Using Ansible to create AWS Application Load Balancer rules

Question

I'm trying to use Ansible to create rules for an unconfigured HTTP listener on my existing ALB. I kick things off by retrieving facts for the alb and then use those facts to define an Ansible ALB resource adding the rules I want, but I'm hitting an issue.

I would like Ansible to loop through my group_vars file (which it already does for other tasks successfully) to create these multiple rules. However when looping through, instead of appending rules to the listener it destroys/creates them. So when the playbook completes you are just left with a single rule referencing whichever item is defined at the end of the vars file (in my case Surrey).

My code is below (for the sake of brevity I have excluded the parts which get & set facts):

- name: Add HTTP listener rules
  elb_application_lb:
    state: present
    name: "{{ albinfo.load_balancer_name }}"
    subnets:
      - "{{ albinfo.availability_zones[0].subnet_id }}"
      - "{{ albinfo.availability_zones[1].subnet_id }}"
      - "{{ albinfo.availability_zones[2].subnet_id }}"
    security_groups:
      - "{{ albinfo.security_groups[0] }}"
    listeners:
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: forward
            TargetGroupName: default
        Rules:
          - Conditions:
              - Field: host-header
                Values: "{{ item.url }}"
            Priority: "{{ item.priority }}"
            Actions:
              - TargetGroupName: "{{ item.name }}"
                Type: forward
    purge_listeners: no
  with_items: "{{ regions }}"

And my "regions" vars file looks like this:

regions:
  - name: manchester
    priority: 1
    url:
      - manchester.example.com

  - name: surrey
    priority: 2
    url:
      - surrey.example.com

Answer 1

The way you are using with_items to iterate the elb_application_lb module will not work as you have found out. Executing multiple commands will have the effect that the last one will 'win', as it will overwrite the existing elb rule set.

What you would need to do is define each rule on a single call to elb_application_lb instead, you can not layer on rules with multiple calls to this module. You might be able to create a dict that defines all your rules instead like this:

- name: Add HTTP listener rules
  elb_application_lb:
    state: present
    name: "{{ albinfo.load_balancer_name }}"
    subnets:
      - "{{ albinfo.availability_zones[0].subnet_id }}"
      - "{{ albinfo.availability_zones[1].subnet_id }}"
      - "{{ albinfo.availability_zones[2].subnet_id }}"
    security_groups:
      - "{{ albinfo.security_groups[0] }}"
    listeners:
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: forward
            TargetGroupName: default
        Rules:
          - "{{ region_rules }}"
    purge_listeners: no

Where region rules var looks like this:

    region_rules:
      - Conditions:
          - Field: host-header
            Values: manchester.example.com
        Priority: 1
        Actions:
          - TargetGroupName: manchester
            Type: forward

      - Conditions:
          - Field: host-header
            Values: surrey.example.com
        Priority: 2
        Actions:
          - TargetGroupName: surrey
            Type: forward