ansible.builtin.iam_managed_policy (v2.4.3.0-1) — module

Install Ansible via pip

Install with pip install ansible==2.4.3.0.post1

Description

Allows creating and removing managed IAM policies

Requirements

• boto3
• botocore

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create Policy ex nihilo
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy_description: "A Helpful managed policy"
    policy: "{{ lookup('template', 'managed_policy.json.j2') }}"
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Update a policy with a new default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{{ lookup('file', 'managed_policy_update.json') }}"
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Update a policy with a new non default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{{ lookup('file', 'managed_policy_update.json') }}"
    make_default: false
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Update a policy and make it the only version and the default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{ 'Version': '2012-10-17', 'Statement':[{'Effect': 'Allow','Action': '*','Resource': '*'}]}"
    only_version: true
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Remove a policy
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    state: absent

Inputs

    
state:
    choices:
    - present
    - absent
    default: null
    description:
    - Should this managed policy be present or absent. Set to absent to detach all entities
      from this policy and remove it if found.
    required: true

policy:
    description:
    - A properly json formatted policy

policy_name:
    description:
    - The name of the managed policy.
    required: true

make_default:
    default: true
    description:
    - Make this revision the default revision.

only_version:
    default: false
    description:
    - Remove all other non default revisions, if this is used with C(make_default) it
      will result in all other versions of this policy being deleted.
    required: false

policy_description:
    default: ''
    description:
    - A helpful description of this policy, this value is immuteable and only set when
      creating a new policy.

Outputs

policy:
  description: Returns the policy json structure, when state == absent this will return
    the value of the removed policy.
  returned: success
  sample: '{ "arn": "arn:aws:iam::aws:policy/AdministratorAccess " "attachment_count":
    0, "create_date": "2017-03-01T15:42:55.981000+00:00", "default_version_id": "v1",
    "is_attachable": true, "path": "/", "policy_id": "ANPALM4KLDMTFXGOOJIHL", "policy_name":
    "AdministratorAccess", "update_date": "2017-03-01T15:42:55.981000+00:00" }'
  type: string