MAS DevOps Ansible Collection Ansible CLI
Home Roles: Dependency Mgmt aws_bucket_access_point Prerequisites Role Variables Example Playbook Run Role Playbook License

aws_bucket_access_point¤

This role will create an access point and associates it with the specified s3/aws bucket in the targeted AWS account.

Prerequisites¤

To run this role successfully you must have already installed the AWS CLI. Also, you need to have AWS user credentials configured via aws configure command or simply export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your corresponding AWS username credentials prior running this role.

Role Variables¤

aws_access_point_name¤

The name you want to assign to this access point.

  • Required.
  • Environment Variable: AWS_ACCESS_POINT_NAME
  • Default Value: access-point-c1

aws_access_point_bucket_name¤

The name of the bucket that you want to associate this access point with.

  • Required.
  • Environment Variable: COS_BUCKET_NAME
  • Default Value: None

aws_access_point_region¤

The region where the bucket is located.

  • Required.
  • Environment Variable: AWS_REGION
  • Default Value: us-east-2

aws_access_point_username¤

The AWS account or username who is allowed access to the actions defined in by the access point policy. By default, the defined aws_access_point_username will have read-only permissions to the bucket objects through the created access point alias.

  • Required.
  • Environment Variable: AWS_ACCESS_POINT_USERNAME
  • Default Value: None

Example Playbook¤

After installing the Ansible Collection you can include this role in your own custom playbooks.

- hosts: localhost
  vars:
    aws_access_point_name: "{{ lookup('env', 'AWS_ACCESS_POINT_NAME') | default('access-point-c1', True) }}"
    aws_access_point_bucket_name: "{{ lookup('env', 'COS_BUCKET_NAME') }}"
    aws_access_point_region: "{{ lookup('env', 'AWS_REGION') | default('us-east-2', True) }}"
    aws_access_point_username: "{{ lookup('env', 'AWS_ACCESS_POINT_USERNAME') }}"
  roles:
    - ibm.mas_devops.aws_bucket_access_point

Run Role Playbook¤

After installing the Ansible Collection you can easily run the role standalone using the run_role playbook provided.

export AWS_ACCESS_POINT_NAME=my-aws-access-point
export COS_BUCKET_NAME=my-aws-bucket
export AWS_ACCESS_POINT_USERNAME=my-aws-username
ROLE_NAME=aws_bucket_access_point ansible-playbook ibm.mas_devops.run_role

License¤

EPL-2.0