I think they did provide it .. just not with line numbers.
---
- name: test
hosts: localhost
vars_files:
- policy.yml
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-R
If you're going to post an error indicating an undefined variable problem
on line 7 column 5 of a file we don't have, and you aren't going to give us
that portion of the file, or show us why you think that variable should be
defined at that point, what then do you expect us to do? We're trying t
now getting this
fatal: [localhost]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The
error was: 'actions' is undefined\n\nThe error appears to be in
'/Users/t/virtualenv/ansible/update_iam_policy/update_iam3.yaml': line 7,
column 5, but may\nbe elsewhere in the
On Thu, 16 Feb 2023 at 17:11, Tony Wong wrote:
> ok this is more ansible problem.
>
> I like to put my policy changes in a vars file
>
> so I got a policy.yaml file like this
>
>
> policy.yaml
>
> acm-pca:ListTags
> acm-pca:GetPolicy
> acm-pca:GetPolicy
>
> ---
> - name: test
> hosts: localhost
>
ended up using the policy lookup method
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
policy_json: "{{ lookup('template','policy.json.j2') }}"
works but I gu
ok this is more ansible problem.
I like to put my policy changes in a vars file
so I got a policy.yaml file like this
policy.yaml
acm-pca:ListTags
acm-pca:GetPolicy
acm-pca:GetPolicy
---
- name: test
hosts: localhost
vars_files:
- policy.yml
tasks:
- name: Create IAM Managed Policy
amazon.aws
This is not an ansible problem. You need to ready the AWS docs on specifying
IAM policies and make sure your policy adheres to their format and only
includes the key:value pairs they accept.
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Feb 13, 2023
tried but it failed
fatal: [localhost]: FAILED! => {
"boto3_version": "1.24.27",
"botocore_version": "1.27.27",
"changed": false,
"error": {
"code": "MalformedPolicyDocument",
"message": "Syntax errors in policy.",
"type": "Sender"
},
"invocation": {
On Mon, 13 Feb 2023 at 15:55, Tony Wong wrote:
> "msg": "Failed to decode the policy as valid JSON: Expecting value: line
> 1 column 1 (char 0)"
So, you will need to use proper JSON.
Give this a try:
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazo
Your policy_json doesn't look like JSON.
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Feb 13, 2023, at 9:55 AM, Tony Wong wrote:
any idea on this?
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
any idea on this?
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"debug_botocore_endpoint_logs": false,
"endpoint_url": nu
hi
I got
"msg": "Failed to decode the policy as valid JSON: Expecting value: line 1
column 1 (char 0)"
On Fri, Feb 10, 2023 at 4:41 AM Dick Visser wrote:
> You could use an inline template to loop over the list of actions, for
> example:
>
> ---
>
> - name: test
>
> hosts: localhost
>
>
Perhaps you need to query the current state of the IAM role, modify it, and
re-apply it so you are adding to the existing policy?
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Feb 9, 2023, at 6:34 PM, Tony Wong wrote:
Yep only last value
On Thu, F
Has this discussion gotten away from ansible and drifted into an AWS question?
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Feb 10, 2023, at 7:41 AM, Dick Visser wrote:
You could use an inline template to loop over the list of actions, for example:
You could use an inline template to loop over the list of actions, for
example:
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-Poli
Yep only last value
On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis wrote:
> Here's an idea: Register the result, and show us the output from
> `ansible-playbook -vv`.
> Based on what you said before about it replacing rather than adding to,
> I'm going to guess you're only getting the last value. (?)
Here's an idea: Register the result, and show us the output from
`ansible-playbook -vv`.
Based on what you said before about it replacing rather than adding to, I'm
going to guess you're only getting the last value. (?)
On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote:
> trying
trying my loop but its only putting in one value . any idea?
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
policy_json:
Version: "2012-10-17"
Statement:
- Act
ok I tried doing it this way and it worked but wiped out my existing
policy. any idea how to append instead of replace?
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-
yes it does
On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible Project
wrote:
> Does your AWS user ID used by the task have rights to modify IAM policies?
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services, OISM
> Mobile: 202.355.4123
>
> On Feb 9, 2023, at
Does your AWS user ID used by the task have rights to modify IAM policies?
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Feb 9, 2023, at 2:46 PM, Tony Wong wrote:
I am trying to add or modify an iam policy with below. it ran but did not
modify anyt
I am trying to add or modify an iam policy with below. it ran but did not
modify anything
any idea?
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
community.aws.iam_managed_policy:
policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
policy:
Version: "2012-10-17"
Statement:
22 matches
Mail list logo
