I don't understand the rules section of the ec2_group module. I wish the
documentation explained it, but it doesn't. I says "see example". The
description right now, Ansible 2.6, is:
List of firewall inbound rules to enforce in this group (see example). If
none are supplied, no inbound rules will be enabled. Rules list may include
its own name in `group_name`. This allows idempotent loopback additions (e.g
. allow group to access itself). Rule sources list support was added in
version 2.4. This allows to define multiple sources per source type as well
as multiple source types per rule. Prior to 2.4 an individual source is
allowed. In version 2.5 support for rule descriptions was added.
And there are several examples shown. An example example is:
- name: example ec2 group
ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 10.0.0.0/8
- proto: tcp
from_port: 443
to_port: 443
# this should only be needed for EC2 Classic security group rules
# because in a VPC an ELB will use a user-account security group
group_id: amazon-elb/sg-87654321/amazon-elb-sg
- proto: tcp
from_port: 3306
to_port: 3306
group_id: 123412341234/sg-87654321/exact-name-of-sg
- proto: udp
from_port: 10050
to_port: 10050
cidr_ip: 10.0.0.0/8
- proto: udp
from_port: 10051
to_port: 10051
group_id: sg-12345678
- proto: icmp
from_port: 8 # icmp type, -1 = any type
to_port: -1 # icmp subtype, -1 = any subtype
cidr_ip: 10.0.0.0/8
- proto: all
# the containing group name may be specified here
group_name: example
- proto: all
# in the 'proto' attribute, if you specify -1, all, or a number
other than tcp, udp, icmp, or 58 (ICMPv6),
# traffic on all ports is allowed, regardless of any ports you
specify
from_port: 10050 # this value is ignored
to_port: 10050 # this value is ignored
cidr_ip: 10.0.0.0/8
So... I know what proto is for. I know what from_port, to_port, and cidr_ip
are for. Also rule_desc. But what are group_id, group_name, and group_desc
for? (To be clear, I'm asking what they are inside the rules: block. If
they were under ec2_group: I would know what they were for.)
--
Todd
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0a521eea-4608-434e-919b-059315870bb6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
