Hi All, I’m just getting started trying to use ansible for provisioning and orchestration of cloud resources in AWS, so I’ll apologize in advance for this noob question.
I’ve used ec2_group successfully before, but I can’t figure out why this task isn’t working. I can see it run the playlist is run, but the group is devoid of any egress or ingress rules. Can anybody spot what I’m doing wrong?
TASK: [Create Jenkins Security Group] *****************************************
skipping: [54.69.241.118]
skipping: [54.193.116.57]
changed: [54.164.169.157 → 127.0.0.1]TASK: [debug var=jenkins_sg] **************************************************
ok: [54.193.116.57] => {
“jenkins_sg”: {
“changed”: false,
“skipped”: true
}
}
ok: [54.164.169.157] => {
“jenkins_sg”: {
“changed”: true,
“group_id”: “sg-23494f46”,
“invocation”: {
“module_args”: “”,
“module_name”: “ec2_group”
}
}
}
ok: [54.69.241.118] => {
“jenkins_sg”: {
“changed”: false,
“skipped”: true
}
}
Here’s how I have the task defined:
- name: Create Jenkins Security Group
local_action:
module: ec2_group
name: Jenkins SG
description: Jenkins Security Group
region: “{{preferred_region}}”
vpc_id: “{{vpc}}”
rules: - proto: tcp
from_port: 22
to_port: 22
cidr: 0.0.0.0/0 - proto: tcp
from_port: 8080
to_port: 8080
cidr: 0.0.0.0/0
rules_egress: - proto: all
from_port: 0
to_port: 65535
cidr: 0.0.0.0/0
when: ec2_region == preferred_region
And evidence that it has no rules set::
$ aws --profile=farrellit ec2 describe-security-groups --group-id sg-23494f46
{
“SecurityGroups”: [
{
“IpPermissionsEgress”: ,
“Description”: “Jenkins Security Group”,
“IpPermissions”: ,
“GroupName”: “Jenkins SG”,
“VpcId”: “vpc-f12baf94”,
“OwnerId”: “122377349983”,
“GroupId”: “sg-23494f46”
}
]
}
Thanks very much for your time.