Try SpotterManage AWS IAM users
| "added in version" 2.5 of ansible.builtin"
Authors: Josh Souza, @joshsouza
preview | supported by community
pipInstall with pip install ansible==2.7.18
Manage AWS IAM users
# Note: These examples do not set authentication details, see the AWS Guide for details.
# Note: This module does not allow management of groups that users belong to.
# Groups should manage their membership directly using `iam_group`,
# as users belong to them.
# Create a user
- iam_user:
name: testuser1
state: present
# Create a user and attach a managed policy using its ARN
- iam_user:
name: testuser1
managed_policy:
- arn:aws:iam::aws:policy/AmazonSNSFullAccess
state: present
# Remove all managed policies from an existing user with an empty list
- iam_user:
name: testuser1
state: present
purge_policy: true
# Delete the user
- iam_user:
name: testuser1
state: absent
name:
description:
- The name of the user to create.
required: true
state:
choices:
- present
- absent
description:
- Create or remove the IAM user
required: true
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
ec2_url:
description:
- Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
profile:
description:
- Uses a boto profile. Only works with boto >= 2.24.0.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
- Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto)
for more boto configuration.
type: dict
purge_policy:
default: false
description:
- Detach policies which are not included in managed_policy list
required: false
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY
or EC2_ACCESS_KEY environment variable is used.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY,
or EC2_SECRET_KEY environment variable is used.
type: str
managed_policy:
description:
- A list of managed policy ARNs or friendly names to attach to the user. To embed
an inline policy, use M(iam_policy).
required: false
security_token:
aliases:
- access_token
description:
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN
environment variable is used.
type: str
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
type: bool
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool
user:
contains:
arn:
description: the Amazon Resource Name (ARN) specifying the user
sample: arn:aws:iam::1234567890:user/testuser1
type: string
create_date:
description: the date and time, in ISO 8601 date-time format, when the user
was created
sample: '2017-02-08T04:36:28+00:00'
type: string
path:
description: the path to the user
sample: /
type: string
user_id:
description: the stable and unique string identifying the user
sample: AGPAIDBWE12NSFINE55TM
type: string
user_name:
description: the friendly name that identifies the user
sample: testuser1
type: string
description: dictionary containing all the user information
returned: success
type: complex