I don't understand the rules section of the ec2_group module. I wish the documentation explained it, but it doesn't. I says "see example". The description right now, Ansible 2.6, is:
List of firewall inbound rules to enforce in this group (see example). If none are supplied, no inbound rules will be enabled. Rules list may include its own name in `group_name`. This allows idempotent loopback additions (e.g . allow group to access itself). Rule sources list support was added in version 2.4. This allows to define multiple sources per source type as well as multiple source types per rule. Prior to 2.4 an individual source is allowed. In version 2.5 support for rule descriptions was added. And there are several examples shown. An example example is: - name: example ec2 group ec2_group: name: example description: an example EC2 group vpc_id: 12345 region: eu-west-1 aws_secret_key: SECRET aws_access_key: ACCESS rules: - proto: tcp from_port: 80 to_port: 80 cidr_ip: 0.0.0.0/0 - proto: tcp from_port: 22 to_port: 22 cidr_ip: 10.0.0.0/8 - proto: tcp from_port: 443 to_port: 443 # this should only be needed for EC2 Classic security group rules # because in a VPC an ELB will use a user-account security group group_id: amazon-elb/sg-87654321/amazon-elb-sg - proto: tcp from_port: 3306 to_port: 3306 group_id: 123412341234/sg-87654321/exact-name-of-sg - proto: udp from_port: 10050 to_port: 10050 cidr_ip: 10.0.0.0/8 - proto: udp from_port: 10051 to_port: 10051 group_id: sg-12345678 - proto: icmp from_port: 8 # icmp type, -1 = any type to_port: -1 # icmp subtype, -1 = any subtype cidr_ip: 10.0.0.0/8 - proto: all # the containing group name may be specified here group_name: example - proto: all # in the 'proto' attribute, if you specify -1, all, or a number other than tcp, udp, icmp, or 58 (ICMPv6), # traffic on all ports is allowed, regardless of any ports you specify from_port: 10050 # this value is ignored to_port: 10050 # this value is ignored cidr_ip: 10.0.0.0/8 So... I know what proto is for. I know what from_port, to_port, and cidr_ip are for. Also rule_desc. But what are group_id, group_name, and group_desc for? (To be clear, I'm asking what they are inside the rules: block. If they were under ec2_group: I would know what they were for.) -- Todd -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0a521eea-4608-434e-919b-059315870bb6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.