IAM Roles with Ansible

[Dan]

# Example of role with custom trust policy for Lambda service

---

task:

- name: Assign a policy called Admin to the administrators group

  iam_policy:

    region: us-east-1

    profile: dev

    iam_type: role

    iam_name: test

    policy_name: Admin

    state: present

    policy_document: hhc-dev-ops-LV2.json

Everytime I run this as 

`ansible-playbook -i /etc/ansible/local Dev-Test-IAM-pwr.yaml`

It fails and barks at 

The offending line appears to be:

---

task:

^ here

Is it tasks or task?

[Vincent Van der Kussen]

Hi,

I believe it is 'tasks:'

Vincent

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4437ca4b-fefc-4022-9717-b78f217bba5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dan]

Made the modification still no luck:

ansible-playbook -i /etc/ansible/local Dev-Test-IAM-pwr.yaml

ERROR! playbooks must be a list of plays

The error appears to have been in /Dev-Test-IAM-pwr.yaml': line 3, column 1, but may

be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---

tasks:

^ here

I am unsure of how the "iam_policy" module and the "iam" module differ, other than the maintainer. Can anyone provide me a test yaml file so I can get on with either module? If I can't move foward with this module, then I should just create my roles via AWS cmdline. 

[Jeremy Young]

Looks like a spacing issue.  Your list of tasks needs to be indented two spaces.

[Dan]

Ok I ran by using the command `ansible-playbook -i /etc/ansible/local Dev-Test-IAM.yml`

Is that the fault? Do I need to specifically call the module into play? Example: the EC2_Group in the past the module was called out in the yml file. But I see that has changed. 

---
  tasks:

  - name: Assign a policy called Admin to the administrators group
    iam_policy:
      region: us-east-1
      profile: dev
      iam_type: role
      iam_name: test
      policy_name: Admin
      state: present
      policy_document: hhc-dev-ops-LV2.json

[Dan]

Spacing was changed and I am really at a loss.

Python 2.7.12

ansible 2.3.0

Mac

If someone can create an example that works, I will be willing to try that, to be able to move forward.

Any help?

[Josh Smift]

Is the file that you're showing here a playbook, or a role file?

If it's a playbook, it needs more stuff than just the list of tasks. See
https://docs.ansible.com/ansible/playbooks_intro.html for some basics.

-Josh (j...@care.com)

(apologies for the automatic corporate disclaimer that follows)

This email is intended for the person(s) to whom it is addressed and may contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use, distribution, copying, or disclosure by any person other than the addressee(s) is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email and delete the message and any attachments from your system.

[Dan]

Yep that was it, thanks for the pointer! This throws errors but this is the right direction.

---
- name: ANS Dev Security Group Build .v01                                        
  hosts: 127.0.0.1
  connection: local
  tasks:
  - name: Create two new IAM users with API keys
    iam:
      iam_type: user
      name: stuff
      state: test
      profile: test
      password: test
      access_key_state: create
    with_items:
      - test
      - test2