goldyfruit.ibmcloud_automation.ic_is_security_group_rule (1.0.4) — module

Manage VPC security group rules on IBM Cloud.

| "added in version" 2.9 of goldyfruit.ibmcloud_automation"

Authors: Gaëtan Trellu (@goldyfruit)

preview | supported by community

Install collection

Install with ansible-galaxy collection install goldyfruit.ibmcloud_automation:==1.0.4


Add to requirements.yml

  collections:
    - name: goldyfruit.ibmcloud_automation
      version: 1.0.4

Description

This module creates a new security group rule from a security group rule prototype object. The prototype object is structured in the same way as a retrieved security group rule and contains the information necessary to create the rule.

As part of creating a new rule in a security group, the rule is applied to all the networking interfaces in the security group. Rules specify which IP traffic a security group should allow. Security group rules are stateful, such that reverse traffic in response to allowed traffic is automatically permitted.

A rule allowing inbound TCP traffic on port 80 also allows outbound TCP traffic on port 80 without the need for an additional rule.


Requirements

Usage examples

  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Create rule (HTTPS open for one address)
  ic_is_security_group_rule:
    group: ibmcloud-sec-group-rule-baby
    direction: inbound
    protocol: tcp
    port_min: 443
    port_max: 443
    remote:
      address: 10.243.12.23
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Create rule (allow ICMP for any)
  ic_is_security_group_rule:
    group: ibmcloud-sec-group-rule-baby
    direction: inbound
    protocol: icmp
    code: 0
    type: 8
    cidr_block: 0.0.0.0/0
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Delete rule
  ic_is_security_group_rule:
    group: ibmcloud-sec-group-baby
    rule: r006-6cfe8f8e-1fca-4859-bd9a-ea6502e17a95
    state: absent

Inputs

    
code:
    description:
    - May only be specified if type is also specified. Only related if C(protocol=icmp)
      protocol.
    type: int

rule:
    description:
    - Rule ID.
    required: true
    type: str

type:
    description:
    - Only related with if C(protocol=icmp) protocol.
    type: int

group:
    description:
    - The user-defined name for this security group.
    required: true
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Should the resource be present or absent.
    type: str

unique:
    choices:
    - true
    - false
    default: true
    description:
    - Avoid duplicate rules within the securiry group.
    type: bool

address:
    description:
    - The remote IP address.
    type: str

port_max:
    description:
    - For a single port, set C(port_min) to the same value.
    type: int

port_min:
    description:
    - For a single port, set C(port_max) to the same value.
    type: int

protocol:
    choices:
    - all
    - icmp
    - tcp
    - udp
    description:
    - The protocol to enforce.
    type: str

direction:
    choices:
    - inbound
    - outbound
    description:
    - The direction of traffic to enforce.
    type: str

cidr_block:
    description:
    - The remote CIDR block.
    type: str

ip_version:
    choices:
    - ipv4
    description:
    - The IP version to enforce.
    type: str

security_group:
    description:
    - The remote security group.
    type: str