AWS ec2 attach new security group to instance

[SysAdmin EM]

Hi, i'm creating a new security group, i need attach this to a new ec2 instance, i try, but i see this error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: The following group names are not valid
: security_group.group_id                                                                                                                            
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/emanuel/.ansible/tmp/ansible-
tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/emanuel/.ansibl
e/tmp/ansible-tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, tem
p_path, ANSIBALLZ_PARAMS)\n  File \"/home/emanuel/.ansible/tmp/ansible-tmp-1661879588.620161-35930-48435963997212/AnsiballZ_ec2_instance.py\", line
47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.ec2_instance', init_globals=dict(_module_fqn='an
sible_collections.amazon.aws.plugins.modules.ec2_instance', _modlib_path=modlib_path),\n  File \"/usr/lib/python3.8/runpy.py\", line 207, in run_mod
ule\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n    
_run_code(code, mod_globals, init_globals,\n  File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tm
p/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_in
stance.py\", line 2015, in <module>\n  File \"/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansi
ble_collections/amazon/aws/plugins/modules/ec2_instance.py\", line 2009, in main\n  File \"/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ans
ible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py\", line 1808, in ensure_present\n  File \"/t
mp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_i
nstance.py\", line 1291, in build_run_instance_spec\n  File \"/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_
payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py\", line 1096, in build_network_spec\n  File \"/tmp/ansible_amazon.aws.ec2
_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_instance.py\", line 1204,
in discover_security_groups\n  File \"/tmp/ansible_amazon.aws.ec2_instance_payload_fopvip_i/ansible_amazon.aws.ec2_instance_payload.zip/ansible_coll
ections/amazon/aws/plugins/module_utils/ec2.py\", line 521, in get_ec2_security_group_ids_from_names\nValueError: The following group names are not
valid: security_group.group_id\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

This is my playbook

    - name: Creamos un Grupo de seguridad para la instancia

     amazon.aws.ec2_group:
       name: "front-cargo-new-dev-sg"
       description: "sg instancia front-cargo-new-dev"
       vpc_id: vpc-xxxxxxxxxxx
       region: us-west-2
       aws_secret_key: "{{ ec2_secret_key }}"
       aws_access_key: "{{ ec2_access_key }}"
     register: security_group
   - name: Lanzamos una instancia a partir de la imagen
     amazon.aws.ec2_instance:
       name: "front-cargo-new-dev.develop"
       aws_secret_key: "{{ ec2_secret_key }}"
       aws_access_key: "{{ ec2_access_key }}"
       region: us-west-2
       wait: yes
       key_name: developer
       instance_type: t2.medium
       user_data: |
                  #!/bin/bash
                  sudo hostnamectl set-hostname front-cargo-new-dev.develop
       image_id:  ami-xxxxxxxxxxxx
       wait: yes
       wait_timeout: 500
       volumes:
         - device_name: /dev/xvda
           ebs:
             volume_type: gp3
             volume_size: 32
             delete_on_termination: yes
       vpc_subnet_id: subnet-xxxxxxxxx
       network:
         assign_public_ip: no
       security_groups: [security_group.group_id, sg-xxxxxxxxxx, sg-xxxxxxxxxxxx]
       tags:
         Enviroment: dev
       count: 1

any helps??

Regards,

[Matt Martz]

The problem is that you are not referencing the `security_group` variable, but just passing a string called `security_group.group_id`:

This:

security_groups: [security_group.group_id, sg-xxxxxxxxxx, sg-xxxxxxxxxxxx] 

Should instead be:

security_groups: ['{{security_group.group_id}}', sg-xxxxxxxxxx, sg-xxxxxxxxxxxx] 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGUDtn%3DkfKKE4TStsaciOow%2B369fLoM1OvnaCnJw%2BzPYYKsQEg%40mail.gmail.com.

--

Matt Martz
@sivel
sivel.net

[SysAdmin EM]

you are right!!

thanks you matt

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v8oxcAqCQXxAoVHEzqxsCKRfE8vm2bZ1tyzFbkrRJSjhw%40mail.gmail.com.

[Rowe, Walter P. (Fed)]

     amazon.aws.ec2_group: 
       name: "front-cargo-new-dev-sg" 
       description: "sg instancia front-cargo-new-dev" 
       vpc_id: vpc-xxxxxxxxxxx
       region: us-west-2 
       aws_secret_key: "{{ ec2_secret_key }}" 
       aws_access_key: "{{ ec2_access_key }}" 
     register: security_group 

The security_group variable is registered / set with this task.

You need to look at the module docs for amazon.aws.ec2_group to see what is the structure of the results. I suspect this is a reference issue. I recommend using a debug: var=security_group right after this task so you can see the structure of the results. That will help you determine how to reference the group_id value (which is returned in the results - see module docs).

Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGUDtnkt%3DRBeDPoiZpX%2BYEKZ%3DxxrcEaiL8o9EvNMuzOyVJFoJw%40mail.gmail.com.