Is there any other options to achieve this ? I have been stuck here since week :( On Monday, April 26, 2021 at 3:29:32 PM UTC+5:30 [email protected] wrote:
> In this ec2_group module i don't think that we can solve this use case > > On Mon, Apr 26, 2021, 11:04 AM Naveen NK <[email protected]> wrote: > >> Can we modify existing EC2 Security group using Ansible by accepting new >> input parameter through jenkins job? >> >> Scenario - I have to update users public IP to Ec2 security groups >> everyday Whenever their Public ip changes. This become repetitive tasks as >> Public IP is dynamic and changes everyday. I tried to automate this by >> creating ansible playbook with jenkins job by passing input parameter *"{{ >> newpublicip }}"* for new public ip and let user provide his IP and run >> the job and it updates the security groups. Below is the code >> - hosts: localhost >> connection: local >> gather_facts: false >> >> vars: >> - newpublicip: "{{ newpublicip }}" >> - name: "{{ name }}" >> >> >> tasks: >> - name: boto3 >> pip: >> name: "boto3" >> state: present >> >> - name: modiying security group >> ec2_group: >> name: "{{ name }}" >> description: An example ec2 group >> vpc_id: xxxx >> region: "{{ region }}" >> aws_access_key: "{{ access_key }}" >> aws_secret_key: "{{ secret_key }}" >> rules: >> - proto: tcp >> from_port: 80 >> to_port: 80 >> cidr_ip: "0.0.0.0/0" >> - proto: tcp >> from_port: 22 >> to_port: 22 >> cidr_ip: "{{ newpublicip }}" >> rule_desc: user1 >> - proto: tcp >> from_port: 22 >> to_port: 22 >> cidr_ip: "{{ newpublicip }}" >> rule_desc: user2 >> >> But the problem here is it updates whole existing security group with >> passed value, Here we will have different users assigned same port numbers >> with their public IP as source to access, so based on matching the >> rule_desc ex., user1 it should update the CIDR ip with input value provided >> *"{{ >> newpublicip }}"* Or please suggest some options to improvise this? >> >> Thank you ! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cba1cb00-e1e6-4aa8-8d36-d0e4b8cf04den%40googlegroups.com.
