I don't understand the rules section of the ec2_group module. I wish the 
documentation explained it, but it doesn't. I says "see example". The 
description right now, Ansible 2.6, is:

List of firewall inbound rules to enforce in this group (see example). If 
none are supplied, no inbound rules will be enabled. Rules list may include 
its own name in `group_name`. This allows idempotent loopback additions (e.g
. allow group to access itself). Rule sources list support was added in 
version 2.4. This allows to define multiple sources per source type as well 
as multiple source types per rule. Prior to 2.4 an individual source is 
allowed. In version 2.5 support for rule descriptions was added.

And there are several examples shown. An example example is:

- name: example ec2 group
    name: example
    description: an example EC2 group
    vpc_id: 12345
    region: eu-west-1
    aws_secret_key: SECRET
    aws_access_key: ACCESS
      - proto: tcp
        from_port: 80
        to_port: 80
      - proto: tcp
        from_port: 22
        to_port: 22
      - proto: tcp
        from_port: 443
        to_port: 443
        # this should only be needed for EC2 Classic security group rules
        # because in a VPC an ELB will use a user-account security group
        group_id: amazon-elb/sg-87654321/amazon-elb-sg
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_id: 123412341234/sg-87654321/exact-name-of-sg
      - proto: udp
        from_port: 10050
        to_port: 10050
      - proto: udp
        from_port: 10051
        to_port: 10051
        group_id: sg-12345678
      - proto: icmp
        from_port: 8 # icmp type, -1 = any type
        to_port:  -1 # icmp subtype, -1 = any subtype
      - proto: all
        # the containing group name may be specified here
        group_name: example
      - proto: all
        # in the 'proto' attribute, if you specify -1, all, or a number 
other than tcp, udp, icmp, or 58 (ICMPv6),
        # traffic on all ports is allowed, regardless of any ports you 
        from_port: 10050 # this value is ignored
        to_port: 10050 # this value is ignored

So... I know what proto is for. I know what from_port, to_port, and cidr_ip 
are for. Also rule_desc. But what are group_id, group_name, and group_desc 
for? (To be clear, I'm asking what they are inside the rules: block. If 
they were under ec2_group: I would know what they were for.)


You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to