loc2log

You may have to find out details on an existing AWS security group with ansible. For example, ansible rds module reguires security group ID to be provided. So how would you create an RDS instance if you have just the name of the group? Of course you can hardcode the id, or provide it via command line, but that may be quite cumbersome and not practical. You may also grab the group facts once you create a security group within ansible playbook (with "register:" on the spot), but if the group is already created by someone else - that is not an option. In the end, you may submit a feature request for ansible rds module to implement the security group hookup the same way as it is done for ansible ec2 or implement it yourself and to submit it to ansible. To my surprise I did not find a way to find a security group id by its name in ansible 2.2.0.0 out of the box. Fortunately there is an easy way around, thanks to Henrique Rodrigues (github.com/Sodki) and 2 other authors who came up with the same idea and implementations quite at the same time.

To gather security group facts in AWS with ansible 2.2.0.0 you will need to

1. Create library/ dir in your playbook root (same level as your inventory/, roles/ and whatever else you have there)

2. download the ec2_group_facts module from the development branch

3. Use it in your playbook or role tasks to gather all available facts on security groups satisfying your search criteria. I had to get a security group id by name. To accomplish that I did:

More detail on AWS security groups gathering ansible module can be found here: https://github.com/ansible/ansible-modules-extras/blob/devel/cloud/amazon/ec2_group_facts.py. The module is not in the official deliverable yet at the time of writing, but I am sure it will be included into the official release pretty soon and it worked for me.