ec2_security_group_info – List EC2 VPC security groups.

Retrieve information about AWS EC2 VPC security groups.

Examples

- name: List all security groups
  ec2_security_group_info:
  register: result

- name: Get information for a specific security group by name
  ec2_security_group_info:
    names: my-first-security-group
  register: result

- name: List information for multiple security groups by their IDs
  ec2_security_group_info:
    ids:
      - sg-1a2b3cd
      - sg-feda903
  register: result

- name: Use a complex filter for security groups
  ec2_security_group_info:
    vpc: vpc-182ffaed83
    filters:
      ip-permission.cidr: 198.51.100.64/25
  register: result

See Also

See also

Parameters

auth (optional)

Parameters for authenticating with the AWS service. Each of them may be defined via environment variables.

type: dict
access_key (optional)

The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
profile (optional)

The name of the AWS profile configured with aws configure.

Can be used instead of explicitly specifying your access credentials and region.

Use default to use the default profile.

Mutually exclusive with access_key and secret_key.

type: str
region (optional)

The name of the AWS region.

If not set, the value of the AWS_REGION environment variable will be checked.

If you set a profile that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile’s default region.

type: str
secret_key (optional)

The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
url (optional)

The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter.

If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable will be used.

The services currently supported are EC2 and S3.

type: str
filters (optional)

Filters to use when querying AWS resources. They must be provided as key/value pairs.

Keys and values are case-sensitive and must be strings.

Each key can have multiple values, provided as a list. Within these values, any value must match for the AWS resource to be included.

When multiple filters are provided, the result contains AWS resources matching all of them.

If a filter is specified in filters and also in another top-level parameter, the filter in the top-level parameter has precedence. The two are not merged.

If a module accepts a top-level parameter for querying the AWS resources, and you also specify the filter it corresponds to via filters, the top-level parameter has precedence.

type: dict
ids (optional)

The IDs of the security groups to retrieve. The default is to retrieve all security groups.

type: list
names (optional)

The names of the security groups to retrieve. The default is to retrieve all security groups.

type: list
vpc (optional)

ID of the VPC.

May be used to limit the results to security groups in the given VPC only.

type: str

Return Values

objects (success), list, {‘objects’: [{‘id’: ‘sg-df1b2aa66’, ‘name’: ‘my-first-secgroup’, ‘vpc’: ‘vpc-faff5721’, ‘description’: ‘A description for my first security group.’, ‘tags’: {‘MyCompany-Department’: ‘legal’}, ‘ingress’: {‘rules’: [{‘protocol’: ‘tcp’, ‘port_from’: 22, ‘port_to’: 22, ‘ip_ranges’: [{‘cidr’: ‘0.0.0.0/0’, ‘description’: ‘the world’}]}]}, ‘egress’: {‘rules’: [{‘protocol’: ‘icmp’, ‘icmp_type’: 8, ‘icmp_code’: 0, ‘security_groups’: [{‘id’: ‘sg-64508346’, ‘description’: ‘local sonar’}]}]}}]}

A list of EC2 VPC security groups.

id (always), str,

The ID of the security group.

name (always), str,

The name of the security group.

vpc (always), str,

The ID of the VPC this security group is assigned to.

description (always), str,

The security group’s description.

tags (always), dict,

The tags assigned to this security group.

ingress (always), dict,

Ingress (inbound) security rules.

rules (always), list,

Ingress (inbound) security rules.

Rules are normalized so each rule only contains one of security_groups or ip_ranges, and at most one element.

protocol (always), str,

The protocol this rule applies to.

port_from (when I(protocol=[tcp, udp])), int,

The start port (inclusive) of the port range of this rule.

port_to (when I(protocol=[tcp, udp])), int,

The start port (inclusive) of the port range of this rule.

icmp_type (when I(protocol=[icmp, icmpv6])), int,

The ICMP type for this rule.

icmp_code (when I(protocol=[icmp, icmpv6])), int,

The ICMP code (subtype) for this rule.

security_groups (when I(ip_range) is not present), list,

A list of a single security group ID and its description.

id (always), str,

The ID of the security group this rule references.

description (), str,

The description for this security group reference, if any.

ip_ranges (when I(security_group) is not present), list,

A list of a single IP range for this rule in CIDR notation.

cidr (always), str,

In CIDR notation, the IP range of this rule.

description (), str,

An optional description for this IP range.

egress (always), dict,

Egress (outbound) security rules.

rules (always), list,

Egress (outbound) security rules.

Rules are normalized so each rule only contains one of security_groups or ip_ranges, and at most one element.

protocol (always), str,

The protocol this rule applies to.

port_from (when I(protocol=[tcp, udp])), int,

The start port (inclusive) of the port range of this rule.

port_to (when I(protocol=[tcp, udp])), int,

The start port (inclusive) of the port range of this rule.

icmp_type (when I(protocol=[icmp, icmpv6])), int,

The ICMP type for this rule.

icmp_code (when I(protocol=[icmp, icmpv6])), int,

The ICMP code (subtype) for this rule.

security_groups (when I(ip_range) is not present), list,

A list of a single security group ID and its description.

id (always), str,

The ID of the security group this rule references.

description (), str,

The description for this security group reference, if any.

ip_ranges (when I(security_group) is not present), list,

A list of a single IP range for this rule in CIDR notation.

cidr (always), str,

In CIDR notation, the IP range of this rule.

description (), str,

An optional description for this IP range.