aws_policy

This role will create an AWS IAM Policy from a JSON file in the targeted AWS account.

Prerequisites

To run this role successfully you must have already installed the AWS CLI. Also, you need to have AWS user credentials configured via aws configure command or simply export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your corresponding AWS username credentials prior running this role.

Role Variables

aws_policy_name

AWS Policy name.

• Required.
• Environment Variable: AWS_POLICY_NAME
• Default Value: None

aws_policy_json_file_path_local

Local path for the AWS Policy json file. The AWS Policy json file should be structured as the sample found in /files/policy-template-sample.json

• Required.
• Environment Variable: AWS_POLICY_JSON_FILE_PATH_LOCAL
• Default Value: None

Example Playbook

After installing the Ansible Collection you can include this role in your own custom playbooks.

- hosts: localhost
  vars:
    aws_policy: "{{ lookup('env', 'AWS_POLICY_NAME') }}"
    aws_policy_json_file_path_local: "{{ lookup('env', 'AWS_POLICY_JSON_FILE_PATH_LOCAL') }}"
  roles:
    - ibm.mas_devops.aws_policy

Run Role Playbook

After installing the Ansible Collection you can easily run the role standalone using the run_role playbook provided.

export AWS_POLICY_NAME=my-aws-policy
export AWS_POLICY_JSON_FILE_PATH_LOCAL=/tmp/local/my-aws-policy.json
ROLE_NAME=aws_policy ansible-playbook ibm.mas_devops.run_role

License

EPL-2.0