goldyfruit.ibmcloud_automation.ic_is_security_group (1.0.4) — module

Manage VPC security group on IBM Cloud.

| "added in version" 2.9 of goldyfruit.ibmcloud_automation"

Authors: Gaëtan Trellu (@goldyfruit)

preview | supported by community

Install collection

Install with ansible-galaxy collection install goldyfruit.ibmcloud_automation:==1.0.4


Add to requirements.yml

  collections:
    - name: goldyfruit.ibmcloud_automation
      version: 1.0.4

Description

Create or delete security group on IBM Cloud.


Requirements

Usage examples

  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Create security group without rules (block traffic)
  ic_is_security_group:
    group: ibmcloud-sec-group-baby
    vpc: ibmcloud-vpc-baby
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Create security group with rule (SSH open)
  ic_is_security_group:
    group: ibmcloud-sec-group-baby
    vpc: ibmcloud-vpc-baby
    rules:
      - direction: inbound
        protocol: tcp
        port_min: 22
        port_max: 22
        remote:
          cidr_block: 0.0.0.0/0
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Delete security group
  ic_is_security_group:
    group: ibmcloud-sec-group-baby
    vpc: ibmcloud-vpc-baby
    state: absent

Inputs

    
vpc:
    description:
    - The VPC the security group is to be a part of.
    required: true
    type: str

group:
    description:
    - The user-defined name for this security group.
    required: true
    type: str

rules:
    description:
    - Array of rule prototype objects for rules to be created for this security group.
      If unspecified, no rules will be created, resulting in all traffic being denied.
    suboptions:
      code:
        description:
        - The ICMP traffic code to allow. If unspecified, all codes are allowed. This
          can only be specified if type is also specified.
        - Required if C(protocol=icmp).
        type: int
      direction:
        choices:
        - inbound
        - outbound
        description:
        - The direction of traffic to enforce.
        required: true
        type: str
      ip_version:
        choices:
        - ipv4
        description:
        - The IP version to enforce.
        type: str
      port_max:
        description:
        - For a single port, set C(port_min) to the same value.
        - Required if C(protocol=udp) or C(protocol=tcp).
        type: int
      port_min:
        description:
        - For a single port, set C(port_max) to the same value.
        - Required if C(protocol=udp) or C(protocol=tcp).
        type: int
      protocol:
        choices:
        - all
        - icmp
        - tcp
        - udp
        description:
        - The protocol to enforce.
        type: str
      remote:
        description:
        - The IP addresses or security groups from which this rule will allow traffic
          (or to which, for outbound rules). Can be specified as an IP address, a CIDR
          block, or a security group.
        - If omitted, a CIDR block of 0.0.0.0/0 will be used to allow traffic from any
          source (or to any source, for outbound rules).
        required: false
        suboptions:
          address:
            description:
            - The remote IP address.
            type: str
          cidr_block:
            description:
            - The remote CIDR block.
            type: str
          security_group:
            description:
            - The remote security group ID.
            type: str
        type: dict
      type:
        description:
        - The ICMP traffic type to allow. If unspecified, all types are allowed by this
          rule.
        - Required if C(protocol=icmp).
        type: int
    type: list

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Should the resource be present or absent.
    type: str

resource_group:
    description:
    - The resource group to use. If unspecified, the account's default resource group
      is used.
    type: str