@ -295,19 +295,24 @@ def main():
rule [ ' from_port ' ] = None
rule [ ' to_port ' ] = None
# Convert ip to list we can iterate over
if not isinstance ( ip , list ) :
ip = [ ip ]
# If rule already exists, don't later delete it
ruleId = make_rule_key ( ' in ' , rule , group_id , ip )
if ruleId in groupRules :
del groupRules [ ruleId ]
# Otherwise, add new rule
else :
grantGroup = None
if group_id :
grantGroup = groups [ group_id ]
if not module . check_mode :
group . authorize ( rule [ ' proto ' ] , rule [ ' from_port ' ] , rule [ ' to_port ' ] , ip , grantGroup )
changed = True
for thisip in ip :
ruleId = make_rule_key ( ' in ' , rule , group_id , thisip )
if ruleId in groupRules :
del groupRules [ ruleId ]
# Otherwise, add new rule
else :
grantGroup = None
if group_id :
grantGroup = groups [ group_id ]
if not module . check_mode :
group . authorize ( rule [ ' proto ' ] , rule [ ' from_port ' ] , rule [ ' to_port ' ] , thisip , grantGroup )
changed = True
# Finally, remove anything left in the groupRules -- these will be defunct rules
if purge_rules :
@ -335,25 +340,30 @@ def main():
rule [ ' from_port ' ] = None
rule [ ' to_port ' ] = None
# Convert ip to list we can iterate over
if not isinstance ( ip , list ) :
ip = [ ip ]
# If rule already exists, don't later delete it
ruleId = make_rule_key ( ' out ' , rule , group_id , ip )
if ruleId in groupRules :
del groupRules [ ruleId ]
# Otherwise, add new rule
else :
grantGroup = None
if group_id :
grantGroup = groups [ group_id ] . id
if not module . check_mode :
ec2 . authorize_security_group_egress (
group_id = group . id ,
ip_protocol = rule [ ' proto ' ] ,
from_port = rule [ ' from_port ' ] ,
to_port = rule [ ' to_port ' ] ,
src_group_id = grantGroup ,
cidr_ip = ip )
changed = True
for thisip in ip :
ruleId = make_rule_key ( ' out ' , rule , group_id , thisip )
if ruleId in groupRules :
del groupRules [ ruleId ]
# Otherwise, add new rule
else :
grantGroup = None
if group_id :
grantGroup = groups [ group_id ] . id
if not module . check_mode :
ec2 . authorize_security_group_egress (
group_id = group . id ,
ip_protocol = rule [ ' proto ' ] ,
from_port = rule [ ' from_port ' ] ,
to_port = rule [ ' to_port ' ] ,
src_group_id = grantGroup ,
cidr_ip = thisip )
changed = True
elif vpc_id and not module . check_mode :
# when using a vpc, but no egress rules are specified,
# we add in a default allow all out rule, which was the