diff --git a/lib/puppet/provider/ec2_securitygroup/v2.rb b/lib/puppet/provider/ec2_securitygroup/v2.rb index 4e3d8977..414167e5 100644 --- a/lib/puppet/provider/ec2_securitygroup/v2.rb +++ b/lib/puppet/provider/ec2_securitygroup/v2.rb @@ -131,12 +131,17 @@ def authorize_ingress(new_rules, existing_rules=[]) to_create.reject(&:nil?).each do |rule| if rule.key? 'security_group' source_group_name = rule['security_group'] - group_response = ec2.describe_security_groups(filters: [ - {name: 'group-name', values: [source_group_name]}, - ]) - fail("No groups found called #{source_group_name}") if group_response.data.security_groups.count == 0 + filters = [ {name: 'group-name', values: [source_group_name]} ] + if vpc_only_account? + response = ec2.describe_security_groups(group_ids: [@property_hash[:id]]) + vpc_id = response.data.security_groups.first.vpc_id + filters.push( {name: 'vpc-id', values: [vpc_id]} ) + end + group_response = ec2.describe_security_groups(filters: filters) + match_count = group_response.data.security_groups.count + fail("No groups found called #{source_group_name}") if match_count == 0 source_group_id = group_response.data.security_groups.first.group_id - Puppet.warning "Multiple groups found called #{source_group_name}, using #{source_group_id}" if group_response.data.security_groups.count > 1 + Puppet.warning "#{match_count} groups found called #{source_group_name}, using #{source_group_id}" if match_count > 1 permissions = ['tcp', 'udp', 'icmp'].collect do |protocol| {