newbie Ansible ec2 question:
I’m successfully using ec2_group_module [1] to create EC2 security group.
However, the operation fail if the group is already there
What is the idiomatic to conditionally skip it if the group is already there?
Thanks
What is the error that you get when it fails?
What is the error that you get when it fails?
400 Bad Request
Full capture below
hi,
I think when I was trying the ec2_group module for some reason it will only fail if the security group already exists but was not created by the module, if you create a new security group using the ec2_group module it wont fail when you run the same playbook again.
As Nicolas mentioned, you will get an error when you are trying to create the security group through Ansible and that security group already exists and was created manually/by other tool.
If you already created the SG with Ansible and want to update it through Ansible, the task is going to report “changed”. If you simply leave it as is, at the next run, it will report “ok” => idempotency
Cheers.
Thanks Nicolas, Dan
This is it.
The group was created manually.
We ran into something similar a few days ago but I haven’t had time to dig into the ec2_group code that much to figure it out.
I’m not sure if this is helpful, but if we had ‘TCP’ in all caps in the playbook it would behave like this (run fine the first time, create the group, etc., but on second attempt it would give the same error you were seeing). If I just changed it to ‘tcp’ all lower case the playbook ran fine.