Setting up PostgreSQL on RDS using ansible is a bit tricky because the main user on RDS is not a SUPERUSER and roles membership is not automatically granted for ex: “ERROR: must be member of role ..” is quite common. Here is a working solution:
Modify Security Groups Command is an easy to use command that you can add to your DevOps to allow adding/Removing IPs or CIDRs to AWS security groups for all protocol and ports. The command is part of AWS PHP Commands.
> php console.php aws:security-groups:modify -h Usage: aws:security-groups:modify [options] Options: -c, --cidr=CIDR CIDR ex: 126.96.36.199/20 [default: false] -o, --operation=OPERATION Operation to perform, one of add or remove [default: "add"] -e, --env[=ENV] Which security groups this should run on. One of prod, dev [default: "dev"] -h, --help Display this help message -q, --quiet Do not output any message -V, --version Display this application version --ansi Force ANSI output --no-ansi Disable ANSI output -n, --no-interaction Do not ask any interactive question -v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug Help: Adds/removes CIDRs to security groups.