mardi 30 juin 2015

How do you specify VPC with Ansible ec2_lc module?

I'm trying to use Ansible to create a launch configuration. I'm using the ec2_lc module as detailed at http://ift.tt/1CVQz8j.

I'm creating the launch configuration and specifying some security groups that are not part of my default VPC. However, it will not let me do this. It appears to be defaulting to the default VPC, and I don't see a setting in the docs to change this. Is there something I'm overlooking? The output from my playbook is as follows:

TASK: [aws-lc | building new aws launch configuration] ************************ 
failed: [localhost] => {"failed": true}
msg: BotoServerError: 400 Bad Request
<ErrorResponse xmlns="http://ift.tt/1jqPXi1">
  <Error>
    <Type>Sender</Type>
    <Code>ValidationError</Code>
    <Message>The security group 'xyz-general-sg' does not exist in default VPC 'vpc-3Cef6a45'</Message>
  </Error>
  <RequestId>54121d19-1f30-11e5-1121-51263ee1684e</RequestId>
</ErrorResponse>



Publié par à
Libellés :

2 commentaires:

  1. Chris Grigor16 juillet 2015 à 04:46

    You can't specify a security group that belongs to another vpc. This is not a constraint in Ansible but in Aws.

    What you should be doing is creating a security group with Ansible (it could already exist in your new vpc) then pass this to the launch configuration.

    e.g

    - name: CreateSecurityGroup
    ec2_group:
    name: "MySecGroup"
    description: "another security group"
    region: "{{aws_region}}"
    rules:
    - proto: tcp
    from_port: 0
    to_port: 65535
    cidr_ip: "{{VpcCidrBlock}}"
    rules_egress:
    - proto: tcp
    from_port: 0
    to_port: 65535
    cidr_ip: 0.0.0.0/0
    state: present
    vpc_id: "{{vpc.vpc_id}}"
    register: this
    - debug: var=this

    - name: Create Launch Configuration
    ec2_lc:
    name: MyLaunchConfig
    image_id: "ami-xxxxxx"
    key_name: "{{default_keyname}}"
    region: "{{aws_region}}"
    security_groups: "{{this.group_id}}"
    instance_type: "m2.medium"
    assign_public_ip: yes

    RépondreSupprimer
  2. Chris Grigor16 juillet 2015 à 04:47

    You can't specify a security group that belongs to another vpc. This is not a constraint in Ansible but in Aws.

    What you should be doing is creating a security group with Ansible (it could already exist in your new vpc) then pass this to the launch configuration.

    e.g

    - name: CreateSecurityGroup
    ec2_group:
    name: "MySecGroup"
    description: "another security group"
    region: "{{aws_region}}"
    rules:
    - proto: tcp
    from_port: 0
    to_port: 65535
    cidr_ip: "{{VpcCidrBlock}}"
    rules_egress:
    - proto: tcp
    from_port: 0
    to_port: 65535
    cidr_ip: 0.0.0.0/0
    state: present
    vpc_id: "{{vpc.vpc_id}}"
    register: this
    - debug: var=this

    - name: Create Launch Configuration
    ec2_lc:
    name: MyLaunchConfig
    image_id: "ami-xxxxxx"
    key_name: "{{default_keyname}}"
    region: "{{aws_region}}"
    security_groups: "{{this.group_id}}"
    instance_type: "m2.medium"
    assign_public_ip: yes

    RépondreSupprimer

Inscription à : Publier les commentaires (Atom)