From 5fb903c36c81e560c57e4b85e9c43e9317e732ed Mon Sep 17 00:00:00 2001
From: Aditya Putta <puttaa@yahoo.com>
Date: Tue, 11 Feb 2025 11:27:18 -0600
Subject: [PATCH] Update ec2_security_group.py

Restrict demo-sg to HTTP-only traffic
- Set inbound HTTP access on port 80
- Restrict outbound traffic to HTTP only
- Remove all other existing rules (using purge_rules)
---
 plugins/modules/ec2_security_group.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/plugins/modules/ec2_security_group.py b/plugins/modules/ec2_security_group.py
index 65e3a64673f..1d3950a3095 100644
--- a/plugins/modules/ec2_security_group.py
+++ b/plugins/modules/ec2_security_group.py
@@ -406,6 +406,23 @@
           - sg-edcd9784
   diff: true
 
+- name: Update with new rules and purge old ones
+  amazon.aws.ec2_security_group:
+    name: demo-sg
+    description: "Demo Security Group"
+    vpc_id: vpc-123456
+    purge_rules: true
+    rules:
+      - proto: tcp
+        ports: 80
+        cidr_ip: 0.0.0.0/0
+        rule_desc: "Web traffic"
+    rules_egress:
+      - proto: tcp
+        ports: 80
+        cidr_ip: 0.0.0.0/0
+        rule_desc: "HTTP outbound"
+
 - name: "Delete group by its id"
   amazon.aws.ec2_security_group:
     group_id: sg-33b4ee5b