Your policy_json doesn't look like JSON. Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123
On Feb 13, 2023, at 9:55 AM, Tony Wong <[email protected]> wrote: any idea on this? fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "access_key": null, "aws_ca_bundle": null, "aws_config": null, "debug_botocore_endpoint_logs": false, "endpoint_url": null, "iam_name": "aws_test_role", "iam_type": "role", "policy_json": "Version: \"2012-10-17\"\nStatement:\n - Action: acm-pca:ListTags\n Effect: Allow\n Resource: \"*\"\n - Action: acm-pca:GetPolicy\n Effect: Allow\n Resource: \"*\"\n - Action: acm-pca:GetPolicy\n Effect: Allow\n Resource: \"*\"", "policy_name": "PrismaCloud-IAM-ReadOnly-Policy", "profile": null, "region": null, "secret_key": null, "session_token": null, "skip_duplicates": false, "state": "present", "validate_certs": true } }, "msg": "Failed to decode the policy as valid JSON: Expecting value: line 1 column 1 (char 0)" } On Fri, Feb 10, 2023 at 12:18 PM Tony Wong <[email protected]<mailto:[email protected]>> wrote: hi I got "msg": "Failed to decode the policy as valid JSON: Expecting value: line 1 column 1 (char 0)" On Fri, Feb 10, 2023 at 4:41 AM Dick Visser <[email protected]<mailto:[email protected]>> wrote: You could use an inline template to loop over the list of actions, for example: --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: | Version: "2012-10-17" Statement: {% for action in actions %} - Action: {{ action }} Effect: Allow Resource: "*" {% endfor %} state: present vars: actions: - acm-pca:ListTags - acm-pca:GetPolicy - acm-pca:GetPolicy On Fri, 10 Feb 2023 at 00:34, Tony Wong <[email protected]<mailto:[email protected]>> wrote: Yep only last value On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <[email protected]<mailto:[email protected]>> wrote: Here's an idea: Register the result, and show us the output from `ansible-playbook -vv`. Based on what you said before about it replacing rather than adding to, I'm going to guess you're only getting the last value. (?) On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote: trying my loop but its only putting in one value . any idea? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: "{{ item }}" Effect: "Allow" Resource: "*" state: present loop: - acm-pca:ListTags - acm-pca:GetPolicy - acm-pca:GetPolicy On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote: ok I tried doing it this way and it worked but wiped out my existing policy. any idea how to append instead of replace? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy amazon.aws.iam_policy: iam_type: role iam_name: "aws_test_role" policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy_json: Version: "2012-10-17" Statement: - Action: ["appstream:DescribeStacks"] Effect: "Allow" Resource: "*" state: present On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote: yes it does On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible Project <[email protected]> wrote: Does your AWS user ID used by the task have rights to modify IAM policies? Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123<tel:(202)%20355-4123> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote: I am trying to add or modify an iam policy with below. it ran but did not modify anything any idea? --- - name: test hosts: localhost tasks: - name: Create IAM Managed Policy community.aws.iam_managed_policy: policy_name: "PrismaCloud-IAM-ReadOnly-Policy" policy: Version: "2012-10-17" Statement: - Effect: "Allow" "Action": "appstream:DescribeStacks" Resource: "*" make_default: false state: present -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nIe2%2BCajeQR6zVyK%2FtKc99rfBvIpKAifWW1Dox5hluE%3D&reserved=0>. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SdWeJB3Nl%2F1HSMGCSH23HzfSzi0UsqbYhv65iHJWPqc%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0A40E414-A094-499F-A48F-750F8F8072C5%2540nist.gov%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LoQILM0wqPEPqzafVepjTvtpoz32yV3uPUZd7HQNtG4%3D&reserved=0>. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SdWeJB3Nl%2F1HSMGCSH23HzfSzi0UsqbYhv65iHJWPqc%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2F58wpB5HQW0oD8us5OiWwmvY76hlIXcXDwGR46QAMPQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCALmkhkpizPuW1_Mch_7cyDmLTvVNL%253DFviaXQ%252BqEGVsO2Q1y-PA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Wtc%2FuWGpe7JSwO1ObEU8C%2FtX6peBwMhi8SiM%2FZ26xCM%3D&reserved=0>. -- You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SdWeJB3Nl%2F1HSMGCSH23HzfSzi0UsqbYhv65iHJWPqc%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAF8BbLYNtcvCKGgwsPbnOV86jwh%252BYEu5N_Vn6uaA8LvUGeof8w%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UkI3F7ToGVo3lPUCDuGLMP8G3ZCoQD%2F9WVK9mYAakX8%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkoTr5maFdxoTP5sg85Mnr9di-5uRx5%2BuW-Jy%2BMZTmQ5dw%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCALmkhkoTr5maFdxoTP5sg85Mnr9di-5uRx5%252BuW-Jy%252BMZTmQ5dw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C7610951128014acd170408db0dd26159%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638118969460560934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g1Q1mP2k3HGur78szuasbvBS3FCv6QUib9IJcBQ%2FtTI%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/372149B3-D0DB-416C-B11E-4197779B2FC0%40nist.gov.
