>> ^ here
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>>
>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>
>>>
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/b1709fe2-99ae-416e-a941-661cb3e3e9f4%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/ansible-project/b1709fe2-99ae-416e-a941-661cb3e3e9f4%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/9d267838-d933-4473-9e20-2248c854bf97%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/9d267838-d933-4473-9e20-2248c854bf97%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a2040d9b-51b0-482f-afea-b45beb034178%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
