azure_rm_securitygroup – Manage Azure network security groups¶
Synopsis¶
- Create, update or delete a network security group.
- A security group contains Access Control List (ACL) rules that allow or deny network traffic to subnets or individual network interfaces.
- A security group is created with a set of default security rules and an empty set of security rules.
- Shape traffic flow by adding rules to the empty set of security rules.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.7
- azure >= 2.0.0
Parameters¶
Notes¶
Note
- For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
. - Authentication is also possible using a service principal or Active Directory user.
- To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
- To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
- Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also¶
See also
- Sign in with Azure CLI
- How to authenticate using the
az login
command.
Examples¶
# Create a security group
- azure_rm_securitygroup:
resource_group: myResourceGroup
name: mysecgroup
purge_rules: yes
rules:
- name: DenySSH
protocol: Tcp
destination_port_range: 22
access: Deny
priority: 100
direction: Inbound
- name: 'AllowSSH'
protocol: Tcp
source_address_prefix:
- '174.109.158.0/24'
- '174.109.159.0/24'
destination_port_range: 22
access: Allow
priority: 101
direction: Inbound
- name: 'AllowMultiplePorts'
protocol: Tcp
source_address_prefix:
- '174.109.158.0/24'
- '174.109.159.0/24'
destination_port_range:
- 80
- 443
access: Allow
priority: 102
# Update rules on existing security group
- azure_rm_securitygroup:
resource_group: myResourceGroup
name: mysecgroup
rules:
- name: DenySSH
protocol: Tcp
destination_port_range: 22-23
access: Deny
priority: 100
direction: Inbound
- name: AllowSSHFromHome
protocol: Tcp
source_address_prefix: '174.109.158.0/24'
destination_port_range: 22-23
access: Allow
priority: 102
direction: Inbound
tags:
testing: testing
delete: on-exit
# Delete security group
- azure_rm_securitygroup:
resource_group: myResourceGroup
name: mysecgroup
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Chris Houseknecht (@chouseknecht)
- Matt Davis (@nitzmahone)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.