modified based on feedback

redhat-cop · Nov 20, 2024 · a1c5631 · a1c5631
1 parent 8e4aa21
commit a1c5631
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 48 deletions.
diff --git a/roles/ec2_instance_create/README.md b/roles/ec2_instance_create/README.md
@@ -45,24 +45,18 @@ The following variables can be set in the role to customize EC2 instance creatio
   Whether to create and associate a internet gateway with the EC2 instance. Default is `false`.
   If set to `true`, a internet gateway will be created or associated with the instance.
 
-* **ec2_instance_create_associate_sg**: (Optional)
+* **ec2_instance_create_associate_external_sg**: (Optional)
   Whether to create and associate a security group with the EC2 instance for external access. Default is `false`.
   If set to `true`, a security group will be created or associated with the instance.
 
-* **ec2_instance_create_sg_name**: (Optional)
+* **ec2_instance_create_external_sg_name**: (Optional)
   The name of the security group to create. Default is `default-external-sg`.
 
-* **ec2_instance_create_sg_description**: (Optional)
+* **ec2_instance_create_external_sg_description**: (Optional)
   A description for the security group. Default is `Security group for external access`.
 
-* **ec2_instance_create_sg_ssh_port**: (Optional)
-  The SSH port to open in the security group. Default is `22`.
-
-* **ec2_instance_create_sg_http_port**: (Optional)
-  The HTTP port to open in the security group. Default is `80`.
-
-* **ec2_instance_create_sg_https_port**: (Optional)
-  The HTTPS port to open in the security group. Default is `443`.
+* **ec2_instance_create_external_sg_port**: (Optional)
+  The port to open in the security group. Default is `22`.
 
 * **ec2_instance_create_sg_tags**: (Optional)
   Tags to assign to the security group.
@@ -89,18 +83,15 @@ Here’s an example of how to use the role in a playbook.
             Environment: Testing
           ec2_instance_create_wait_for_boot: true
           # Optionally, enable security group creation
-          ec2_instance_create_associate_sg: true
-          ec2_instance_create_sg_name: my-custom-sg
-          ec2_instance_create_sg_description: Security group for my custom access
-          ec2_instance_create_sg_ssh_port: 22
-          ec2_instance_create_sg_http_port: 80
-          ec2_instance_create_sg_https_port: 443
+          ec2_instance_create_associate_external_sg: true
+          ec2_instance_create_external_sg_name: my-custom-sg
+          ec2_instance_create_external_sg_description: Security group for my custom access
+          ec2_instance_create_external_sg_port: 22
           ec2_instance_create_sg_tags:
             Component: my-custom-sg
             Environment: Testing
           # Optionally, enable Elastic IP association
           ec2_instance_create_associate_eip: true
-          ec2_instance_create_eip_release_on_disassociation: true
               ec2_instance_create_eip_tags:
                 Component: my-test-eip
                 Environment: Testing

diff --git a/roles/ec2_instance_create/defaults/main.yml b/roles/ec2_instance_create/defaults/main.yml
@@ -1,2 +1,8 @@
 ---
 ec2_instance_create_associate_eip: false
+ec2_instance_create_associate_external_sg: false
+ec2_instance_create_associate_igw: false
+ec2_instance_create_external_sg_description: "Security group for external access"
+ec2_instance_create_external_sg_name: "default-external-sg"
+ec2_instance_create_external_sg_port: 22
+ec2_instance_create_wait_for_boot: true
diff --git a/roles/ec2_instance_create/meta/argument_specs.yml b/roles/ec2_instance_create/meta/argument_specs.yml
@@ -54,42 +54,30 @@ argument_specs:
         required: false
         default: false
         type: bool
-      ec2_instance_create_associate_sg:
+      ec2_instance_create_associate_external_sg:
         description:
           - Whether to create and associate a security group for external access.
         required: false
         default: false
         type: bool
-      ec2_instance_create_sg_name:
+      ec2_instance_create_external_sg_name:
         description:
           - The name of the security group to create.
         required: false
         default: "default-external-sg"
         type: str
-      ec2_instance_create_sg_description:
+      ec2_instance_create_external_sg_description:
         description:
           - A description of the security group.
         required: false
         default: "Security group for external access"
         type: str
-      ec2_instance_create_sg_ssh_port:
+      ec2_instance_create_external_sg_port:
         description:
           - The SSH port to open in the security group.
         required: false
         default: 22
         type: int
-      ec2_instance_create_sg_http_port:
-        description:
-          - The HTTP port to open in the security group.
-        required: false
-        default: 80
-        type: int
-      ec2_instance_create_sg_https_port:
-        description:
-          - The HTTPS port to open in the security group.
-        required: false
-        default: 443
-        type: int
       ec2_instance_create_sg_tags:
         description:
           - Tags to assign to the security group.

diff --git a/roles/ec2_instance_create/tasks/main.yml b/roles/ec2_instance_create/tasks/main.yml
@@ -17,25 +17,17 @@
       register: ec2_instance
 
     - name: Create security group if enabled
-      when: ec2_instance_create_associate_sg is true
+      when: ec2_instance_create_associate_external_sg is true
       block:
         - name: Define security group with access rules
           amazon.aws.ec2_group:
-            name: "{{ ec2_instance_create_sg_name | default('default-external-sg') }}"
-            description: "{{ ec2_instance_create_sg_description | default('Security group for external access') }}"
+            name: "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}"
+            description: "{{ ec2_instance_create_external_sg_description | default('Security group for external access') }}"
             vpc_id: "{{ ec2_instance_create_vpc_id }}"
             rules:
               - proto: tcp
                 ports:
-                  - "{{ ec2_instance_create_sg_ssh_port | default(22) }}"
-                cidr_ip: "0.0.0.0/0"
-              - proto: tcp
-                ports:
-                  - "{{ ec2_instance_create_sg_http_port | default(80) }}"
-                cidr_ip: "0.0.0.0/0"
-              - proto: tcp
-                ports:
-                  - "{{ ec2_instance_create_sg_https_port | default(443) }}"
+                  - "{{ ec2_instance_create_external_sg_port | default(22) }}"
                 cidr_ip: "0.0.0.0/0"
             tags: "{{ ec2_instance_create_sg_tags | default(omit) }}"
 
@@ -44,8 +36,8 @@
             instance_ids:
               - "{{ ec2_instance.instance_ids[0] }}"
             security_groups:
-              - "{{ ec2_instance_create_sg_name | default('default-external-sg') }}"
-          register: ec2_instance_associate_sg
+              - "{{ ec2_instance_create_external_sg_name | default('default-external-sg') }}"
+          register: ec2_instance_associate_external_sg
 
     - name: Create and associate Elastic IP if enabled
       when: ec2_instance_create_associate_eip is true