openshift-ansible-contrib/reference-architecture/3.9/playbooks/roles/aws/tasks/securitygroup_cns.yaml

---
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} SecurityGroup (CNS)"
  ec2_group:
    name: "{{ item.name }}"
    description: "{{ item.name }}"
    purge_rules: "{{ 'false' if (state is undefined or 'absent' not in state) else 'true' }}"
    purge_rules_egress: "{{ 'false' if (state is undefined or 'absent' not in state) else 'true' }}"
    region: "{{ aws_region }}"
    state: "{{ state | default('present') }}"
    vpc_id: "{{ vpc.vpc.id if (state is undefined or 'absent' not in state) else vpc.vpcs[0].vpc_id }}"
  when: ( vpc.vpc is defined ) or ( vpc.vpcs[0] is defined )
  with_items:
    - name: "cns"