amazon ec2 - How to add a temporary rule to an EC2 security group with Ansible -


i have ansible role handle creation of rds instance , databases on instance. role allows security group specified database. want able add rule security group @ beginning of role allows access current host ansible can run database creation/maintenance tasks. want remove rule security group while maintaining existing groups.

what i've done far used ec2_group_facts module information given security group save in security_group variable. add rule task similar following:

- name: add hole security group   local_action:     module: ec2_group     name: "{{ security_group.group_name }}"     purge_rules: no     rules:       - proto: tcp         from_port: "{{ db_port }}"         to_port: "{{ db_port }}"         cidr_ip: 0.0.0.0/0

this works properly. issue @ end of role, when want restore existing rules, format of rules returned ec2_group_facts not accepted ec2_group module. information saved security_group in following format:

{   "group_id": "sg-1234abcd",    "group_name": "security-group",    "ip_permissions": [     {       "from_port": 1234,        "ip_protocol": "tcp",        "ip_ranges": [         {           "cidr_ip": "0.0.0.0/0"         }       ],        "ipv6_ranges": [],        "prefix_list_ids": [],        "to_port": 1234,        "user_id_group_pairs": []     }   ],    "ip_permissions_egress": [],    "owner_id": "123456789012",    "tags": {     "name": ""   },    "vpc_id": "vpc-1234abcd" }

the rules argument of ec2_group module needs list of objects proto, from_port, to_port, , cidr_ip attributes, how map data above required format?

edit: guess 1 solution add temporary security group allows access current host. if understanding of ec2 security groups correct, permissive rule of security groups associated instance applied achieve want. require editing security groups attached existing rds instance, prefer edit rules of existing security group if possible.

edit 2: travis ci publishes ip addresses used run builds. add these security group permanently, although i'm not sure security implications of are.

ec2_group docs
ec2_group_facts docs

when running playbooks want consistent state , sounds of things don't have consistent state throughout play.

i suggest additional task perform on database run other instance more trusted (perhaps place you're running ansible from?).

consider happen if playbook run twice @ same time. perhaps isn't workflow allows should still consider case.

if isn't option or rather not change implementation edit's suggestion sounds more suitable. apply standard rules , when required add rules (or create new security group purpose) , destroy or modify when no longer required.


Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more