Ansible EC2:此操作只能使用Amazon VPC安全组

时间:2017-07-22 18:53:23

标签: amazon-web-services amazon-ec2 ansible

我正在完成这个Best way to launch aws ec2 instances with ansible

并完成此任务

  - name: Create a security group
    local_action: 
      module: ec2_group
      name: "{{ security_group }}"
      description: Security Group for webserver Servers
      region: "{{ region }}"
      rules:
        - proto: tcp
          from_port: 22
          to_port: 22
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          from_port: 80
          to_port: 80
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          from_port: 443
          to_port: 443
          cidr_ip: 0.0.0.0/0
      rules_egress:
        - proto: all
          cidr_ip: 0.0.0.0/0
    register: basic_firewall

然而,运行它会返回

TASK [Create a security group] *****************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Only Amazon VPC security groups may be used with this operation.</Message></Error></Errors><RequestID>12345678-deb3-441e-8c61-225dad8cc08b</RequestID></Response>
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n  File \"/var/folders/cp/d6jyx8b53xx3603wg2j4qfpc0000gn/T/ansible_IJzYY4/ansible_module_ec2_group.py\", line 487, in <module>\n    main()\n  File \"/var/folders/cp/d6jyx8b53xx3603wg2j4qfpc0000gn/T/ansible_IJzYY4/ansible_module_ec2_group.py\", line 439, in main\n    cidr_ip=thisip)\n  File \"/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/ec2/connection.py\", line 3245, in authorize_security_group_egress\n    params, verb='POST')\n  File \"/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py\", line 1227, in get_status\n    raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Only Amazon VPC security groups may be used with this operation.</Message></Error></Errors><RequestID>12345678-deb3-441e-8c61-225dad8cc08b</RequestID></Response>\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}

有什么建议吗?

1 个答案:

答案 0 :(得分:0)

定义将在其下启动sg的vpc_id。

  ec2_group:
    aws_access_key: "{{ aws_access_key }}"
    aws_secret_key: "{{ aws_secret_key }}"
    description: staging-dj-sg
    name: (sg-name)
    region: "{{ aws_region }}"
    rules:
      - 
        from_port: "80"
        proto: tcp
        to_port: "80"
        cidr_ip: (ip-range)
    vpc_id: "{{ vpc_id }}"  #### Define VPC ID
  name: "Create Security Group"
  register: {name}
相关问题
最新问题