AWS ec2 attach new security group to instance

Hi, i’m creating a new security group, i need attach this to a new ec2 instance, i try, but i see this error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: The following group names are not valid
: security_group.group_id
fatal: [localhost]: FAILED! => {“changed”: false, “module_stderr”: “Traceback (most recent call last):\n File "/home/emanuel/.ansible/tmp/ansible-
tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py", line 107, in \n _ansiballz_main()\n File "/home/emanuel/.ansibl
e/tmp/ansible-tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py", line 99, in _ansiballz_main\n invoke_module(zipped_mod, tem
p_path, ANSIBALLZ_PARAMS)\n File "/home/emanuel/.ansible/tmp/ansible-tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py", line
47, in invoke_module\n runpy.run_module(mod_name=‘ansible_collections.amazon.aws.plugins.modules.ec2_instance’, init_globals=dict(_module_fqn=‘an
sible_collections.amazon.aws.plugins.modules.ec2_instance’, _modlib_path=modlib_path),\n File "/usr/lib/python3.8/runpy.py", line 207, in run_mod
ule\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code\n
_run_code(code, mod_globals, init_globals,\n File "/usr/lib/python3.8/runpy.py", line 87, in run_code\n exec(code, run_globals)\n File "/tm
p/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_in
stance.py", line 2015, in \n File "/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansi
ble_collections/amazon/aws/plugins/modules/ec2_instance.py", line 2009, in main\n File "/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ans
ible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py", line 1808, in ensure_present\n File "/t
mp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_i
nstance.py", line 1291, in build_run_instance_spec\n File "/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance
payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py", line 1096, in build_network_spec\n File "/tmp/ansible_amazon.aws.ec2
_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py", line 1204,
in discover_security_groups\n File "/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_coll
ections/amazon/aws/plugins/module_utils/ec2.py", line 521, in get_ec2_security_group_ids_from_names\nValueError: The following group names are not
valid: security_group.group_id\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}

This is my playbook

• name: Creamos un Grupo de seguridad para la instancia

amazon.aws.ec2_group:
name: “front-cargo-new-dev-sg”
description: “sg instancia front-cargo-new-dev”
vpc_id: vpc-xxxxxxxxxxx
region: us-west-2
aws_secret_key: “{{ ec2_secret_key }}”
aws_access_key: “{{ ec2_access_key }}”
register: security_group

• name: Lanzamos una instancia a partir de la imagen
  amazon.aws.ec2_instance:
  name: “front-cargo-new-dev.develop”
  aws_secret_key: “{{ ec2_secret_key }}”
  aws_access_key: “{{ ec2_access_key }}”
  region: us-west-2
  wait: yes
  key_name: developer
  instance_type: t2.medium
  user_data: |
  #!/bin/bash
  sudo hostnamectl set-hostname front-cargo-new-dev.develop
  image_id: ami-xxxxxxxxxxxx
  wait: yes
  wait_timeout: 500
  volumes:
• device_name: /dev/xvda
  ebs:
  volume_type: gp3
  volume_size: 32
  delete_on_termination: yes
  vpc_subnet_id: subnet-xxxxxxxxx
  network:
  assign_public_ip: no
  security_groups: [security_group.group_id, sg-xxxxxxxxxx, sg-xxxxxxxxxxxx]
  tags:
  Enviroment: dev
  count: 1

any helps??

Regards,

The problem is that you are not referencing the security_group variable, but just passing a string called security_group.group_id:

This:

security_groups: [security_group.group_id, sg-xxxxxxxxxx, sg-xxxxxxxxxxxx]

Should instead be:

security_groups: [‘{{security_group.group_id}}’, sg-xxxxxxxxxx, sg-xxxxxxxxxxxx]

you are right!!

thanks you matt

amazon.aws.ec2_group:
name: “front-cargo-new-dev-sg”
description: “sg instancia front-cargo-new-dev”
vpc_id: vpc-xxxxxxxxxxx
region: us-west-2
aws_secret_key: “{{ ec2_secret_key }}”
aws_access_key: “{{ ec2_access_key }}”
register: security_group

The security_group variable is registered / set with this task.

You need to look at the module docs for amazon.aws.ec2_group to see what is the structure of the results. I suspect this is a reference issue. I recommend using a debug: var=security_group right after this task so you can see the structure of the results. That will help you determine how to reference the group_id value (which is returned in the results - see module docs).

Walter