diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py index 43702984b9b..f11b4f79324 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_group.py +++ b/lib/ansible/modules/cloud/amazon/ec2_group.py @@ -941,7 +941,7 @@ def main(): # If rule already exists, don't later delete it changed, ip_permission = authorize_ip("out", changed, client, group, groupRules, ipv6, ip_permission, module, rule, "ipv6") - elif vpc_id is not None: + elif 'VpcId' in group: # when no egress rules are specified and we're in a VPC, # we add in a default allow all out rule, which was the # default behavior before egress rules were added diff --git a/test/integration/targets/ec2_group/tasks/main.yml b/test/integration/targets/ec2_group/tasks/main.yml index ac1887d913b..b593b53866c 100644 --- a/test/integration/targets/ec2_group/tasks/main.yml +++ b/test/integration/targets/ec2_group/tasks/main.yml @@ -422,6 +422,8 @@ that: - 'result.changed' - 'result.group_id.startswith("sg-")' + - 'result.ip_permissions|length == 1' + - 'result.ip_permissions_egress|length == 1' # ============================================================ - name: add same rule to the existing group (expected changed=false) @@ -464,6 +466,7 @@ - result.ip_permissions|length == 2 - result.ip_permissions[0].user_id_group_pairs or result.ip_permissions[1].user_id_group_pairs + - 'result.ip_permissions_egress[0].ip_protocol == "-1"' # ============================================================ - name: test ip rules convert port numbers from string to int (expected changed=true) @@ -489,6 +492,9 @@ that: - 'result.changed' - 'result.group_id.startswith("sg-")' + - 'result.ip_permissions|length == 1' + - 'result.ip_permissions_egress[0].ip_protocol == "tcp"' + # ============================================================ - name: test group rules convert port numbers from string to int (expected changed=true)