mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	Merge pull request #7212 from jimi-c/issue_7027_ec2_group_egress_rules
Make sure a default allow out rule exists if no other egress rules do
This commit is contained in:
		
				commit
				
					
						d2819e22e3
					
				
			
		
					 1 changed files with 14 additions and 0 deletions
				
			
		|  | @ -313,6 +313,20 @@ def main(): | |||
|                                 src_group_id=grantGroup, | ||||
|                                 cidr_ip=ip) | ||||
|                     changed = True | ||||
|         elif vpc_id and not module.check_mode: | ||||
|             # when using a vpc, but no egress rules are specified,  | ||||
|             # we add in a default allow all out rule, which was the | ||||
|             # default behavior before egress rules were added | ||||
|             if 'out--1-None-None-None-0.0.0.0/0' not in groupRules: | ||||
|                 ec2.authorize_security_group_egress( | ||||
|                     group_id=group.id, | ||||
|                     ip_protocol=-1, | ||||
|                     from_port=None, | ||||
|                     to_port=None, | ||||
|                     src_group_id=None, | ||||
|                     cidr_ip='0.0.0.0/0' | ||||
|                 ) | ||||
|                 changed = True | ||||
| 
 | ||||
|         # Finally, remove anything left in the groupRules -- these will be defunct rules | ||||
|         for rule in groupRules.itervalues(): | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue