From 38dd0d92924f8c968717bad17a1c0a245068c4f0 Mon Sep 17 00:00:00 2001
From: Lorin Hochstein <lhochstein@netflix.com>
Date: Sat, 11 Feb 2017 11:35:38 -0800
Subject: [PATCH] Add a secgroups script

---
 ch12/playbooks/files/.gitkeep |  0
 ch12/playbooks/secgroups.yml  | 40 +++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 ch12/playbooks/files/.gitkeep
 create mode 100644 ch12/playbooks/secgroups.yml

diff --git a/ch12/playbooks/files/.gitkeep b/ch12/playbooks/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ch12/playbooks/secgroups.yml b/ch12/playbooks/secgroups.yml
new file mode 100644
index 0000000..3d4e230
--- /dev/null
+++ b/ch12/playbooks/secgroups.yml
@@ -0,0 +1,40 @@
+- name: create security groups
+  hosts: localhost
+  gather_facts: False
+  vars:
+    region: us-west-1
+  tasks:
+    - name: web security group
+      ec2_group:
+        region: "{{ region }}"
+        name: web
+        description: allow http and https access
+        rules:
+          - proto: tcp
+            from_port: 80
+            to_port: 80
+            cidr_ip: 0.0.0.0/0
+          - proto: tcp
+            from_port: 443
+            to_port: 443
+            cidr_ip: 0.0.0.0/0
+
+    - name: ssh security group
+      ec2_group:
+        region: "{{ region }}"
+        name: ssh
+        description: allow ssh access
+        rules:
+          - proto: tcp
+            from_port: 22
+            to_port: 22
+            cidr_ip: 0.0.0.0/0
+
+    - name: outbound group
+      ec2_group:
+        region: "{{ region }}"
+        name: outbound
+        description: allow outbound connections to the internet
+        rules_egress:
+          - proto: all
+            cidr_ip: 0.0.0.0/0
-- 
2.44.0