goldyfruit / goldyfruit.ibmcloud_automation / 1.0.4 / module / ic_is_security_group_rule Manage VPC security group rules on IBM Cloud. | "added in version" 2.9 of goldyfruit.ibmcloud_automation" Authors: Gaëtan Trellu (@goldyfruit) preview | supported by communitygoldyfruit.ibmcloud_automation.ic_is_security_group_rule (1.0.4) — module
Install with ansible-galaxy collection install goldyfruit.ibmcloud_automation:==1.0.4
collections: - name: goldyfruit.ibmcloud_automation version: 1.0.4
This module creates a new security group rule from a security group rule prototype object. The prototype object is structured in the same way as a retrieved security group rule and contains the information necessary to create the rule.
As part of creating a new rule in a security group, the rule is applied to all the networking interfaces in the security group. Rules specify which IP traffic a security group should allow. Security group rules are stateful, such that reverse traffic in response to allowed traffic is automatically permitted.
A rule allowing inbound TCP traffic on port 80 also allows outbound TCP traffic on port 80 without the need for an additional rule.
- name: Create rule (HTTPS open for one address) ic_is_security_group_rule: group: ibmcloud-sec-group-rule-baby direction: inbound protocol: tcp port_min: 443 port_max: 443 remote: address: 10.243.12.23
- name: Create rule (allow ICMP for any) ic_is_security_group_rule: group: ibmcloud-sec-group-rule-baby direction: inbound protocol: icmp code: 0 type: 8 cidr_block: 0.0.0.0/0
- name: Delete rule ic_is_security_group_rule: group: ibmcloud-sec-group-baby rule: r006-6cfe8f8e-1fca-4859-bd9a-ea6502e17a95 state: absent
code: description: - May only be specified if type is also specified. Only related if C(protocol=icmp) protocol. type: int rule: description: - Rule ID. required: true type: str type: description: - Only related with if C(protocol=icmp) protocol. type: int group: description: - The user-defined name for this security group. required: true type: str state: choices: - present - absent default: present description: - Should the resource be present or absent. type: str unique: choices: - true - false default: true description: - Avoid duplicate rules within the securiry group. type: bool address: description: - The remote IP address. type: str port_max: description: - For a single port, set C(port_min) to the same value. type: int port_min: description: - For a single port, set C(port_max) to the same value. type: int protocol: choices: - all - icmp - tcp - udp description: - The protocol to enforce. type: str direction: choices: - inbound - outbound description: - The direction of traffic to enforce. type: str cidr_block: description: - The remote CIDR block. type: str ip_version: choices: - ipv4 description: - The IP version to enforce. type: str security_group: description: - The remote security group. type: str