New in version 1.3.
maintains ec2 security groups. This module has a dependency on python-boto >= 2.5
parameter | required | default | choices | comments |
---|---|---|---|---|
aws_access_key | no | AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | ||
aws_secret_key | no | AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | ||
description | yes | Description of the security group. | ||
ec2_url | no | Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Must be specified if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used | ||
name | yes | Name of the security group. | ||
profile | no | uses a boto profile. Only works with boto >= 2.24.0 (added in Ansible 1.6) | ||
region | no | the EC2 region to use | ||
rules | no | List of firewall inbound rules to enforce in this group (see example). | ||
rules_egress | no | List of firewall outbound rules to enforce in this group (see example). (added in Ansible 1.6) | ||
security_token | no | security token to authenticate against AWS (added in Ansible 1.6) | ||
state | no | present | create or delete security group (added in Ansible 1.4) | |
validate_certs | no | yes |
|
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. (added in Ansible 1.5) |
vpc_id | no | ID of the VPC to create the group in. |
Note
Requires boto
- name: example ec2 group
local_action:
module: ec2_group
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1a
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 10.0.0.0/8
- proto: udp
from_port: 10050
to_port: 10050
cidr_ip: 10.0.0.0/8
- proto: udp
from_port: 10051
to_port: 10051
group_id: sg-12345678
- proto: all
# the containing group name may be specified here
group_name: example
rules_egress:
- proto: tcp
from_port: 80
to_port: 80
group_name: example-other
# description to use if example-other needs to be created
group_desc: other example EC2 group
Note
If a rule declares a group_name and that group doesn’t exist, it will be automatically created. In that case, group_desc should be provided as well. The module will refuse to create a depended-on group without a description.
Note
The following environment variables can be used AWS_ACCESS_KEY or EC2_ACCESS_KEY or AWS_ACCESS_KEY_ID, AWS_SECRET_KEY or EC2_SECRET_KEY or AWS_SECRET_ACCESS_KEY, AWS_REGION or EC2_REGION, AWS_SECURITY_TOKEN
Note
Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See http://boto.readthedocs.org/en/latest/boto_config_tut.html
Note
AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file