community.aws
community.aws copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
aws.eks_cluster shouldn't require security_groups during new EKS cluster creation
Summary
When I am trying to create an EKS cluster by using the community.aws.eks_cluster module, it showed an error that I need to specify the security groups. After I specified the security group in playbook, the result showed that the specified groups become the additional security groups of the cluster according to AWS console. And AWS created a new security group as the cluster security group.
According to AWS docs here, AWS will create a security group automatically during EKS cluster creation. In my perspective, AWS is always handling the default cluster level security group.
Moreover, according to Ansible documentation here, security_groups has not stated to be mandatory while state is present.
Therefore, if AWS is always creating security group for the new cluster, why we need the security_groups field when we are creating a new EKS cluster? It can be an option to allow us adding additional security group but should not be required.
Issue Type
Bug Report
Component Name
community.aws.eks_cluster
Ansible Version
ansible [core 2.15.0]
config file = None
configured module search path = ['/Users/tonychan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/homebrew/Cellar/ansible/8.0.0/libexec/lib/python3.11/site-packages/ansible
ansible collection location = /Users/tonychan/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.11.4 (main, Jun 15 2023, 07:55:38) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/opt/homebrew/Cellar/ansible/8.0.0/libexec/bin/python3.11)
jinja version = 3.1.2
libyaml = True
Collection Versions
Collection Version
----------------------------- -------
amazon.aws 6.0.1
ansible.netcommon 5.1.1
ansible.posix 1.5.4
ansible.utils 2.10.3
ansible.windows 1.14.0
arista.eos 6.0.1
awx.awx 22.2.0
azure.azcollection 1.15.0
check_point.mgmt 5.0.0
chocolatey.chocolatey 1.4.0
cisco.aci 2.6.0
cisco.asa 4.0.0
cisco.dnac 6.7.2
cisco.intersight 1.0.27
cisco.ios 4.5.0
cisco.iosxr 5.0.2
cisco.ise 2.5.12
cisco.meraki 2.15.1
cisco.mso 2.4.0
cisco.nso 1.0.3
cisco.nxos 4.3.0
cisco.ucs 1.8.0
cloud.common 2.1.3
cloudscale_ch.cloud 2.2.4
community.aws 6.0.0
community.azure 2.0.0
community.ciscosmb 1.0.5
community.crypto 2.13.1
community.digitalocean 1.23.0
community.dns 2.5.4
community.docker 3.4.6
community.fortios 1.0.0
community.general 7.0.1
community.google 1.0.0
community.grafana 1.5.4
community.hashi_vault 5.0.0
community.hrobot 1.8.0
community.libvirt 1.2.0
community.mongodb 1.5.2
community.mysql 3.7.1
community.network 5.0.0
community.okd 2.3.0
community.postgresql 2.4.1
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.8.0
community.sap 1.0.0
community.sap_libs 1.4.1
community.skydive 1.0.0
community.sops 1.6.1
community.vmware 3.6.0
community.windows 1.13.0
community.zabbix 2.0.0
containers.podman 1.10.1
cyberark.conjur 1.2.0
cyberark.pas 1.0.19
dellemc.enterprise_sonic 2.0.0
dellemc.openmanage 7.5.0
dellemc.powerflex 1.6.0
dellemc.unity 1.6.0
f5networks.f5_modules 1.24.0
fortinet.fortimanager 2.1.7
fortinet.fortios 2.2.3
frr.frr 2.0.2
gluster.gluster 1.0.2
google.cloud 1.1.3
grafana.grafana 2.0.0
hetzner.hcloud 1.11.0
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.12.0
infinidat.infinibox 1.3.12
infoblox.nios_modules 1.5.0
inspur.ispim 1.3.0
inspur.sm 2.3.0
junipernetworks.junos 5.1.0
kubernetes.core 2.4.0
lowlydba.sqlserver 2.0.0
microsoft.ad 1.1.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.22.0
netapp.elementsw 21.7.0
netapp.ontap 22.6.0
netapp.storagegrid 21.11.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.4.0
netbox.netbox 3.13.0
ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 2.1.0
openvswitch.openvswitch 2.1.1
ovirt.ovirt 3.1.2
purestorage.flasharray 1.18.0
purestorage.flashblade 1.11.0
purestorage.fusion 1.4.2
sensu.sensu_go 1.13.2
servicenow.servicenow 1.0.6
splunk.es 2.1.0
t_systems_mms.icinga_director 1.32.2
theforeman.foreman 3.10.0
vmware.vmware_rest 2.3.1
vultr.cloud 1.7.1
vyos.vyos 4.0.2
wti.remote 1.0.4
AWS SDK versions
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: [email protected]
License: MIT
Location: /opt/homebrew/lib/python3.11/site-packages
Requires:
Required-by:
---
Name: boto3
Version: 1.26.165
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/homebrew/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.29.165
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/homebrew/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
Configuration
$ CONFIG_FILE() = None
HOST_KEY_CHECKING(env: ANSIBLE_HOST_KEY_CHECKING) = False
OS / Environment
Playbook running on MacOS Ventura 13.3.1 (a)
Steps to Reproduce
- name: Create EKS cluster
community.aws.eks_cluster:
name: "{{ eks_cluster.name }}"
state: present
version: "{{ eks_cluster.version }}"
role_arn: "{{ eks_role_created.iam_role.arn }}"
subnets:
- "{{ subnet1_id }}"
- "{{ subnet2_id }}"
wait: true
Expected Results
An EKS cluster will be created.
Actual Results
fatal: [localhost]: FAILED! => {"changed": false, "msg": "state is present but all of the following are missing: security_groups"}
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
