hi I got
"msg": "Failed to decode the policy as valid JSON: Expecting value: line 1 column 1 (char 0)" On Fri, Feb 10, 2023 at 4:41 AM Dick Visser <[email protected]> wrote: > You could use an inline template to loop over the list of actions, for > example: > > --- > > - name: test > > hosts: localhost > > tasks: > > - name: Create IAM Managed Policy > > amazon.aws.iam_policy: > > iam_type: role > > iam_name: "aws_test_role" > > policy_name: "PrismaCloud-IAM-ReadOnly-Policy" > > policy_json: | > > Version: "2012-10-17" > > Statement: > > {% for action in actions %} > > - Action: {{ action }} > > Effect: Allow > > Resource: "*" > > {% endfor %} > > state: present > > vars: > > actions: > > - acm-pca:ListTags > > - acm-pca:GetPolicy > > - acm-pca:GetPolicy > > > > > On Fri, 10 Feb 2023 at 00:34, Tony Wong <[email protected]> wrote: > >> Yep only last value >> >> On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <[email protected]> wrote: >> >>> Here's an idea: Register the result, and show us the output from >>> `ansible-playbook -vv`. >>> Based on what you said before about it replacing rather than adding to, >>> I'm going to guess you're only getting the last value. (?) >>> >>> On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote: >>> >>>> trying my loop but its only putting in one value . any idea? >>>> >>>> --- >>>> - name: test >>>> hosts: localhost >>>> tasks: >>>> - name: Create IAM Managed Policy >>>> amazon.aws.iam_policy: >>>> iam_type: role >>>> iam_name: "aws_test_role" >>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy" >>>> policy_json: >>>> Version: "2012-10-17" >>>> Statement: >>>> - Action: "{{ item }}" >>>> Effect: "Allow" >>>> Resource: "*" >>>> state: present >>>> loop: >>>> - acm-pca:ListTags >>>> - acm-pca:GetPolicy >>>> - acm-pca:GetPolicy >>>> >>>> On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote: >>>> >>>>> ok I tried doing it this way and it worked but wiped out my existing >>>>> policy. any idea how to append instead of replace? >>>>> >>>>> --- >>>>> - name: test >>>>> hosts: localhost >>>>> tasks: >>>>> - name: Create IAM Managed Policy >>>>> amazon.aws.iam_policy: >>>>> iam_type: role >>>>> iam_name: "aws_test_role" >>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy" >>>>> policy_json: >>>>> Version: "2012-10-17" >>>>> Statement: >>>>> - Action: ["appstream:DescribeStacks"] >>>>> Effect: "Allow" >>>>> Resource: "*" >>>>> state: present >>>>> >>>>> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote: >>>>> >>>>>> yes it does >>>>>> >>>>>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible >>>>>> Project <[email protected]> wrote: >>>>>> >>>>> Does your AWS user ID used by the task have rights to modify IAM >>>>>>> policies? >>>>>>> >>>>>>> Walter >>>>>>> -- >>>>>>> Walter Rowe, Division Chief >>>>>>> Infrastructure Services, OISM >>>>>>> Mobile: 202.355.4123 <(202)%20355-4123> >>>>>>> >>>>>> >>>>>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote: >>>>>>> >>>>>>> I am trying to add or modify an iam policy with below. it ran but >>>>>>> did not modify anything >>>>>>> >>>>>>> any idea? >>>>>>> >>>>>>> --- >>>>>>> - name: test >>>>>>> hosts: localhost >>>>>>> tasks: >>>>>>> - name: Create IAM Managed Policy >>>>>>> community.aws.iam_managed_policy: >>>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy" >>>>>>> policy: >>>>>>> Version: "2012-10-17" >>>>>>> Statement: >>>>>>> - Effect: "Allow" >>>>>>> "Action": "appstream:DescribeStacks" >>>>>>> Resource: "*" >>>>>>> make_default: false >>>>>>> state: present >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com >>>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0> >>>>>>> . >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to a topic in >>>>>>> the Google Groups "Ansible Project" group. >>>>>>> To unsubscribe from this topic, visit >>>>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe >>>>>>> . >>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>> [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov >>>>>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhko3cNbHWt50LVGBejZ74HgPgcGrEu_09YqPFjA7OHUBiA%40mail.gmail.com.
