sg_database.yml

---  
- hosts: localhost  
  connection: local  
  gather_facts: no    
  vars:  
    #your region  
    region: ap-southeast-2  
    #your ip address
    allowed_ip: 123.243.16.53/32
  tasks:  
    - name: create database security group  
      local_action:  
        module: ec2_group    
        region: "{{ region }}"
        name: sg_database_apsydney    
        description: security group for apsydney database host
        rules:
          # allow ssh access from your ip address  
          - proto: tcp  
            from_port: 22  
            to_port: 22  
            cidr_ip: "{{ allowed_ip }}"  
          # allow mysql access from webserver group  
          - proto: tcp  
            from_port: 3306  
            to_port: 3306    
            group_name: sg_webserver_apsydney  
        rules_egress:
          - proto: all
            cidr_ip: 0.0.0.0/0