ec2_group failing when there is already a rule defined from another AWS account

[nicolas-g]

Issue Type:

Bug Report

Ansible Version:

ansible --version
ansible 1.8.2
configured module search path = /usr/share/ansible

boto 2.36.0

Environment:

CentOS release 6.5
OSX 10.10.1

Summary:

When there is a firewall rule already defined that gives access to a existing security group from another AWS account the ec2_group task fails.

Steps To Reproduce:

Have 2 different AWS accounts A and B and defined the bellow :

AWS account A ( #262444421265)

Create a security group named SGA , it doesn't matter if i has any rules or not.

AWS account B

Create a security group SGB that gives access to the security group SGA in AWS account A (#262444421265) , for example :

TCP   0 - 65535      262444421265/sg-3dd9e333 (SGA)

security_grups.yml :

  - name: create SGB
    local_action:
      module: ec2_group
      name: SGB
      description: "Security Group B"
      region: us-east-1
      rules:
        - proto: tcp
          from_port: 1000
          to_port: 1000
          cidr_ip: 0.0.0.0/0

Expected Results:

Ansible should create SGB if doesn't exist with the defined port open.

Actual Results:

Ansible fails to execute the task:

ansible-playbook security_grups.yml -t this -vvvvvv

<127.0.0.1> REMOTE_MODULE ec2_group description='SGB for all servers like ops ssh proxy, monitoring, etc...' name=SGB region=us-east-1
<127.0.0.1> EXEC ['/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293 && echo $HOME/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293']
<127.0.0.1> PUT /var/folders/44/p6wg1wxx1150q8s3y9l9sgvc0000gn/T/tmpowO1Kf TO /Users/nicolasg/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293/ec2_group
<127.0.0.1> EXEC ['/bin/sh', '-c', u'LANG=C LC_CTYPE=C /usr/bin/python /Users/nicolasg/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293/ec2_group; rm -rf /Users/nicolasg/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293/ >/dev/null 2>&1']
failed: [localhost -> 127.0.0.1] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File "/Users/nicolasg/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293/ec2_group", line 2145, in <module>
    main()
  File "/Users/nicolasg/.ansible/tmp/ansible-tmp-1423654841.37-223860373574293/ec2_group", line 302, in main
    grantGroup = groups[grant.group_id]
KeyError: sg-3dd9e333'

[hkariti]

still in devel

[hkariti]

#709 fixes this

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

@ansible, ping. This issue is still waiting on your response.
click here for bot help

[ansibot]

This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible

Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo.

[ansibot]

This issue was migrated to ansible/ansible#30177