From f6f2359400d4e72e789edd34d3985fc8d0b7c032 Mon Sep 17 00:00:00 2001
From: Benno Joy <benno@ansible.com>
Date: Fri, 5 Jun 2015 12:31:59 +0530
Subject: [PATCH] fix for 11177 where module readds rule even if the rules
 exists

---
 lib/ansible/modules/cloud/amazon/ec2_group.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py
index 0579af31df4..fd75684a9d4 100644
--- a/lib/ansible/modules/cloud/amazon/ec2_group.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_group.py
@@ -127,6 +127,11 @@ def make_rule_key(prefix, rule, group_id, cidr_ip):
     """Creates a unique key for an individual group rule"""
     if isinstance(rule, dict):
         proto, from_port, to_port = [rule.get(x, None) for x in ('proto', 'from_port', 'to_port')]
+        #fix for 11177 
+        if proto not in ['icmp', 'tcp', 'udp'] and from_port == -1 and to_port == -1:
+            from_port = 'none'
+            to_port   = 'none'
+
     else:  # isinstance boto.ec2.securitygroup.IPPermissions
         proto, from_port, to_port = [getattr(rule, x, None) for x in ('ip_protocol', 'from_port', 'to_port')]