ec2_security_group_info – List EC2 VPC security groups.¶
Retrieve information about AWS EC2 VPC security groups.
Examples¶
- name: List all security groups
ec2_security_group_info:
register: result
- name: Get information for a specific security group by name
ec2_security_group_info:
names: my-first-security-group
register: result
- name: List information for multiple security groups by their IDs
ec2_security_group_info:
ids:
- sg-1a2b3cd
- sg-feda903
register: result
- name: Use a complex filter for security groups
ec2_security_group_info:
vpc: vpc-182ffaed83
filters:
ip-permission.cidr: 198.51.100.64/25
register: result
See Also¶
Parameters¶
- auth (optional)
Parameters for authenticating with the AWS service. Each of them may be defined via environment variables.
type: dict- access_key (optional)
The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked.
Mutually exclusive with profile.
type: str- profile (optional)
The name of the AWS profile configured with
aws configure
.Can be used instead of explicitly specifying your access credentials and region.
Use
default
to use the default profile.Mutually exclusive with access_key and secret_key.
type: str- region (optional)
The name of the AWS region.
If not set, the value of the AWS_REGION environment variable will be checked.
If you set a profile that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile’s default region.
type: str- secret_key (optional)
The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked.
Mutually exclusive with profile.
type: str- url (optional)
The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter.
If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable will be used.
The services currently supported are EC2 and S3.
type: str
- filters (optional)
Filters to use when querying AWS resources. They must be provided as key/value pairs.
Keys and values are case-sensitive and must be strings.
Each key can have multiple values, provided as a list. Within these values, any value must match for the AWS resource to be included.
When multiple filters are provided, the result contains AWS resources matching all of them.
If a filter is specified in
filters
and also in another top-level parameter, the filter in the top-level parameter has precedence. The two are not merged.If a module accepts a top-level parameter for querying the AWS resources, and you also specify the filter it corresponds to via
filters
, the top-level parameter has precedence.type: dict- ids (optional)
The IDs of the security groups to retrieve. The default is to retrieve all security groups.
type: list- names (optional)
The names of the security groups to retrieve. The default is to retrieve all security groups.
type: list- vpc (optional)
ID of the VPC.
May be used to limit the results to security groups in the given VPC only.
type: str
Return Values¶
- objects (success), list, {‘objects’: [{‘id’: ‘sg-df1b2aa66’, ‘name’: ‘my-first-secgroup’, ‘vpc’: ‘vpc-faff5721’, ‘description’: ‘A description for my first security group.’, ‘tags’: {‘MyCompany-Department’: ‘legal’}, ‘ingress’: {‘rules’: [{‘protocol’: ‘tcp’, ‘port_from’: 22, ‘port_to’: 22, ‘ip_ranges’: [{‘cidr’: ‘0.0.0.0/0’, ‘description’: ‘the world’}]}]}, ‘egress’: {‘rules’: [{‘protocol’: ‘icmp’, ‘icmp_type’: 8, ‘icmp_code’: 0, ‘security_groups’: [{‘id’: ‘sg-64508346’, ‘description’: ‘local sonar’}]}]}}]}
A list of EC2 VPC security groups.
- id (always), str,
The ID of the security group.
- name (always), str,
The name of the security group.
- vpc (always), str,
The ID of the VPC this security group is assigned to.
- description (always), str,
The security group’s description.
- tags (always), dict,
The tags assigned to this security group.
- ingress (always), dict,
Ingress (inbound) security rules.
- rules (always), list,
Ingress (inbound) security rules.
Rules are normalized so each rule only contains one of security_groups or ip_ranges, and at most one element.
- protocol (always), str,
The protocol this rule applies to.
- port_from (when I(protocol=[tcp, udp])), int,
The start port (inclusive) of the port range of this rule.
- port_to (when I(protocol=[tcp, udp])), int,
The start port (inclusive) of the port range of this rule.
- icmp_type (when I(protocol=[icmp, icmpv6])), int,
The ICMP type for this rule.
- icmp_code (when I(protocol=[icmp, icmpv6])), int,
The ICMP code (subtype) for this rule.
- security_groups (when I(ip_range) is not present), list,
A list of a single security group ID and its description.
- id (always), str,
The ID of the security group this rule references.
- description (), str,
The description for this security group reference, if any.
- ip_ranges (when I(security_group) is not present), list,
A list of a single IP range for this rule in CIDR notation.
- cidr (always), str,
In CIDR notation, the IP range of this rule.
- description (), str,
An optional description for this IP range.
- egress (always), dict,
Egress (outbound) security rules.
- rules (always), list,
Egress (outbound) security rules.
Rules are normalized so each rule only contains one of security_groups or ip_ranges, and at most one element.
- protocol (always), str,
The protocol this rule applies to.
- port_from (when I(protocol=[tcp, udp])), int,
The start port (inclusive) of the port range of this rule.
- port_to (when I(protocol=[tcp, udp])), int,
The start port (inclusive) of the port range of this rule.
- icmp_type (when I(protocol=[icmp, icmpv6])), int,
The ICMP type for this rule.
- icmp_code (when I(protocol=[icmp, icmpv6])), int,
The ICMP code (subtype) for this rule.
- security_groups (when I(ip_range) is not present), list,
A list of a single security group ID and its description.
- id (always), str,
The ID of the security group this rule references.
- description (), str,
The description for this security group reference, if any.
- ip_ranges (when I(security_group) is not present), list,
A list of a single IP range for this rule in CIDR notation.
- cidr (always), str,
In CIDR notation, the IP range of this rule.
- description (), str,
An optional description for this IP range.