ansible / ansible.builtin / v2.4.3.0-1 / module / iam_managed_policy Manage User Managed IAM policies | "added in version" 2.4 of ansible.builtin" Authors: Dan Kozlowski (@dkhenry) stableinterface | supported by communityansible.builtin.iam_managed_policy (v2.4.3.0-1) — module
pip
Install with pip install ansible==2.4.3.0.post1
Allows creating and removing managed IAM policies
# Create Policy ex nihilo - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy_description: "A Helpful managed policy" policy: "{{ lookup('template', 'managed_policy.json.j2') }}" state: present
# Update a policy with a new default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{{ lookup('file', 'managed_policy_update.json') }}" state: present
# Update a policy with a new non default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{{ lookup('file', 'managed_policy_update.json') }}" make_default: false state: present
# Update a policy and make it the only version and the default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{ 'Version': '2012-10-17', 'Statement':[{'Effect': 'Allow','Action': '*','Resource': '*'}]}" only_version: true state: present
# Remove a policy - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" state: absent
state: choices: - present - absent default: null description: - Should this managed policy be present or absent. Set to absent to detach all entities from this policy and remove it if found. required: true policy: description: - A properly json formatted policy policy_name: description: - The name of the managed policy. required: true make_default: default: true description: - Make this revision the default revision. only_version: default: false description: - Remove all other non default revisions, if this is used with C(make_default) it will result in all other versions of this policy being deleted. required: false policy_description: default: '' description: - A helpful description of this policy, this value is immuteable and only set when creating a new policy.
policy: description: Returns the policy json structure, when state == absent this will return the value of the removed policy. returned: success sample: '{ "arn": "arn:aws:iam::aws:policy/AdministratorAccess " "attachment_count": 0, "create_date": "2017-03-01T15:42:55.981000+00:00", "default_version_id": "v1", "is_attachable": true, "path": "/", "policy_id": "ANPALM4KLDMTFXGOOJIHL", "policy_name": "AdministratorAccess", "update_date": "2017-03-01T15:42:55.981000+00:00" }' type: string