command module with squiggly braces not working.

[Dan]

ec2_group (as of Ansible 2.4) doesn't support usage of pl-xxxxx (prefix lists) typically employed by VPC endpoints.

So I went down the rabbit hole of doing this via a command module. The command works on the prompt. How do I get this to work?

ERROR! Syntax Error while loading YAML.




The error appears to have been in '/Users/dgirard/Documents/kraken/git/Ansible-aws-security/EC2-Security-Groups/SG-uat.yml': line 2384, column 150, but may
be elsewhere in the file depending on the exact syntax problem.


The offending line appears to be:


    #     aws ec2 authorize-security-group-egress --group-id "{{ sg_id }}" --region "{{ region }}" --profile "{{ profile }}" --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds": [{"PrefixListId": "pl-63a5400a"}]}]'
      command: aws ec2 authorize-security-group-egress --group-id "{{ sg_id }}" --region us-east-1 --profile utility --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds": [{"PrefixListId": "pl-63a5400a"}]}]'
                                                                                                                                                     ^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes.  Always quote template expression brackets when they
start a value. For instance:


    with_items:
      - {{ foo }}


Should be written as:


    with_items:
      - "{{ foo }}"


exception type: <class 'yaml.scanner.ScannerError'>
exception: mapping values are not allowed in this context
  in "<unicode string>", line 2384, column 150

[Dan]

My workaround that works: (not "dry" yet) but you get the idea.

      command: >
        aws ec2 authorize-security-group-egress --group-id "{{ sg_id }}" --region "{{ region }}" --profile "{{ profile }}" --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "PrefixListIds": [{"PrefixListId": "pl-63a5400a"}]}]'