How to use policy_document in iam_policy module?

[Сергей Жеревчук]

Hello, can you provide me example how to use policy_document from iam_policy module?

policy_document: "policy.json.j2" (In policy.json.j2 I store json, copied from AWS policy generator and want to save formatting for readability, policy.json.j2 stored in templates/ folder)

I'v got an exception:

No such file or directory: 'policy.json.j2'

[kevin wessel]

Hi Сергей Жеревчук,

I usually pass my policy as a json file which I store under the files directory, please see my directory structure below:

files/

    policies/

        policy.json

main.yml

In my playbook I reference the file like so:

    - name: Create and attach IAM policy to IAM role
      iam_policy:
        iam_type: role
        aws_access_key: "{{ aws_access_key_id }}"
        aws_secret_key: "{{ aws_secret_access_key }}"
        iam_name: iam-role
        policy_name: new-policy-name
        state: present
        policy_document:  "files/policies/linux-standard.json"

This works for me :)

I hope that helps.

[Сергей Жеревчук]

Hi, kevin. It’s work for me too. Also I realized, that I can save rendered template in tmp directory and then use policy_document. Thanks.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-devel/OTIEmac6kNs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-deve...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Weinrich]

You can also use policy_json to pass the policy directly as string. I added this a while ago because I had the need to use a real template as policy, not a static file.