.. meta:: :description: Retrieve information about AWS EC2 VPC security groups. .. _ec2_security_group_info_module: ec2_security_group_info -- List EC2 VPC security groups. ======================================================== Retrieve information about AWS EC2 VPC security groups. Examples -------- .. code-block:: yaml+jinja - name: List all security groups ec2_security_group_info: register: result - name: Get information for a specific security group by name ec2_security_group_info: names: my-first-security-group register: result - name: List information for multiple security groups by their IDs ec2_security_group_info: ids: - sg-1a2b3cd - sg-feda903 register: result - name: Use a complex filter for security groups ec2_security_group_info: vpc: vpc-182ffaed83 filters: ip-permission.cidr: 198.51.100.64/25 register: result See Also -------- .. seealso:: - :ref:`ec2_security_group_module` Parameters ---------- auth (optional) Parameters for authenticating with the AWS service. Each of them may be defined via environment variables. | **type**: dict access_key (optional) The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked. Mutually exclusive with *profile*. | **type**: str profile (optional) The name of the AWS profile configured with ``aws configure``. Can be used instead of explicitly specifying your access credentials and region. Use ``default`` to use the default profile. Mutually exclusive with *access_key* and *secret_key*. | **type**: str region (optional) The name of the AWS region. If not set, the value of the AWS_REGION environment variable will be checked. If you set a *profile* that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile's default region. | **type**: str secret_key (optional) The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked. Mutually exclusive with *profile*. | **type**: str url (optional) The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter. If not set explicitly, the value of the AWS__URL environment variable will be used. The services currently supported are EC2 and S3. | **type**: str filters (optional) Filters to use when querying AWS resources. They must be provided as key/value pairs. Keys and values are case-sensitive and must be strings. Each key can have multiple values, provided as a list. Within these values, *any* value must match for the AWS resource to be included. When multiple filters are provided, the result contains AWS resources matching *all* of them. If a filter is specified in ``filters`` and also in another top-level parameter, the filter in the top-level parameter has precedence. The two are not merged. If a module accepts a top-level parameter for querying the AWS resources, and you also specify the filter it corresponds to via ``filters``, the top-level parameter has precedence. | **type**: dict ids (optional) The IDs of the security groups to retrieve. The default is to retrieve all security groups. | **type**: list names (optional) The names of the security groups to retrieve. The default is to retrieve all security groups. | **type**: list vpc (optional) ID of the VPC. May be used to limit the results to security groups in the given VPC only. | **type**: str Return Values ------------- objects (success), list, {'objects': [{'id': 'sg-df1b2aa66', 'name': 'my-first-secgroup', 'vpc': 'vpc-faff5721', 'description': 'A description for my first security group.', 'tags': {'MyCompany-Department': 'legal'}, 'ingress': {'rules': [{'protocol': 'tcp', 'port_from': 22, 'port_to': 22, 'ip_ranges': [{'cidr': '0.0.0.0/0', 'description': 'the world'}]}]}, 'egress': {'rules': [{'protocol': 'icmp', 'icmp_type': 8, 'icmp_code': 0, 'security_groups': [{'id': 'sg-64508346', 'description': 'local sonar'}]}]}}]} A list of EC2 VPC security groups. id (always), str, The ID of the security group. name (always), str, The name of the security group. vpc (always), str, The ID of the VPC this security group is assigned to. description (always), str, The security group's description. tags (always), dict, The tags assigned to this security group. ingress (always), dict, Ingress (inbound) security rules. rules (always), list, Ingress (inbound) security rules. Rules are normalized so each rule only contains one of *security_groups* or *ip_ranges*, and at most one element. protocol (always), str, The protocol this rule applies to. port_from (when I(protocol=[tcp, udp])), int, The start port (inclusive) of the port range of this rule. port_to (when I(protocol=[tcp, udp])), int, The start port (inclusive) of the port range of this rule. icmp_type (when I(protocol=[icmp, icmpv6])), int, The ICMP type for this rule. icmp_code (when I(protocol=[icmp, icmpv6])), int, The ICMP code (subtype) for this rule. security_groups (when I(ip_range) is not present), list, A list of a single security group ID and its description. id (always), str, The ID of the security group this rule references. description (), str, The description for this security group reference, if any. ip_ranges (when I(security_group) is not present), list, A list of a single IP range for this rule in CIDR notation. cidr (always), str, In CIDR notation, the IP range of this rule. description (), str, An optional description for this IP range. egress (always), dict, Egress (outbound) security rules. rules (always), list, Egress (outbound) security rules. Rules are normalized so each rule only contains one of *security_groups* or *ip_ranges*, and at most one element. protocol (always), str, The protocol this rule applies to. port_from (when I(protocol=[tcp, udp])), int, The start port (inclusive) of the port range of this rule. port_to (when I(protocol=[tcp, udp])), int, The start port (inclusive) of the port range of this rule. icmp_type (when I(protocol=[icmp, icmpv6])), int, The ICMP type for this rule. icmp_code (when I(protocol=[icmp, icmpv6])), int, The ICMP code (subtype) for this rule. security_groups (when I(ip_range) is not present), list, A list of a single security group ID and its description. id (always), str, The ID of the security group this rule references. description (), str, The description for this security group reference, if any. ip_ranges (when I(security_group) is not present), list, A list of a single IP range for this rule in CIDR notation. cidr (always), str, In CIDR notation, the IP range of this rule. description (), str, An optional description for this IP range.