I want to create a db security group before creating an RDS instance using Ansible. There is a module for called ec2_group which creates security groups for VPC but I want to create security group for the DB instance only.
Is there a separate module for it or do I have to use the ec2_group module to create a DB security group?
Also, if I'm wrong correct me! The EC2 security group and DB security group are 2 different things right?
I'm afraid there is no Ansible module for that.
DB SG and VPC SG are indeed different things: you create DB SG and allow traffic flow from one of VPC SGs.
If you need to automate DB SG creation, your option is aws cli.
Use local commands aws rds create-db-security-group and aws rds authorize-db-security-group-ingress with Ansible command module.
I submitted a PR last year to add 2 AWS modules : boto3 and boto3_wait.
These 2 modules allow you to interact with AWS API using boto3.
For instance, you could create a DB security group by calling create_db_security_group and authorize_db_security_group_ingress methods on RDS service :
- name: Create DB security group
boto3:
name: rds
region: us-east-1
operation: create_db_security_group
parameters:
DBSecurityGroupName: mydbsecuritygroup
DBSecurityGroupDescription: My DB security group
- name: Authorize IP range
boto3:
name: rds
region: us-east-1
operation: authorize_db_security_group_ingress
parameters:
DBSecurityGroupName: mydbsecuritygroup
CIDRIP: 203.0.113.5/32
If you're interrested by this feature, feel free to vote up on the PR. :)
