ec2_group task creates security group but not rules

Hi All, I’m just getting started trying to use ansible for provisioning and orchestration of cloud resources in AWS, so I’ll apologize in advance for this noob question.

I’ve used ec2_group successfully before, but I can’t figure out why this task isn’t working. I can see it run the playlist is run, but the group is devoid of any egress or ingress rules. Can anybody spot what I’m doing wrong?

TASK: [Create Jenkins Security Group] *****************************************
skipping: [54.69.241.118]
skipping: [54.193.116.57]
changed: [54.164.169.157 → 127.0.0.1]

TASK: [debug var=jenkins_sg] **************************************************
ok: [54.193.116.57] => {
“jenkins_sg”: {
“changed”: false,
“skipped”: true
}
}
ok: [54.164.169.157] => {
“jenkins_sg”: {
“changed”: true,
“group_id”: “sg-23494f46”,
“invocation”: {
“module_args”: “”,
“module_name”: “ec2_group”
}
}
}
ok: [54.69.241.118] => {
“jenkins_sg”: {
“changed”: false,
“skipped”: true
}
}

Here’s how I have the task defined:

  • name: Create Jenkins Security Group
    local_action:
    module: ec2_group
    name: Jenkins SG
    description: Jenkins Security Group
    region: “{{preferred_region}}”
    vpc_id: “{{vpc}}”
    rules:
  • proto: tcp
    from_port: 22
    to_port: 22
    cidr: 0.0.0.0/0
  • proto: tcp
    from_port: 8080
    to_port: 8080
    cidr: 0.0.0.0/0
    rules_egress:
  • proto: all
    from_port: 0
    to_port: 65535
    cidr: 0.0.0.0/0
    when: ec2_region == preferred_region

And evidence that it has no rules set::

$ aws --profile=farrellit ec2 describe-security-groups --group-id sg-23494f46

{

“SecurityGroups”: [

{

“IpPermissionsEgress”: ,

“Description”: “Jenkins Security Group”,

“IpPermissions”: ,

“GroupName”: “Jenkins SG”,

“VpcId”: “vpc-f12baf94”,

“OwnerId”: “122377349983”,

“GroupId”: “sg-23494f46”

}

]

}

Thanks very much for your time.