---
- name: sg ssh
  delegate_to: localhost
  become: no
  ec2_group:
    vpc_id: "{{ vpc.vpc.id }}"
    region: "{{ vpc_region }}"
    state: present
    name: ssh
    description: "allow ssh from anywhere"
    purge_rules: false
    rules:
    - proto: tcp
      from_port: 22
      to_port: 22
      cidr_ip: 0.0.0.0/0
    rules_egress:
    - proto: all
      cidr_ip: 0.0.0.0/0
  register: sg_ssh

- name: sg icmp
  delegate_to: localhost
  become: no
  ec2_group:
    vpc_id: "{{ vpc.vpc.id }}"
    region: "{{ vpc_region }}"
    state: present
    name: icmp
    description: "allow icmp from anywhere"
    purge_rules: false
    rules:
    - proto: icmp
      from_port: -1
      to_port: -1
      cidr_ip: 0.0.0.0/0
    rules_egress:
    - proto: all
      cidr_ip: 0.0.0.0/0
  register: sg_icmp