goldyfruit / goldyfruit.ibmcloud_automation / 1.0.4 / module / ic_is_security_group Manage VPC security group on IBM Cloud. | "added in version" 2.9 of goldyfruit.ibmcloud_automation" Authors: Gaëtan Trellu (@goldyfruit) preview | supported by communitygoldyfruit.ibmcloud_automation.ic_is_security_group (1.0.4) — module
Install with ansible-galaxy collection install goldyfruit.ibmcloud_automation:==1.0.4
collections: - name: goldyfruit.ibmcloud_automation version: 1.0.4
Create or delete security group on IBM Cloud.
- name: Create security group without rules (block traffic) ic_is_security_group: group: ibmcloud-sec-group-baby vpc: ibmcloud-vpc-baby
- name: Create security group with rule (SSH open) ic_is_security_group: group: ibmcloud-sec-group-baby vpc: ibmcloud-vpc-baby rules: - direction: inbound protocol: tcp port_min: 22 port_max: 22 remote: cidr_block: 0.0.0.0/0
- name: Delete security group ic_is_security_group: group: ibmcloud-sec-group-baby vpc: ibmcloud-vpc-baby state: absent
vpc: description: - The VPC the security group is to be a part of. required: true type: str group: description: - The user-defined name for this security group. required: true type: str rules: description: - Array of rule prototype objects for rules to be created for this security group. If unspecified, no rules will be created, resulting in all traffic being denied. suboptions: code: description: - The ICMP traffic code to allow. If unspecified, all codes are allowed. This can only be specified if type is also specified. - Required if C(protocol=icmp). type: int direction: choices: - inbound - outbound description: - The direction of traffic to enforce. required: true type: str ip_version: choices: - ipv4 description: - The IP version to enforce. type: str port_max: description: - For a single port, set C(port_min) to the same value. - Required if C(protocol=udp) or C(protocol=tcp). type: int port_min: description: - For a single port, set C(port_max) to the same value. - Required if C(protocol=udp) or C(protocol=tcp). type: int protocol: choices: - all - icmp - tcp - udp description: - The protocol to enforce. type: str remote: description: - The IP addresses or security groups from which this rule will allow traffic (or to which, for outbound rules). Can be specified as an IP address, a CIDR block, or a security group. - If omitted, a CIDR block of 0.0.0.0/0 will be used to allow traffic from any source (or to any source, for outbound rules). required: false suboptions: address: description: - The remote IP address. type: str cidr_block: description: - The remote CIDR block. type: str security_group: description: - The remote security group ID. type: str type: dict type: description: - The ICMP traffic type to allow. If unspecified, all types are allowed by this rule. - Required if C(protocol=icmp). type: int type: list state: choices: - present - absent default: present description: - Should the resource be present or absent. type: str resource_group: description: - The resource group to use. If unspecified, the account's default resource group is used. type: str