Try SpotterList EC2 VPC security groups.
Authors: Manca Bizjak (@mancabizjak), Aljaz Kosir (@aljazkosir), Saso Stanovnik (@sstanovnik), Miha Dolinar (@mdolinar), Tadej Borovsak (@tadeboro)
preview | supported by XLAB Steampunk
Install with ansible-galaxy collection install steampunk.aws:==0.9.0
collections:
- name: steampunk.aws
version: 0.9.0Retrieve information about AWS EC2 VPC security groups.
- name: List all security groups ec2_security_group_info: register: result
- name: Get information for a specific security group by name
ec2_security_group_info:
names: my-first-security-group
register: result
- name: List information for multiple security groups by their IDs
ec2_security_group_info:
ids:
- sg-1a2b3cd
- sg-feda903
register: result
- name: Use a complex filter for security groups
ec2_security_group_info:
vpc: vpc-182ffaed83
filters:
ip-permission.cidr: 198.51.100.64/25
register: result
ids:
default: []
description:
- The IDs of the security groups to retrieve. The default is to retrieve all security
groups.
elements: str
required: false
type: list
vpc:
description:
- ID of the VPC.
- May be used to limit the results to security groups in the given VPC only.
type: str
auth:
description:
- Parameters for authenticating with the AWS service. Each of them may be defined
via environment variables.
suboptions:
access_key:
description:
- The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment
variable will be checked.
- Mutually exclusive with I(profile).
required: false
type: str
profile:
description:
- The name of the AWS profile configured with C(aws configure).
- Can be used instead of explicitly specifying your access credentials and region.
- Use C(default) to use the default profile.
- Mutually exclusive with I(access_key) and I(secret_key).
required: false
type: str
region:
description:
- The name of the AWS region.
- If not set, the value of the AWS_REGION environment variable will be checked.
- If you set a I(profile) that specifies a default region, that region is used
and you can omit this parameter. Use this parameter to override the profile's
default region.
type: str
secret_key:
description:
- The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment
variable will be checked.
- Mutually exclusive with I(profile).
required: false
type: str
url:
description:
- The URL to the AWS service related to the resource. By default, this is automatically
determined through the region parameter.
- If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable
will be used.
- The services currently supported are EC2 and S3.
required: false
type: str
type: dict
names:
default: []
description:
- The names of the security groups to retrieve. The default is to retrieve all security
groups.
elements: str
required: false
type: list
filters:
description:
- Filters to use when querying AWS resources. They must be provided as key/value pairs.
- Keys and values are case-sensitive and must be strings.
- Each key can have multiple values, provided as a list. Within these values, I(any)
value must match for the AWS resource to be included.
- When multiple filters are provided, the result contains AWS resources matching I(all)
of them.
- If a filter is specified in C(filters) and also in another top-level parameter,
the filter in the top-level parameter has precedence. The two are not merged.
- If a module accepts a top-level parameter for querying the AWS resources, and you
also specify the filter it corresponds to via C(filters), the top-level parameter
has precedence.
type: dict
objects:
contains:
description:
description: The security group's description.
returned: always
type: str
egress:
contains:
rules:
contains:
icmp_code:
description: The ICMP code (subtype) for this rule.
returned: when I(protocol=[icmp, icmpv6])
type: int
icmp_type:
description: The ICMP type for this rule.
returned: when I(protocol=[icmp, icmpv6])
type: int
ip_ranges:
contains:
cidr:
description: In CIDR notation, the IP range of this rule.
returned: always
type: str
description:
description: An optional description for this IP range.
type: str
description: A list of a single IP range for this rule in CIDR notation.
returned: when I(security_group) is not present
type: list
port_from:
description: The start port (inclusive) of the port range of this rule.
returned: when I(protocol=[tcp, udp])
type: int
port_to:
description: The start port (inclusive) of the port range of this rule.
returned: when I(protocol=[tcp, udp])
type: int
protocol:
description: The protocol this rule applies to.
returned: always
type: str
security_groups:
contains:
description:
description: The description for this security group reference,
if any.
type: str
id:
description: The ID of the security group this rule references.
returned: always
type: str
description: A list of a single security group ID and its description.
returned: when I(ip_range) is not present
type: list
description:
- Egress (outbound) security rules.
- Rules are normalized so each rule only contains one of I(security_groups)
or I(ip_ranges), and at most one element.
returned: always
type: list
description: Egress (outbound) security rules.
returned: always
type: dict
id:
description: The ID of the security group.
returned: always
type: str
ingress:
contains:
rules:
contains:
icmp_code:
description: The ICMP code (subtype) for this rule.
returned: when I(protocol=[icmp, icmpv6])
type: int
icmp_type:
description: The ICMP type for this rule.
returned: when I(protocol=[icmp, icmpv6])
type: int
ip_ranges:
contains:
cidr:
description: In CIDR notation, the IP range of this rule.
returned: always
type: str
description:
description: An optional description for this IP range.
type: str
description: A list of a single IP range for this rule in CIDR notation.
returned: when I(security_group) is not present
type: list
port_from:
description: The start port (inclusive) of the port range of this rule.
returned: when I(protocol=[tcp, udp])
type: int
port_to:
description: The start port (inclusive) of the port range of this rule.
returned: when I(protocol=[tcp, udp])
type: int
protocol:
description: The protocol this rule applies to.
returned: always
type: str
security_groups:
contains:
description:
description: The description for this security group reference,
if any.
type: str
id:
description: The ID of the security group this rule references.
returned: always
type: str
description: A list of a single security group ID and its description.
returned: when I(ip_range) is not present
type: list
description:
- Ingress (inbound) security rules.
- Rules are normalized so each rule only contains one of I(security_groups)
or I(ip_ranges), and at most one element.
returned: always
type: list
description: Ingress (inbound) security rules.
returned: always
type: dict
name:
description: The name of the security group.
returned: always
type: str
tags:
description: The tags assigned to this security group.
returned: always
type: dict
vpc:
description: The ID of the VPC this security group is assigned to.
returned: always
type: str
description: A list of EC2 VPC security groups.
returned: success
sample:
objects:
- description: A description for my first security group.
egress:
rules:
- icmp_code: 0
icmp_type: 8
protocol: icmp
security_groups:
- description: local sonar
id: sg-64508346
id: sg-df1b2aa66
ingress:
rules:
- ip_ranges:
- cidr: 0.0.0.0/0
description: the world
port_from: 22
port_to: 22
protocol: tcp
name: my-first-secgroup
tags:
MyCompany-Department: legal
vpc: vpc-faff5721
type: list