ec2_group (as of Ansible 2.4) doesn't support usage of pl-xxxxx (prefix
lists) typically employed by VPC endpoints.
So I went down the rabbit hole of doing this via a command module. The
command works on the prompt. How do I get this to work?
ERROR! Syntax Error while loading YAML.
The error appears to have been in
'/Users/dgirard/Documents/kraken/git/Ansible-aws-security/EC2-Security-Groups/SG-uat.yml'
: line 2384, column 150, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
# aws ec2 authorize-security-group-egress --group-id "{{ sg_id }}"
--region "{{ region }}" --profile "{{ profile }}" --ip-permissions
'[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds":
[{"PrefixListId": "pl-63a5400a"}]}]'
command: aws ec2 authorize-security-group-egress --group-id "{{ sg_id
}}" --region us-east-1 --profile utility --ip-permissions '[{"IpProtocol":
"tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds": [{"PrefixListId":
"pl-63a5400a"}]}]'
^
here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
exception type: <class 'yaml.scanner.ScannerError'>
exception: mapping values are not allowed in this context
in "<unicode string>", line 2384, column 150
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/55d2a210-4798-4677-a66c-be1f2b148bff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
