openshift-ansible-contrib/reference-architecture/3.9/playbooks/roles/aws/tasks/securitygrouprule_cns.yaml

---
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} SecurityGroup (CNS) rules"
  ec2_group:
    name: "{{ item.name }}"
    description: "{{ item.name }}"
    purge_rules: "{{ false if (state is undefined or 'absent' not in state) else true }}"
    purge_rules_egress: "{{ false if (state is undefined or 'absent' not in state) else true }}"
    region: "{{ aws_region }}"
    state: "{{ state | default('present') }}"
    vpc_id: "{{ vpc.vpc.id if (state is undefined or 'absent' not in state) else vpc.vpcs[0].vpc_id }}"
    rules: "{{ item.rules }}"
  when: ( vpc.vpc is defined ) or ( vpc.vpcs[0] is defined )
  with_items:
    - name: cns
      rules: "{{ [
        {
        'proto': 'tcp',
        'from_port': '111',
        'to_port': '111',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '2222',
        'to_port': '2222',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '3260',
        'to_port': '3260',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '3260',
        'to_port': '3260',
        'group_name': 'node'
        },
        {
        'proto': 'tcp',
        'from_port': '24007',
        'to_port': '24008',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '24007',
        'to_port': '24008',
        'group_name': 'node'
        },
        {
        'proto': 'tcp',
        'from_port': '24010',
        'to_port': '24010',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '24010',
        'to_port': '24010',
        'group_name': 'node'
        },
        {
        'proto': 'tcp',
        'from_port': '49152',
        'to_port': '49664',
        'group_name': 'cns'
        },
        {
        'proto': 'tcp',
        'from_port': '49152',
        'to_port': '49664',
        'group_name': 'node'
        },
        {
        'proto': 'udp',
        'from_port': '111',
        'to_port': '111',
        'group_name': 'cns'
        }
      ] if (state is undefined or 'absent' not in state) else '' }}"