I'm 90% done with a problem. The remaining 10% requires using EC2 dynamic inventory, but I'm missing something important. I'm creating two instances ('frontend' and 'backend') where backend only allows SSH access from frontend, and nowhere else. Backend runs MySQL so I want to limit MySQL logins to only from frontend. This is trivial to do manually but I want to do it from an Ansible playbook.
There are 2 things I still need to do: 1) Add a rule to the security group used by backend to allow access for SSH and MySQL only from frontend. 2) Without using dynamic inventory I've had to populate the hosts file with lines like: frontend ansible_ssh_host=52.32.251.105 backend ansible_ssh_host=52.27.199.119 I'd want to somehow do this dynamically. I've looked at both the Ansible docs and an excellent page at https://djaodjin.com/blog/deploying-on-ec2-with-ansible.blog.html (see below) but I'm not seeing how to accomplish these 2 tasks. I know about the ec2.py script, which I can successfully run manually, but I don't know how to incorporate what it produces into a playbook. I'd appreciate any help. Cordially, Jon Forrest P.S. What I'm confused about in the djaodjin page is where he lists basic-delete.yml and shows this line: hosts: security_group_*my-security-group* # <-- MAGIC IS HERE! I'm guessing that somehow this is invoking the ec2.py script but I don't see how. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/npv3ph%24puh%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.