Make sure a default allow out rule exists if no other egress rules do

Fixes #7027
This commit is contained in:
James Cammarata 2014-04-17 15:24:18 -05:00
parent 09e0d1c51f
commit 1ef0402f03

View file

@ -313,6 +313,20 @@ def main():
src_group_id=grantGroup,
cidr_ip=ip)
changed = True
elif vpc_id and not module.check_mode:
# when using a vpc, but no egress rules are specified,
# we add in a default allow all out rule, which was the
# default behavior before egress rules were added
if 'out--1-None-None-None-0.0.0.0/0' not in groupRules:
ec2.authorize_security_group_egress(
group_id=group.id,
ip_protocol=-1,
from_port=None,
to_port=None,
src_group_id=None,
cidr_ip='0.0.0.0/0'
)
changed = True
# Finally, remove anything left in the groupRules -- these will be defunct rules
for rule in groupRules.itervalues():