In this ec2_group module i don't think that we can solve this use case
On Mon, Apr 26, 2021, 11:04 AM Naveen NK <[email protected]> wrote:
> Can we modify existing EC2 Security group using Ansible by accepting new
> input parameter through jenkins job?
>
> Scenario - I have to update users public IP to Ec2 security groups
> everyday Whenever their Public ip changes. This become repetitive tasks as
> Public IP is dynamic and changes everyday. I tried to automate this by
> creating ansible playbook with jenkins job by passing input parameter *"{{
> newpublicip }}"* for new public ip and let user provide his IP and run
> the job and it updates the security groups. Below is the code
> - hosts: localhost
> connection: local
> gather_facts: false
>
> vars:
> - newpublicip: "{{ newpublicip }}"
> - name: "{{ name }}"
>
>
> tasks:
> - name: boto3
> pip:
> name: "boto3"
> state: present
>
> - name: modiying security group
> ec2_group:
> name: "{{ name }}"
> description: An example ec2 group
> vpc_id: xxxx
> region: "{{ region }}"
> aws_access_key: "{{ access_key }}"
> aws_secret_key: "{{ secret_key }}"
> rules:
> - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: "0.0.0.0/0"
> - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: "{{ newpublicip }}"
> rule_desc: user1
> - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: "{{ newpublicip }}"
> rule_desc: user2
>
> But the problem here is it updates whole existing security group with
> passed value, Here we will have different users assigned same port numbers
> with their public IP as source to access, so based on matching the
> rule_desc ex., user1 it should update the CIDR ip with input value provided
> *"{{
> newpublicip }}"* Or please suggest some options to improvise this?
>
> Thank you !
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAGgS%3DuWzVQbpA5TAbxbWGw6CSqheuA70OENqp4QJEKP7ZxjyAw%40mail.gmail.com.
