joelthompson/ec2_group_repro.yml

## ec2_group_repro.yml
---

- hosts: localhost
  connection: local
  gather_facts: false
  tasks:
    - name: Set AWS access key
      set_fact:
        aws_access_key: "<redacted>"
    - name: Set AWS secret key
      set_fact:
        aws_secret_key: "<redacted>"
    - name: Set VPC ID
      set_fact:
        vpc_id: "<redacted>"
    - name: Set the EC2 SG variables
      set_fact:
        sg_rules_large:
          - proto: tcp
            from_port: 443
            to_port: 443
            cidr_ip: 10.0.0.0/24
          - proto: tcp
            from_port: 443
            to_port: 443
            cidr_ip: 10.0.1.0/24
          - proto: tcp
            from_port: 443
            to_port: 443
            cidr_ip: 10.0.2.0/24
    - name: Set EC2 SG variables, reduced
      set_fact:
        sg_rules_small:
          - proto: tcp
            from_port: 443
            to_port: 443
            cidr_ip: 10.0.0.0/24
          - proto: tcp
            from_port: 443
            to_port: 443
            cidr_ip: 10.0.1.0/24
    - name: Ensure initial EC2 SG
      ec2_group:
        aws_access_key: "{{aws_access_key}}"
        aws_secret_key: "{{aws_secret_key}}"
        vpc_id: "{{vpc_id}}"
        region: us-east-1
        name: "AnsibleDemoGroup"
        description: "Demonstration group used to demo ansible ec2_group module"
        rules: "{{sg_rules_large}}"
    - name: Pause to ensure EC2 fully converges
      pause: seconds=10
    - name: Try to remove the grant only for 10.0.2.0/24
      ec2_group:
        aws_access_key: "{{aws_access_key}}"
        aws_secret_key: "{{aws_secret_key}}"
        vpc_id: "{{vpc_id}}"
        region: us-east-1
        name: "AnsibleDemoGroup"
        description: "Demonstration group used to demo ansible ec2_group module"
        rules: "{{sg_rules_small}}"
    - name: Print the sg rules that should have just been applied
      debug: var=sg_rules_small
	---

	- hosts: localhost
	connection: local
	gather_facts: false
	tasks:
	- name: Set AWS access key
	set_fact:
	aws_access_key: "<redacted>"
	- name: Set AWS secret key
	set_fact:
	aws_secret_key: "<redacted>"
	- name: Set VPC ID
	set_fact:
	vpc_id: "<redacted>"
	- name: Set the EC2 SG variables
	set_fact:
	sg_rules_large:
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 10.0.0.0/24
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 10.0.1.0/24
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 10.0.2.0/24
	- name: Set EC2 SG variables, reduced
	set_fact:
	sg_rules_small:
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 10.0.0.0/24
	- proto: tcp
	from_port: 443
	to_port: 443
	cidr_ip: 10.0.1.0/24
	- name: Ensure initial EC2 SG
	ec2_group:
	aws_access_key: "{{aws_access_key}}"
	aws_secret_key: "{{aws_secret_key}}"
	vpc_id: "{{vpc_id}}"
	region: us-east-1
	name: "AnsibleDemoGroup"
	description: "Demonstration group used to demo ansible ec2_group module"
	rules: "{{sg_rules_large}}"
	- name: Pause to ensure EC2 fully converges
	pause: seconds=10
	- name: Try to remove the grant only for 10.0.2.0/24
	ec2_group:
	aws_access_key: "{{aws_access_key}}"
	aws_secret_key: "{{aws_secret_key}}"
	vpc_id: "{{vpc_id}}"
	region: us-east-1
	name: "AnsibleDemoGroup"
	description: "Demonstration group used to demo ansible ec2_group module"
	rules: "{{sg_rules_small}}"
	- name: Print the sg rules that should have just been applied
	debug: var=sg_rules_small