Sunday, 11 October 2015
Creating AWS Security Groups using Ansible
If you have worked with creating security groups with ansible you might have run into a common problem. When you create a security group with ansible if the rules are already present, the second time you try to run the task, it complains saying that the rules are duplicated and the task fails.
In order to avoid this, I create a dummy rule as the first step and in the second step create the actual rule. This way I can run this task any number of time and avoid the warning of duplicate rules by ansible.
Note: The latest rules will overwrite any existing rules.
eg:
- name: Add dummy rule to Security Group
ec2_group:
name: "{{ sgName }}"
description: "a valid description"
region: "{{ region }}"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: "{{ vpcCidr }}"
- name: Add rule to Security Group
ec2_group:
name: "{{ sgName }}"
description: "a valid description"
region: "{{ region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{ sshAllowedHosts }}"
- proto: tcp
from_port: 0
to_port: 65535
cidr_ip: "{{ vpcCidr }}"
In order to avoid this, I create a dummy rule as the first step and in the second step create the actual rule. This way I can run this task any number of time and avoid the warning of duplicate rules by ansible.
Note: The latest rules will overwrite any existing rules.
eg:
- name: Add dummy rule to Security Group
ec2_group:
name: "{{ sgName }}"
description: "a valid description"
region: "{{ region }}"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: "{{ vpcCidr }}"
- name: Add rule to Security Group
ec2_group:
name: "{{ sgName }}"
description: "a valid description"
region: "{{ region }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{ sshAllowedHosts }}"
- proto: tcp
from_port: 0
to_port: 65535
cidr_ip: "{{ vpcCidr }}"
Subscribe to:
Posts (Atom)