I’m wondering if the ec2 groups module supports the icmp protocol.
I’ve tried a few combinations of rules and am not having much luck – i don’t see an example for it in the docs here: https://github.com/ansible/ansible/blob/release1.6.3/library/cloud/ec2_group
Thank you,
iain
Looking through the code, I don’t see any reason why an ICMP rule should not work. We do not filter based on the specified protocol in the list.
According to http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html, when creating an ICMP rule, the from_port should be used to specify the ICMP type number (or -1 for all ICMP types).
Feel free to send us a pull request with an example for an ICMP rule as well.
Thanks James! Will give this a shot and add the example
Hi,
I tried the solution as follows but it does not work for me:
In my AWS security group dashboard, I can see the following two lines added:
Custom ICMP Rule
|
Echo Request
|
8
|
0.0.0.0/0
|
- | - | - | - |
Custom ICMP Rule
|
Echo Reply
|
0
|
0.0.0.0/0
|
- | - | - | - |
Unfortunately, I still cannot ping my server. When I manually add the two custom ICMP rules on the AWS dashboard it works, though. When I add the ICMP rules on the dashboard, the port number is “N/A” whereas when I add the rules with Ansible they correspond to the ICMP type number.
Does it work for anybody else / could you post an example?
Thanks,
Markus
I guess you misunderstood how ICMP works.
Try this:
`
`
Hi Dan,
thanks for your feedback. In fact, the -1 solution does work in ansible. However, this will open traffic to all ICMP types (which I would like to avoid). According to James Cammarata’s link earlier in this conversation, the ICMP code types map to AWS from_port settings when we want to set ICMP rules up with ansible/boto through the AWS API:
“The start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).”
Maybe I am still misunderstanding something. Could you give a code example to only open echo (8) and echo reply (0)? This is possible when I use the AWS dashboard, so it should also be possible programmatically.
Thanks so much,
Markus
Hey Markus,
Apologies for rushing in like that. Always a bad idea to answer in mailing list threads while commuting 
What version of Ansible are you sporting?
Brian committed this piece of code: https://github.com/ansible/ansible-modules-core/commit/e174c9b4741a14dc5ab3cbe0506cef4010396155
I believe it could help you.
Hi Dan,
Apologies for rushing in like that. Always a bad idea to answer in mailing list threads while commuting
no problemo, my question was probably phrased a bit oddly 
What version of Ansible are you sporting?
Brian committed this piece of code: https://github.com/ansible/ansible-modules-core/commit/e174c9b4741a14dc5ab3cbe0506cef4010396155
I believe it could help you.
I have just upgraded to “ansible 1.9 (devel 5738ee1cb3)” but it’s still the same problem.
Well, this is not a show stopper for my project. I will use the -1 solution and move on with other tasks.
Thanks & best regards,
Markus