How to change the ec2_group configuration in Ansible
104 views
Skip to first unread message
Ming Hu
Jun 1, 2015, 8:44:22 AM6/1/15
to ansible...@googlegroups.com
Hi, I have a simple ec2_group configuration like this:
- name: Create cc
hosts: localhost
tasks:
- name: Create security group
ec2_group:
name: cc
description: Security group for cc
region: ap-northeast-1
state: absent
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
To change this security group's configuration, it seems that I need delete it first and create a new one.
If I have an ec2 instance that is using that security group, I need to delete the instance.
What's the best practice here to change the configuration of ec2 security group and other ec2 module?
Brian Coca
Jun 1, 2015, 12:00:26 PM6/1/15
to ansible...@googlegroups.com
- create new group with new rules
- reassign instances to new group
- delete old group
--
Brian Coca
- reassign instances to new group
- delete old group
--
Brian Coca
Ivan S. Freitas
Jun 1, 2015, 1:06:59 PM6/1/15
to ansible...@googlegroups.com
If you only want to change the security group's rules you don't need
to delete and recreate it, that can be changed on the fly with
ansible, just change the rules configuration. As far as I know you
would only need to destroy and recreate it to change the description.
As for Brian's suggestion, you can only reassign security groups on
instances inside a VPC (the provided sample seems to be for EC2
Classic). If you really need to recreate a security group in EC2
Classic, then new instances will need to be created as well.
--
Ivan Sichmann Freitas
to delete and recreate it, that can be changed on the fly with
ansible, just change the rules configuration. As far as I know you
would only need to destroy and recreate it to change the description.
As for Brian's suggestion, you can only reassign security groups on
instances inside a VPC (the provided sample seems to be for EC2
Classic). If you really need to recreate a security group in EC2
Classic, then new instances will need to be created as well.
--
Ivan Sichmann Freitas
Brian Coca
Jun 1, 2015, 1:32:08 PM6/1/15
to ansible...@googlegroups.com
sorry, yes, I assumed EC2 classic which was much more restrictive with
security groups.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG2tFJwf77p4GEUSGUO1Bo%3D1pA1pwqPHZU4UOxAhNnfgTRSUYQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
security groups.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG2tFJwf77p4GEUSGUO1Bo%3D1pA1pwqPHZU4UOxAhNnfgTRSUYQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
Reply all
Reply to author
Forward
0 new messages