Has this discussion gotten away from ansible and drifted into an AWS question?
Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123 On Feb 10, 2023, at 7:41 AM, Dick Visser <[email protected]> wrote: You could use an inline template to loop over the list of actions, for example: --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: | Version: "2012-10-17" Statement: {% for action in actions %} - Action: {{ action }} Effect: Allow Resource: "*" {% endfor %} state: present vars: actions: - acm-pca:ListTags - acm-pca:GetPolicy - acm-pca:GetPolicy On Fri, 10 Feb 2023 at 00:34, Tony Wong <[email protected]<mailto:[email protected]>> wrote: Yep only last value On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <[email protected]<mailto:[email protected]>> wrote: Here's an idea: Register the result, and show us the output from `ansible-playbook -vv`. Based on what you said before about it replacing rather than adding to, I'm going to guess you're only getting the last value. (?) On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote: trying my loop but its only putting in one value . any idea? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: "{{ item }}" Effect: "Allow" Resource: "*" state: present loop: - acm-pca:ListTags - acm-pca:GetPolicy - acm-pca:GetPolicy On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote: ok I tried doing it this way and it worked but wiped out my existing policy. any idea how to append instead of replace? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: ["appstream:DescribeStacks"] Effect: "Allow" Resource: "*" state: present On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote: yes it does On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible Project <[email protected]> wrote: Does your AWS user ID used by the task have rights to modify IAM policies? Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123<tel:(202)%20355-4123> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote: I am trying to add or modify an iam policy with below. it ran but did not modify anything any idea? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy community.aws.iam_managed_policy: policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy: Version: "2012-10-17" Statement: - Effect: "Allow" "Action": "appstream:DescribeStacks" Resource: "*" make_default: false state: present -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887812412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iE6gsi78sZB0cj8oo%2FJuBggn0tKan%2FE0rnj5qJ%2FYE64%3D&reserved=0>. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887812412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PgFHA0vG2laWOoHq1WB0rTcPoXmT19H%2BHA6wdY6f7V8%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0A40E414-A094-499F-A48F-750F8F8072C5%2540nist.gov%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887812412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=67VC%2FQrQ51MZudA%2B1q7Vm62EXgP4yIGZPzC2NIo74LA%3D&reserved=0>. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887812412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PgFHA0vG2laWOoHq1WB0rTcPoXmT19H%2BHA6wdY6f7V8%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887969079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4LiAVwjKiITFt%2FB2Z1zbBoZBHkhjFMazWsOaJube2AQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCALmkhkpizPuW1_Mch_7cyDmLTvVNL%253DFviaXQ%252BqEGVsO2Q1y-PA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887969079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LB4G%2BRGqFNNrUxTJo%2BTlPUgkMMyW%2B%2FIiVsILYOBVCro%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAF8BbLYNtcvCKGgwsPbnOV86jwh%252BYEu5N_Vn6uaA8LvUGeof8w%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Ccfe9cfe82860419ebaab08db0b642026%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638116296887969079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=r5xva5ZblDskI2klHgyLp1NbHapH%2FgGKzmcUkWlq4bQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/F3F694FF-3E79-48A0-8A5B-00EB1ADBFC73%40nist.gov.
