You could use an inline template to loop over the list of actions, for
example:
---
- name: test
hosts: localhost
tasks:
- name: Create IAM Managed Policy
amazon.aws.iam_policy:
iam_type: role
iam_name: "aws_test_role"
policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
policy_json: |
Version: "2012-10-17"
Statement:
{% for action in actions %}
- Action: {{ action }}
Effect: Allow
Resource: "*"
{% endfor %}
state: present
vars:
actions:
- acm-pca:ListTags
- acm-pca:GetPolicy
- acm-pca:GetPolicy
On Fri, 10 Feb 2023 at 00:34, Tony Wong <[email protected]> wrote:
> Yep only last value
>
> On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <[email protected]> wrote:
>
>> Here's an idea: Register the result, and show us the output from
>> `ansible-playbook -vv`.
>> Based on what you said before about it replacing rather than adding to,
>> I'm going to guess you're only getting the last value. (?)
>>
>> On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote:
>>
>>> trying my loop but its only putting in one value . any idea?
>>>
>>> ---
>>> - name: test
>>> hosts: localhost
>>> tasks:
>>> - name: Create IAM Managed Policy
>>> amazon.aws.iam_policy:
>>> iam_type: role
>>> iam_name: "aws_test_role"
>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>> policy_json:
>>> Version: "2012-10-17"
>>> Statement:
>>> - Action: "{{ item }}"
>>> Effect: "Allow"
>>> Resource: "*"
>>> state: present
>>> loop:
>>> - acm-pca:ListTags
>>> - acm-pca:GetPolicy
>>> - acm-pca:GetPolicy
>>>
>>> On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote:
>>>
>>>> ok I tried doing it this way and it worked but wiped out my existing
>>>> policy. any idea how to append instead of replace?
>>>>
>>>> ---
>>>> - name: test
>>>> hosts: localhost
>>>> tasks:
>>>> - name: Create IAM Managed Policy
>>>> amazon.aws.iam_policy:
>>>> iam_type: role
>>>> iam_name: "aws_test_role"
>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>> policy_json:
>>>> Version: "2012-10-17"
>>>> Statement:
>>>> - Action: ["appstream:DescribeStacks"]
>>>> Effect: "Allow"
>>>> Resource: "*"
>>>> state: present
>>>>
>>>> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote:
>>>>
>>>>> yes it does
>>>>>
>>>>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible
>>>>> Project <[email protected]> wrote:
>>>>>
>>>> Does your AWS user ID used by the task have rights to modify IAM
>>>>>> policies?
>>>>>>
>>>>>> Walter
>>>>>> --
>>>>>> Walter Rowe, Division Chief
>>>>>> Infrastructure Services, OISM
>>>>>> Mobile: 202.355.4123 <(202)%20355-4123>
>>>>>>
>>>>>
>>>>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote:
>>>>>>
>>>>>> I am trying to add or modify an iam policy with below. it ran but did
>>>>>> not modify anything
>>>>>>
>>>>>> any idea?
>>>>>>
>>>>>> ---
>>>>>> - name: test
>>>>>> hosts: localhost
>>>>>> tasks:
>>>>>> - name: Create IAM Managed Policy
>>>>>> community.aws.iam_managed_policy:
>>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>>> policy:
>>>>>> Version: "2012-10-17"
>>>>>> Statement:
>>>>>> - Effect: "Allow"
>>>>>> "Action": "appstream:DescribeStacks"
>>>>>> Resource: "*"
>>>>>> make_default: false
>>>>>> state: present
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Ansible Project" group.
>>>>>>
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com
>>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0>
>>>>>> .
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to a topic in
>>>>>> the Google Groups "Ansible Project" group.
>>>>>> To unsubscribe from this topic, visit
>>>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>>>> .
>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>> [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov
>>>>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com.
