Here's an idea: Register the result, and show us the output from
`ansible-playbook -vv`.
Based on what you said before about it replacing rather than adding to, I'm
going to guess you're only getting the last value. (?)
On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote:
> trying my loop but its only putting in one value . any idea?
>
> ---
> - name: test
> hosts: localhost
> tasks:
> - name: Create IAM Managed Policy
> amazon.aws.iam_policy:
> iam_type: role
> iam_name: "aws_test_role"
> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
> policy_json:
> Version: "2012-10-17"
> Statement:
> - Action: "{{ item }}"
> Effect: "Allow"
> Resource: "*"
> state: present
> loop:
> - acm-pca:ListTags
> - acm-pca:GetPolicy
> - acm-pca:GetPolicy
>
> On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote:
>
>> ok I tried doing it this way and it worked but wiped out my existing
>> policy. any idea how to append instead of replace?
>>
>> ---
>> - name: test
>> hosts: localhost
>> tasks:
>> - name: Create IAM Managed Policy
>> amazon.aws.iam_policy:
>> iam_type: role
>> iam_name: "aws_test_role"
>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>> policy_json:
>> Version: "2012-10-17"
>> Statement:
>> - Action: ["appstream:DescribeStacks"]
>> Effect: "Allow"
>> Resource: "*"
>> state: present
>>
>> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote:
>>
>>> yes it does
>>>
>>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible
>>> Project <[email protected]> wrote:
>>>
>>>> Does your AWS user ID used by the task have rights to modify IAM
>>>> policies?
>>>>
>>>> Walter
>>>> --
>>>> Walter Rowe, Division Chief
>>>> Infrastructure Services, OISM
>>>> Mobile: 202.355.4123 <(202)%20355-4123>
>>>>
>>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote:
>>>>
>>>> I am trying to add or modify an iam policy with below. it ran but did
>>>> not modify anything
>>>>
>>>> any idea?
>>>>
>>>> ---
>>>> - name: test
>>>> hosts: localhost
>>>> tasks:
>>>> - name: Create IAM Managed Policy
>>>> community.aws.iam_managed_policy:
>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>> policy:
>>>> Version: "2012-10-17"
>>>> Statement:
>>>> - Effect: "Allow"
>>>> "Action": "appstream:DescribeStacks"
>>>> Resource: "*"
>>>> make_default: false
>>>> state: present
>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com
>>>>
>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0>
>>>> .
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov
>>>>
>>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com.
