Can we modify existing EC2 Security group using Ansible by accepting new input parameter through jenkins job?
Scenario - I have to update users public IP to Ec2 security groups everyday Whenever their Public ip changes. This become repetitive tasks as Public IP is dynamic and changes everyday. I tried to automate this by creating ansible playbook with jenkins job by passing input parameter “{{ newpublicip }}” for new public ip and let user provide his IP and run the job and it updates the security groups. Below is the code
- hosts: localhost
connection: local
gather_facts: false
vars:
- newpublicip: “{{ newpublicip }}”
- name: “{{ name }}”
tasks:
-
name: boto3
pip:
name: “boto3”
state: present -
name: modiying security group
ec2_group:
name: “{{ name }}”
description: An example ec2 group
vpc_id: xxxx
region: “{{ region }}”
aws_access_key: “{{ access_key }}”
aws_secret_key: “{{ secret_key }}”
rules: -
proto: tcp
from_port: 80
to_port: 80
cidr_ip: “0.0.0.0/0” -
proto: tcp
from_port: 22
to_port: 22
cidr_ip: “{{ newpublicip }}”
rule_desc: user1 -
proto: tcp
from_port: 22
to_port: 22
cidr_ip: “{{ newpublicip }}”
rule_desc: user2
But the problem here is it updates whole existing security group with passed value, Here we will have different users assigned same port numbers with their public IP as source to access, so based on matching the rule_desc ex., user1 it should update the CIDR ip with input value provided “{{ newpublicip }}” Or please suggest some options to improvise this?
Thank you !
