ok I tried doing it this way and it worked but wiped out my existing policy. any idea how to append instead of replace?
--- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: ["appstream:DescribeStacks"] Effect: "Allow" Resource: "*" state: present On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <tdubb...@gmail.com> wrote: > yes it does > > On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible > Project <ansible-project@googlegroups.com> wrote: > >> Does your AWS user ID used by the task have rights to modify IAM policies? >> >> Walter >> -- >> Walter Rowe, Division Chief >> Infrastructure Services, OISM >> Mobile: 202.355.4123 >> >> On Feb 9, 2023, at 2:46 PM, Tony Wong <tdubb...@gmail.com> wrote: >> >> I am trying to add or modify an iam policy with below. it ran but did not >> modify anything >> >> any idea? >> >> --- >> - name: test >> hosts: localhost >> tasks: >> - name: Create IAM Managed Policy >> community.aws.iam_managed_policy: >> policy_name: "PrismaCloud-IAM-ReadOnly-Policy" >> policy: >> Version: "2012-10-17" >> Statement: >> - Effect: "Allow" >> "Action": "appstream:DescribeStacks" >> Resource: "*" >> make_default: false >> state: present >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-project+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0> >> . >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> ansible-project+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov >> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkoqiCUz%2BrGg2zw3LfZejo0ZNG7ZEN4j3NnN7C8A_wodRA%40mail.gmail.com.
