tried but it failed
fatal: [localhost]: FAILED! => {
"boto3_version": "1.24.27",
"botocore_version": "1.27.27",
"changed": false,
"error": {
"code": "MalformedPolicyDocument",
"message": "Syntax errors in policy.",
"type": "Sender"
},
"invocation": {
"module_args": {
"access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"debug_botocore_endpoint_logs": false,
"endpoint_url": null,
"iam_name": "aws_test_role",
"iam_type": "role",
"policy_json": "\"Version: \\\"2012-10-17\\\"\\nStatement:\\n
- Action: acm-pca:ListTags\\n Effect: Allow\\n Resource:
\\\"*\\\"\\n - Action: acm-pca:GetPolicy\\n Effect: Allow\\n
Resource: \\\"*\\\"\\n - Action: acm-pca:GetPolicy\\n Effect: Allow\\n
Resource: \\\"*\\\"\\n\"",
"policy_name": "PrismaCloud-IAM-ReadOnly-Policy",
"profile": null,
"region": null,
"secret_key": null,
"session_token": null,
"skip_duplicates": false,
"state": "present",
"validate_certs": true
}
},
"msg": "An error occurred (MalformedPolicyDocument) when calling the
PutRolePolicy operation: Syntax errors in policy.",
"response_metadata": {
"http_headers": {
"connection": "close",
"content-length": "279",
"content-type": "text/xml",
"date": "Mon, 13 Feb 2023 16:10:28 GMT",
"x-amzn-requestid": "8ab06377-a416-45ea-a132-328cd03d329f"
},
"http_status_code": 400,
"request_id": "8ab06377-a416-45ea-a132-328cd03d329f",
"retry_attempts": 0
}
}
On Mon, Feb 13, 2023 at 8:02 AM Dick Visser <[email protected]> wrote:
> On Mon, 13 Feb 2023 at 15:55, Tony Wong <[email protected]> wrote:
>
> > "msg": "Failed to decode the policy as valid JSON: Expecting value:
> line 1 column 1 (char 0)"
>
> So, you will need to use proper JSON.
> Give this a try:
>
> ---
> - name: test
> hosts: localhost
> tasks:
> - name: Create IAM Managed Policy
> amazon.aws.iam_policy:
> iam_type: role
> iam_name: "aws_test_role"
> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
> policy_json: "{{ policy | to_json }}"
> state: present
> vars:
> actions:
> - acm-pca:ListTags
> - acm-pca:GetPolicy
> - acm-pca:GetPolicy
> policy: |
> Version: "2012-10-17"
> Statement:
> {% for action in actions %}
> - Action: {{ action }}
> Effect: Allow
> Resource: "*"
> {% endfor %}
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZKn4GQEjnRUGTTsZ358_mJ6a1cpqyRPtbXvMzoUNtvJQ%40mail.gmail.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkqvQmg4x-M3nQUNigO4PQ_Et765EP4tOHkJiUYvf4ftZg%40mail.gmail.com.
