Ansible EC2: Only Amazon VPC security groups may be used with this operation

Question

I'm working through this Best way to launch aws ec2 instances with ansible

and have this task

  - name: Create a security group
    local_action: 
      module: ec2_group
      name: "{{ security_group }}"
      description: Security Group for webserver Servers
      region: "{{ region }}"
      rules:
        - proto: tcp
          from_port: 22
          to_port: 22
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          from_port: 80
          to_port: 80
          cidr_ip: 0.0.0.0/0
        - proto: tcp
          from_port: 443
          to_port: 443
          cidr_ip: 0.0.0.0/0
      rules_egress:
        - proto: all
          cidr_ip: 0.0.0.0/0
    register: basic_firewall

However running it returns

TASK [Create a security group] *****************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Only Amazon VPC security groups may be used with this operation.</Message></Error></Errors><RequestID>12345678-deb3-441e-8c61-225dad8cc08b</RequestID></Response>
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n  File \"/var/folders/cp/d6jyx8b53xx3603wg2j4qfpc0000gn/T/ansible_IJzYY4/ansible_module_ec2_group.py\", line 487, in <module>\n    main()\n  File \"/var/folders/cp/d6jyx8b53xx3603wg2j4qfpc0000gn/T/ansible_IJzYY4/ansible_module_ec2_group.py\", line 439, in main\n    cidr_ip=thisip)\n  File \"/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/ec2/connection.py\", line 3245, in authorize_security_group_egress\n    params, verb='POST')\n  File \"/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/boto/connection.py\", line 1227, in get_status\n    raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Only Amazon VPC security groups may be used with this operation.</Message></Error></Errors><RequestID>12345678-deb3-441e-8c61-225dad8cc08b</RequestID></Response>\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}

Any suggestions?

It is possible your account supports `EC2 Classic` and `EC2 VPC`. Can you try specifying `vpc_id` parameter for `ec2_group`? What is your `ansible` version? Are there multiple VPCs or only the default VPC? — helloV, Jul 22 '17 at 19:26

score 0 · Answer 1 · edited Jul 24 '17 at 16:06

0

Define vpc_id under which sg will be launch.

  ec2_group:
    aws_access_key: "{{ aws_access_key }}"
    aws_secret_key: "{{ aws_secret_key }}"
    description: staging-dj-sg
    name: (sg-name)
    region: "{{ aws_region }}"
    rules:
      - 
        from_port: "80"
        proto: tcp
        to_port: "80"
        cidr_ip: (ip-range)
    vpc_id: "{{ vpc_id }}"  #### Define VPC ID
  name: "Create Security Group"
  register: {name}

edited Jul 24 '17 at 16:06

Arbab Nazar

22,378
10
76
82

answered Jul 24 '17 at 09:20

SAM

118
1
11

This must be the `vpc_id` of an already existing VPC group? Can Ansible create the group? – tplive Dec 12 '18 at 14:31

Ansible EC2: Only Amazon VPC security groups may be used with this operation

1 Answers1