Try SpotterCreate and manage Amazon S3 access points to use to access S3 buckets
| "added in version" 0.1.0 of amazon.cloud"
Authors: Ansible Cloud Team (@ansible-collections)
Install with ansible-galaxy collection install amazon.cloud:==0.4.0
collections:
- name: amazon.cloud
version: 0.4.0Create and manage Amazon S3 access points to use to access S3 buckets.
name:
description:
- The name you want to assign to this Access Point.
- If you dont specify a name, AWS CloudFormation generates a unique ID and uses that
ID for the access point name.
type: str
wait:
default: false
description:
- Wait for operation to complete before returning.
type: bool
force:
default: false
description:
- Cancel IN_PROGRESS and PENDING resource requestes.
- Because you can only perform a single operation on a given resource at a time, there
might be cases where you need to cancel the current resource operation to make the
resource available so that another operation may be performed on it.
type: bool
state:
choices:
- present
- absent
- list
- describe
- get
default: present
description:
- Goal state for resource.
- I(state=present) creates the resource if it doesn't exist, or updates to the provided
state if the resource already exists.
- I(state=absent) ensures an existing instance is deleted.
- I(state=list) get all the existing resources.
- I(state=describe) or I(state=get) retrieves information on an existing resource.
type: str
bucket:
description:
- The name of the bucket that you want to associate this Access Point with.
type: str
policy:
description:
- The Access Point Policy you want to apply to this access point.
type: dict
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
wait_timeout:
default: 320
description:
- How many seconds to wait for an operation to complete before timing out.
type: int
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
policy_status:
description:
- Not Provived.
suboptions:
is_public:
choices:
- 'false'
- 'true'
description:
- Specifies whether the policy is public or not.
type: str
type: dict
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
bucket_account_id:
description:
- The AWS account ID associated with the S3 bucket associated with this access point.
type: str
vpc_configuration:
description:
- If you include this field, Amazon S3 restricts access to this Access Point to requests
from the specified Virtual Private Cloud (VPC).The Virtual Private Cloud (VPC) configuration
for a bucket access point.
suboptions:
vpc_id:
description:
- If this field is specified, this access point will only allow connections from
the specified VPC ID.
type: str
type: dict
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
public_access_block_configuration:
description:
- The PublicAccessBlock configuration that you want to apply to this Access Point.
- You can enable the configuration options in any combination.
- For more information about when Amazon S3 considers a bucket or object public, see
U(https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
The Meaning of Public in the Amazon Simple Storage Service Developer Guide.
suboptions:
block_public_acls:
description:
- Specifies whether Amazon S3 should block public access control lists (ACLs)
for buckets in this account.
- Setting this element to C(True) causes the following behavior:.
- '- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.'
- '- PUT Object calls fail if the request includes a public ACL.'
- . - PUT Bucket calls fail if the request includes a public ACL.
- Enabling this setting doesnt affect existing policies or ACLs.
type: bool
block_public_policy:
description:
- Specifies whether Amazon S3 should block public bucket policies for buckets
in this account.
- Setting this element to C(True) causes Amazon S3 to reject calls to PUT Bucket
policy if the specified bucket policy allows public access.
- Enabling this setting doesnt affect existing bucket policies.
type: bool
ignore_public_acls:
description:
- Specifies whether Amazon S3 should ignore public ACLs for buckets in this account.
- Setting this element to C(True) causes Amazon S3 to ignore all public ACLs on
buckets in this account and any objects that they contain.
- Enabling this setting doesnt affect the persistence of any existing ACLs and
doesnt prevent new public ACLs from being set.
type: bool
restrict_public_buckets:
description:
- Specifies whether Amazon S3 should restrict public bucket policies for this
bucket.
- Setting this element to C(True) restricts access to this bucket to only AWS
services and authorized users within this account if the bucket has a public
policy.
- Enabling this setting doesnt affect previously stored bucket policies, except
that public and cross-account access within any public bucket policy, including
non-public delegation to specific accounts, is blocked.
type: bool
type: dict
result:
contains:
identifier:
description: The unique identifier of the resource.
type: str
properties:
description: The resource properties.
type: dict
description:
- When I(state=list), it is a list containing dictionaries of resource information.
- Otherwise, it is a dictionary of resource information.
- When I(state=absent), it is an empty dictionary.
returned: always
type: complex