Awesome. Thank you, Karl. -- Todd
On Fri, Aug 10, 2018 at 7:03 PM Karl Auer <ka...@2pisoftware.com> wrote: > In a rule, you can specify a group by id or name, just as you can specify > a cidr_ip. Anything with the specified group attached to it will be allowed. > > Dunno about group_desc,, haven't used it. > > Regards, K. > > > On Sat, Aug 11, 2018 at 12:57 AM, <ttwa...@gmail.com> wrote: > >> I don't understand the rules section of the ec2_group module. I wish the >> documentation explained it, but it doesn't. I says "see example". The >> description right now, Ansible 2.6, is: >> >> List of firewall inbound rules to enforce in this group (see example). If >> none are supplied, no inbound rules will be enabled. Rules list may >> include its own name in `group_name`. This allows idempotent loopback >> additions (e.g. allow group to access itself). Rule sources list support >> was added in version 2.4. This allows to define multiple sources per >> source type as well as multiple source types per rule. Prior to 2.4 an >> individual source is allowed. In version 2.5 support for rule >> descriptions was added. >> >> And there are several examples shown. An example example is: >> >> - name: example ec2 group >> ec2_group: >> name: example >> description: an example EC2 group >> vpc_id: 12345 >> region: eu-west-1 >> aws_secret_key: SECRET >> aws_access_key: ACCESS >> rules: >> - proto: tcp >> from_port: 80 >> to_port: 80 >> cidr_ip: 0.0.0.0/0 >> - proto: tcp >> from_port: 22 >> to_port: 22 >> cidr_ip: 10.0.0.0/8 >> - proto: tcp >> from_port: 443 >> to_port: 443 >> # this should only be needed for EC2 Classic security group rules >> # because in a VPC an ELB will use a user-account security group >> group_id: amazon-elb/sg-87654321/amazon-elb-sg >> - proto: tcp >> from_port: 3306 >> to_port: 3306 >> group_id: 123412341234/sg-87654321/exact-name-of-sg >> - proto: udp >> from_port: 10050 >> to_port: 10050 >> cidr_ip: 10.0.0.0/8 >> - proto: udp >> from_port: 10051 >> to_port: 10051 >> group_id: sg-12345678 >> - proto: icmp >> from_port: 8 # icmp type, -1 = any type >> to_port: -1 # icmp subtype, -1 = any subtype >> cidr_ip: 10.0.0.0/8 >> - proto: all >> # the containing group name may be specified here >> group_name: example >> - proto: all >> # in the 'proto' attribute, if you specify -1, all, or a number >> other than tcp, udp, icmp, or 58 (ICMPv6), >> # traffic on all ports is allowed, regardless of any ports you >> specify >> from_port: 10050 # this value is ignored >> to_port: 10050 # this value is ignored >> cidr_ip: 10.0.0.0/8 >> >> >> So... I know what proto is for. I know what from_port, to_port, and >> cidr_ip are for. Also rule_desc. But what are group_id, group_name, and >> group_desc for? (To be clear, I'm asking what they are inside the rules: >> block. If they were under ec2_group: I would know what they were for.) >> >> -- >> Todd >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-project+unsubscr...@googlegroups.com. >> To post to this group, send email to ansible-project@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/0a521eea-4608-434e-919b-059315870bb6%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/0a521eea-4608-434e-919b-059315870bb6%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Karl Auer > > Email : ka...@2pisoftware.com > Website: http://2pisoftware.com > > GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816 > Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/SyCUoIT9Imw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08QqHQB7LPW2or9OJGpkWkDKL3CqNP1jxDbdJksy-mS-iw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08QqHQB7LPW2or9OJGpkWkDKL3CqNP1jxDbdJksy-mS-iw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK7X2u5Z00unFSM9Thbg4-FJk1woEEvwfY9YDnXsL3OYAvsYSA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
