trying my loop but its only putting in one value . any idea?
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
policy_json:
Version: "2012-10-17"
Statement:
- Action: "{{ item }}"
Effect: "Allow"
Resource: "*"
state: present
loop:
- acm-pca:ListTags
- acm-pca:GetPolicy
- acm-pca:GetPolicy
On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote:
> ok I tried doing it this way and it worked but wiped out my existing
> policy. any idea how to append instead of replace?
>
> ---
> - name: test
> hosts: localhost
> tasks:
> - name: Create IAM Managed Policy
> amazon.aws.iam_policy:
> iam_type: role
> iam_name: "aws_test_role"
> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
> policy_json:
> Version: "2012-10-17"
> Statement:
> - Action: ["appstream:DescribeStacks"]
> Effect: "Allow"
> Resource: "*"
> state: present
>
> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote:
>
>> yes it does
>>
>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible
>> Project <[email protected]> wrote:
>>
>>> Does your AWS user ID used by the task have rights to modify IAM
>>> policies?
>>>
>>> Walter
>>> --
>>> Walter Rowe, Division Chief
>>> Infrastructure Services, OISM
>>> Mobile: 202.355.4123
>>>
>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote:
>>>
>>> I am trying to add or modify an iam policy with below. it ran but did
>>> not modify anything
>>>
>>> any idea?
>>>
>>> ---
>>> - name: test
>>> hosts: localhost
>>> tasks:
>>> - name: Create IAM Managed Policy
>>> community.aws.iam_managed_policy:
>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>> policy:
>>> Version: "2012-10-17"
>>> Statement:
>>> - Effect: "Allow"
>>> "Action": "appstream:DescribeStacks"
>>> Resource: "*"
>>> make_default: false
>>> state: present
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com
>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0>
>>> .
>>>
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov
>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkox-XBjBFG81rnpEt5X9RLdT%2BtW9H5s-mJSJQRfQvHHwg%40mail.gmail.com.
