How do you add tags to AWS security groups through Ansible?

Question

I'm trying to manage AWS security groups through Ansible and want to add tags to them. Can someone give me an example on how to do this?

For example I have a security group 'test_security_group' and I want to add a tag 'foo' to that security group.

According to Ansible documentation the ec2_tag module will work but I have not been successful in using it with security groups so far.

Answer 1

Like this:

- name: Create security group for app instances
  local_action:
    module: ec2_group
    name: "http-everywhere"
    description: "My Security Group"
    vpc_id: "vpc=abcd1234"
    region: "us-east-1"
    rules: 
      - proto: tcp
        from_port: 80
        to_port: 80
        cidr_ip: 0.0.0.0/0
  register: aws_sg

- name: Tag the security group with a name
  local_action:
    module: ec2_tag
    resource: "{{aws_sg.group_id}}"
    region: "us-east-1"
    state: present
    tags:
      Name: "My Security Group Name"
      env: "production"
      service: "web"

Answer 2

As of ansible 2.4 you can specify tags directly

- name: Create ec2 security group
  ec2_group:
    name: SSH
    description: SSH
    vpc_id: "{{ default_vpc_id }}"
    region: "{{ aws_region }}"
    tags:
      Name: SSH
      Tag1: Value1
      Tag2: Value2
    rules:
      - proto: tcp
        ports:
          - 22
        cidr_ip: 0.0.0.0/0