Re: [ansible-project] Modifying CIDR of an existing EC2 Security Groups using Ansible
Does anyone got some idea on this? On Wednesday, April 28, 2021 at 8:15:28 AM UTC+5:30 Naveen NK wrote: > We couldn't go for VPN due to high pricing. So trying some workaround > This updating IP would go through jenkins job so there shouldn't be > security problems. > > On Tuesday, April 27, 2021 at 11:13:19 PM UTC+5:30 dick@geant.org > wrote: > >> >> >> On Tue, 27 Apr 2021 at 12:41, Naveen NK wrote: >> >>> Yes right ! >> >> >> Ok, but this updating by those users, is that done through the publicly >> accessible api. >> I'm not sure about the security benefits of this setup. >> What about setting up some vpn or something if you insist on IP acls >> >>> -- >> Sent from a mobile device - please excuse the brevity, spelling and >> punctuation. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d5f66451-aea5-4e39-857f-0ddcbcb6b4fbn%40googlegroups.com.
Re: [ansible-project] Modifying CIDR of an existing EC2 Security Groups using Ansible
We couldn't go for VPN due to high pricing. So trying some workaround This updating IP would go through jenkins job so there shouldn't be security problems. On Tuesday, April 27, 2021 at 11:13:19 PM UTC+5:30 dick@geant.org wrote: > > > On Tue, 27 Apr 2021 at 12:41, Naveen NK wrote: > >> Yes right ! > > > Ok, but this updating by those users, is that done through the publicly > accessible api. > I'm not sure about the security benefits of this setup. > What about setting up some vpn or something if you insist on IP acls > >> -- > Sent from a mobile device - please excuse the brevity, spelling and > punctuation. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/09ca1c60-e2b8-4829-a92c-8256349f41f3n%40googlegroups.com.
Re: [ansible-project] Modifying CIDR of an existing EC2 Security Groups using Ansible
Yes right !
On Tuesday, April 27, 2021 at 11:31:51 AM UTC+5:30 dick@geant.org wrote:
> Hi
>
> On Mon, 26 Apr 2021 at 07:34, Naveen NK wrote:
>
>> Can we modify existing EC2 Security group using Ansible by accepting new
>> input parameter through jenkins job?
>>
>> Scenario - I have to update users public IP to Ec2 security groups
>> everyday Whenever their Public ip changes. This become repetitive tasks as
>> Public IP is dynamic and changes everyday. I tried to automate this by
>> creating ansible playbook with jenkins job by passing input parameter *"{{
>> newpublicip }}"* for new public ip and let user provide his IP and run
>> the job and it updates the security groups.
>>
>
> So you want your users to be able to update an IP ACL themselves, because
> they're on dynamic networks?
>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2021ecda-02c8-4f8a-9e3e-4fd29d22393en%40googlegroups.com.
Re: [ansible-project] Modifying CIDR of an existing EC2 Security Groups using Ansible
Is there any other options to achieve this ? I have been stuck here since
week :(
On Monday, April 26, 2021 at 3:29:32 PM UTC+5:30 komalsuth...@gmail.com
wrote:
> In this ec2_group module i don't think that we can solve this use case
>
> On Mon, Apr 26, 2021, 11:04 AM Naveen NK wrote:
>
>> Can we modify existing EC2 Security group using Ansible by accepting new
>> input parameter through jenkins job?
>>
>> Scenario - I have to update users public IP to Ec2 security groups
>> everyday Whenever their Public ip changes. This become repetitive tasks as
>> Public IP is dynamic and changes everyday. I tried to automate this by
>> creating ansible playbook with jenkins job by passing input parameter *"{{
>> newpublicip }}"* for new public ip and let user provide his IP and run
>> the job and it updates the security groups. Below is the code
>> - hosts: localhost
>> connection: local
>> gather_facts: false
>>
>> vars:
>> - newpublicip: "{{ newpublicip }}"
>> - name: "{{ name }}"
>>
>>
>> tasks:
>> - name: boto3
>> pip:
>> name: "boto3"
>> state: present
>>
>> - name: modiying security group
>> ec2_group:
>> name: "{{ name }}"
>> description: An example ec2 group
>> vpc_id:
>> region: "{{ region }}"
>> aws_access_key: "{{ access_key }}"
>> aws_secret_key: "{{ secret_key }}"
>> rules:
>> - proto: tcp
>> from_port: 80
>> to_port: 80
>> cidr_ip: "0.0.0.0/0"
>> - proto: tcp
>> from_port: 22
>> to_port: 22
>> cidr_ip: "{{ newpublicip }}"
>> rule_desc: user1
>> - proto: tcp
>> from_port: 22
>> to_port: 22
>> cidr_ip: "{{ newpublicip }}"
>> rule_desc: user2
>>
>> But the problem here is it updates whole existing security group with
>> passed value, Here we will have different users assigned same port numbers
>> with their public IP as source to access, so based on matching the
>> rule_desc ex., user1 it should update the CIDR ip with input value provided
>> *"{{
>> newpublicip }}"* Or please suggest some options to improvise this?
>>
>> Thank you !
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cba1cb00-e1e6-4aa8-8d36-d0e4b8cf04den%40googlegroups.com.
[ansible-project] Modifying CIDR of an existing EC2 Security Groups using Ansible
Can we modify existing EC2 Security group using Ansible by accepting new
input parameter through jenkins job?
Scenario - I have to update users public IP to Ec2 security groups everyday
Whenever their Public ip changes. This become repetitive tasks as Public IP
is dynamic and changes everyday. I tried to automate this by creating
ansible playbook with jenkins job by passing input parameter *"{{
newpublicip }}"* for new public ip and let user provide his IP and run the
job and it updates the security groups. Below is the code
- hosts: localhost
connection: local
gather_facts: false
vars:
- newpublicip: "{{ newpublicip }}"
- name: "{{ name }}"
tasks:
- name: boto3
pip:
name: "boto3"
state: present
- name: modiying security group
ec2_group:
name: "{{ name }}"
description: An example ec2 group
vpc_id:
region: "{{ region }}"
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: "0.0.0.0/0"
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{ newpublicip }}"
rule_desc: user1
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: "{{ newpublicip }}"
rule_desc: user2
But the problem here is it updates whole existing security group with
passed value, Here we will have different users assigned same port numbers
with their public IP as source to access, so based on matching the
rule_desc ex., user1 it should update the CIDR ip with input value provided
*"{{
newpublicip }}"* Or please suggest some options to improvise this?
Thank you !
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7a7674af-d06c-4043-a67f-51532da62c38n%40googlegroups.com.
