From 84cfeae162c88118cae64defd54bb6b9245d5fef Mon Sep 17 00:00:00 2001
From: Mandar Kulkarni <mandar242@gmail.com>
Date: Fri, 22 Nov 2024 10:58:27 -0800
Subject: [PATCH] update readme

---
 roles/ec2_instance_create/README.md                       | 5 ++++-
 .../tasks/ec2_instance_create_operations.yml              | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md
index 86742a2..bd8cfde 100644
--- a/roles/ec2_instance_create/README.md
+++ b/roles/ec2_instance_create/README.md
@@ -41,7 +41,8 @@ The following variables can be set in the role to customize EC2 instance creatio
   Required if `ec2_instance_create_associate_external_sg` is `true` or `ec2_instance_create_associate_igw` is `true`.
 
 * **ec2_instance_create_external_sg_id**: (Optional)
-  The ID or name of the security group to be associated with EC2 instance.
+  The ID or name of the existing security group to be associated with EC2 instance.
+  Mutually exclusive with `ec2_instance_create_associate_external_sg`.
 
 * **ec2_instance_create_tags**: (Optional)
   A dictionary of tags to assign to the EC2 instance.
@@ -74,6 +75,7 @@ The following variables can be set in the role to customize EC2 instance creatio
 * **ec2_instance_create_associate_external_sg**: (Optional)
   Whether to create and associate a security group with the EC2 instance for external access. Default is `false`.
   If set to `true`, a security group will be created or associated with the instance.
+  Mutually exclusive with `ec2_instance_create_external_sg_id`.
 
 * **ec2_instance_create_external_sg_name**: (Optional)
   The name of the security group to create. Default is `ec2_instance_create-default-external-sg`.
@@ -99,6 +101,7 @@ Here's an example of how to use the role in a playbook.
   roles:
     - role: cloud.aws_ops.ec2_instance_create
       vars:
+          ec2_instance_create_operation: create
           ec2_instance_create_aws_region: us-west-2
           ec2_instance_create_instance_name: my-test-instance
           ec2_instance_create_instance_type: t2.micro
diff --git a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml
index 1fd1f98..04e5173 100644
--- a/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml
+++ b/roles/ec2_instance_create/tasks/ec2_instance_create_operations.yml
@@ -1,4 +1,12 @@
 ---
+- name: Verify exclusive parameters
+  block:
+    - name: Check for security group ID
+      ansible.builtin.fail:
+        msg: "ec2_instance_create_external_sg_id and ec2_instance_create_associate_external_sg are mutually exlcusive.
+              Please provide only one to either associate existing or create new sg."
+      when: ec2_instance_create_external_sg_id != None and ec2_instance_create_associate_external_sg is true
+
 - name: Verify that the instance and security group with same name does not exist
   block:
     - name: Get instane info with provided name