ok I tried doing it this way and it worked but wiped out my existing policy. any idea how to append instead of replace?
--- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: ["appstream:DescribeStacks"] Effect: "Allow" Resource: "*" state: present On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote: > yes it does > > On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible > Project <[email protected]> wrote: > >> Does your AWS user ID used by the task have rights to modify IAM policies? >> >> Walter >> -- >> Walter Rowe, Division Chief >> Infrastructure Services, OISM >> Mobile: 202.355.4123 >> >> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote: >> >> I am trying to add or modify an iam policy with below. it ran but did not >> modify anything >> >> any idea? >> >> --- >> - name: test >> hosts: localhost >> tasks: >> - name: Create IAM Managed Policy >> community.aws.iam_managed_policy: >> policy_name: "PrismaCloud-IAM-ReadOnly-Policy" >> policy: >> Version: "2012-10-17" >> Statement: >> - Effect: "Allow" >> "Action": "appstream:DescribeStacks" >> Resource: "*" >> make_default: false >> state: present >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0> >> . >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov >> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkoqiCUz%2BrGg2zw3LfZejo0ZNG7ZEN4j3NnN7C8A_wodRA%40mail.gmail.com.
