ec2_group - maintain an ec2 VPC security group.

Synopsis

New in version 1.3.

maintains ec2 security groups. This module has a dependency on python-boto >= 2.5

Options

parameter required default choices comments
aws_access_key no
    AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
    aws_secret_key no
      AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
      description yes
        Description of the security group.
        ec2_url no
          Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Must be specified if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used
          name yes
            Name of the security group.
            profile no
              uses a boto profile. Only works with boto >= 2.24.0 (added in Ansible 1.6)
              region no
                the EC2 region to use
                rules no
                  List of firewall inbound rules to enforce in this group (see example).
                  rules_egress no
                    List of firewall outbound rules to enforce in this group (see example). (added in Ansible 1.6)
                    security_token no
                      security token to authenticate against AWS (added in Ansible 1.6)
                      state no present
                        create or delete security group (added in Ansible 1.4)
                        validate_certs no yes
                        • yes
                        • no
                        When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. (added in Ansible 1.5)
                        vpc_id no
                          ID of the VPC to create the group in.

                          Note

                          Requires boto

                          Examples


                          - name: example ec2 group
                            local_action:
                              module: ec2_group
                              name: example
                              description: an example EC2 group
                              vpc_id: 12345
                              region: eu-west-1a
                              aws_secret_key: SECRET
                              aws_access_key: ACCESS
                              rules:
                                - proto: tcp
                                  from_port: 80
                                  to_port: 80
                                  cidr_ip: 0.0.0.0/0
                                - proto: tcp
                                  from_port: 22
                                  to_port: 22
                                  cidr_ip: 10.0.0.0/8
                                - proto: udp
                                  from_port: 10050
                                  to_port: 10050
                                  cidr_ip: 10.0.0.0/8
                                - proto: udp
                                  from_port: 10051
                                  to_port: 10051
                                  group_id: sg-12345678
                                - proto: all
                                  # the containing group name may be specified here
                                  group_name: example
                              rules_egress:
                                - proto: tcp
                                  from_port: 80
                                  to_port: 80
                                  group_name: example-other
                                  # description to use if example-other needs to be created
                                  group_desc: other example EC2 group
                          

                          Note

                          If a rule declares a group_name and that group doesn’t exist, it will be automatically created. In that case, group_desc should be provided as well. The module will refuse to create a depended-on group without a description.

                          Note

                          The following environment variables can be used AWS_ACCESS_KEY or EC2_ACCESS_KEY or AWS_ACCESS_KEY_ID, AWS_SECRET_KEY or EC2_SECRET_KEY or AWS_SECRET_ACCESS_KEY, AWS_REGION or EC2_REGION, AWS_SECURITY_TOKEN

                          Note

                          Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See http://boto.readthedocs.org/en/latest/boto_config_tut.html

                          Note

                          AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file

                          Table Of Contents

                          Previous topic

                          ec2_facts - Gathers facts about remote hosts within ec2 (aws)

                          Next topic

                          ec2_key - maintain an ec2 key pair.