community / community.digitalocean / 1.3.0 / module / digital_ocean_firewall Manage cloud firewalls within DigitalOcean | "added in version" 1.1.0 of community.digitalocean" Authors: Anthony Bond (@BondAnthony), Lucas Basquerotto (@lucasbasquerotto)community.digitalocean.digital_ocean_firewall (1.3.0) — module
Install with ansible-galaxy collection install community.digitalocean:==1.3.0
collections: - name: community.digitalocean version: 1.3.0
This module can be used to add or remove firewalls on the DigitalOcean cloud platform.
# Allows tcp connections to port 22 (SSH) from specific sources # Allows tcp connections to ports 80 and 443 from any source # Allows outbound access to any destination for protocols tcp, udp and icmp # The firewall rules will be applied to any droplets with the tag "sample" - name: Create a Firewall named my-firewall digital_ocean_firewall: name: my-firewall state: present inbound_rules: - protocol: "tcp" ports: "22" sources: addresses: ["1.2.3.4"] droplet_ids: ["my_droplet_id_1", "my_droplet_id_2"] load_balancer_uids: ["my_lb_id_1", "my_lb_id_2"] tags: ["tag_1", "tag_2"] - protocol: "tcp" ports: "80" sources: addresses: ["0.0.0.0/0", "::/0"] - protocol: "tcp" ports: "443" sources: addresses: ["0.0.0.0/0", "::/0"] outbound_rules: - protocol: "tcp" ports: "1-65535" destinations: addresses: ["0.0.0.0/0", "::/0"] - protocol: "udp" ports: "1-65535" destinations: addresses: ["0.0.0.0/0", "::/0"] - protocol: "icmp" ports: "1-65535" destinations: addresses: ["0.0.0.0/0", "::/0"] droplet_ids: [] tags: ["sample"]
name: description: - Name of the firewall rule to create or manage required: true type: str tags: description: - List of tags to be assigned to the firewall elements: str required: false type: list state: choices: - present - absent default: present description: - Assert the state of the firewall rule. Set to 'present' to create or update and 'absent' to remove. type: str timeout: default: 30 description: - The timeout in seconds used for polling DigitalOcean's API. type: int droplet_ids: description: - List of droplet ids to be assigned to the firewall elements: str required: false type: list oauth_token: aliases: - api_token description: - DigitalOcean OAuth token. - There are several other environment variables which can be used to provide this value. - i.e., - 'DO_API_TOKEN', 'DO_API_KEY', 'DO_OAUTH_TOKEN' and 'OAUTH_TOKEN' type: str inbound_rules: description: - Firewall rules specifically targeting inbound network traffic into DigitalOcean elements: dict required: true suboptions: ports: description: - The ports on which traffic will be allowed, single, range, or all required: true type: str protocol: choices: - udp - tcp - icmp default: tcp description: - Network protocol to be accepted. required: false type: str sources: description: - Dictionary of locations from which inbound traffic will be accepted required: true suboptions: addresses: description: - List of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic elements: str required: false type: list droplet_ids: description: - List of integers containing the IDs of the Droplets to which the firewall will allow traffic elements: str required: false type: list load_balancer_uids: description: - List of strings containing the IDs of the Load Balancers to which the firewall will allow traffic elements: str required: false type: list tags: description: - List of strings containing the names of Tags corresponding to groups of Droplets to which the Firewall will allow traffic elements: str required: false type: list type: dict type: list outbound_rules: description: - Firewall rules specifically targeting outbound network traffic from DigitalOcean elements: dict required: true suboptions: destinations: description: - Dictionary of locations from which outbound traffic will be allowed required: true suboptions: addresses: description: - List of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic elements: str required: false type: list droplet_ids: description: - List of integers containing the IDs of the Droplets to which the firewall will allow traffic elements: str required: false type: list load_balancer_uids: description: - List of strings containing the IDs of the Load Balancers to which the firewall will allow traffic elements: str required: false type: list tags: description: - List of strings containing the names of Tags corresponding to groups of Droplets to which the Firewall will allow traffic elements: str required: false type: list type: dict ports: description: - The ports on which traffic will be allowed, single, range, or all required: true type: str protocol: choices: - udp - tcp - icmp default: tcp description: - Network protocol to be accepted. required: false type: str type: list validate_certs: default: true description: - If set to C(no), the SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates. type: bool
data: description: DigitalOcean firewall resource returned: success sample: created_at: '2020-08-11T18:41:30Z' droplet_ids: [] id: 7acd6ee2-257b-434f-8909-709a5816d4f9 inbound_rules: - ports: '443' protocol: tcp sources: addresses: - 1.2.3.4 droplet_ids: - my_droplet_id_1 - my_droplet_id_2 load_balancer_uids: - my_lb_id_1 - my_lb_id_2 tags: - tag_1 - tag_2 - ports: '80' protocol: tcp sources: addresses: - 0.0.0.0/0 - ::/0 - ports: '443' protocol: tcp sources: addresses: - 0.0.0.0/0 - ::/0 name: my-firewall outbound_rules: - destinations: addresses: - 0.0.0.0/0 - ::/0 ports: 1-65535 protocol: tcp - destinations: addresses: - 0.0.0.0/0 - ::/0 ports: 1-65535 protocol: udp - destinations: addresses: - 0.0.0.0/0 - ::/0 ports: 1-65535 protocol: icmp pending_changes: [] status: succeeded tags: - sample type: dict