In this ec2_group module i don't think that we can solve this use case
On Mon, Apr 26, 2021, 11:04 AM Naveen NK <naveen.n...@gmail.com> wrote:
> Can we modify existing EC2 Security group using Ansible by accepting new
> input parameter through jenkins job?
>
> Scenario - I have to update users public IP to Ec2 security groups
> everyday Whenever their Public ip changes. This become repetitive tasks as
> Public IP is dynamic and changes everyday. I tried to automate this by
> creating ansible playbook with jenkins job by passing input parameter *"{{
> newpublicip }}"* for new public ip and let user provide his IP and run
> the job and it updates the security groups. Below is the code
> - hosts: localhost
> connection: local
> gather_facts: false
>
> vars:
> - newpublicip: "{{ newpublicip }}"
> - name: "{{ name }}"
>
>
> tasks:
> - name: boto3
> pip:
> name: "boto3"
> state: present
>
> - name: modiying security group
> ec2_group:
> name: "{{ name }}"
> description: An example ec2 group
> vpc_id: xxxx
> region: "{{ region }}"
> aws_access_key: "{{ access_key }}"
> aws_secret_key: "{{ secret_key }}"
> rules:
> - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: "0.0.0.0/0"
> - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: "{{ newpublicip }}"
> rule_desc: user1
> - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: "{{ newpublicip }}"
> rule_desc: user2
>
> But the problem here is it updates whole existing security group with
> passed value, Here we will have different users assigned same port numbers
> with their public IP as source to access, so based on matching the
> rule_desc ex., user1 it should update the CIDR ip with input value provided
> *"{{
> newpublicip }}"* Or please suggest some options to improvise this?
>
> Thank you !
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAGgS%3DuWzVQbpA5TAbxbWGw6CSqheuA70OENqp4QJEKP7ZxjyAw%40mail.gmail.com.
