MAS DevOps Ansible Collection Ansible CLI
Edit on GitHub Home Ansible Automation Platform OCP Install Cloud Pak For Data Install Core Add AIBroker Add IoT Add Manage Add Monitor Add Optimizer Add Predict Add Visual Inspection Update Upgrade Uninstall Core Backup & Restore ocp_cluster_monitoring ocp_config ocp_deprovision ocp_efs ocp_github_oauth ocp_login ocp_node_config ocp_provision ocp_roks_upgrade_registry_storage ocp_upgrade ocp_verify appconnect aws_bucket_access_point aws_documentdb_user aws_policy aws_route53 aws_user_creation aws_vpc cert_manager cis common-services configure_manage_eventstreams cos cos_bucket cp4d_admin_pwd_update cp4d cp4d_service db2 dro eck grafana ibm_catalogs kafka nvidia_gpu mongodb ocs sls turbonomic uds mirror_case_prepare mirror_extras_prepare mirror_images mirror_ocp ocp_idms ocp_simulate_disconnected_network registry suite_app_config suite_app_install suite_app_uninstall suite_app_upgrade suite_app_rollback suite_app_backup_restore suite_certs suite_config suite_db2_setup_for_manage suite_dns suite_install suite_manage_attachments_config suite_manage_birt_report_config suite_manage_bim_config suite_manage_customer_files_config suite_manage_imagestitching_config suite_manage_import_certs_config suite_manage_load_dbc_scripts suite_manage_logging_config suite_manage_pvc_config suite_uninstall suite_upgrade suite_rollback suite_verify suite_backup_restore ansible_version_check entitlement_key_rotation gencfg_jdbc gencfg_watsonstudio gencfg_workspace gencfg_mongo
Home Roles: Dependency Mgmt aws_user_creation Prerequisites Role Variables Example Playbook Run Role Playbook License

aws_user_creation¤

This role will create an AWS IAM Username and corresponding IAM Access Key ID and Secret Access Key in the targeted AWS account.

Prerequisites¤

To run this role successfully you must have already installed the AWS CLI. Also, you need to have AWS user credentials configured via aws configure command or simply export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your corresponding AWS username credentials prior running this role.

Role Variables¤

aws_username¤

AWS Username.

aws_username_create_access_key_flag¤

Flag that defines if IAM Access Key ID and Secret Access Key should be created for the AWS Username. If set to False, then only the AWS Username will be created but no IAM Access Key ID and Secret Access Key.

aws_username_access_key_id¤

Defines an existing IAM Access Key ID for your AWS username. If both aws_username_access_key_id and aws_username_secret_access_key are defined, then aws_username_create_access_key_flag will be automatically forced to False, therefore if you want to create new pair of credentials for the username, do not set this property.

aws_username_secret_access_key¤

Defines and existing IAM Secret Access Key for your AWS username. If both aws_username_access_key_id and aws_username_secret_access_key are defined, then aws_username_create_access_key_flag will be automatically forced to False, therefore if you want to create new pair of credentials for the username, do not set this property.

aws_policy_arn¤

If set, then it will attach the corresponding policy to the AWS Username's permissions.

Example Playbook¤

After installing the Ansible Collection you can include this role in your own custom playbooks.

- hosts: localhost
  vars:
    aws_username: "{{ lookup('env', 'AWS_USERNAME') }}"
    aws_username_create_access_key_flag: "{{ lookup('env', 'AWS_USERNAME_CREATE_ACCESS_KEY_FLAG') }}"
    aws_policy_arn: "{{ lookup('env', 'AWS_POLICY_ARN') }}"
  roles:
    - ibm.mas_devops.aws_policy

Run Role Playbook¤

After installing the Ansible Collection you can easily run the role standalone using the run_role playbook provided.

export AWS_USERNAME=my-aws-username
export AWS_USERNAME_CREATE_ACCESS_KEY_FLAG=True
export AWS_POLICY_ARN=arn:aws:iam::my-id:policy/my-policy-name
ROLE_NAME=aws_user_creation ansible-playbook ibm.mas_devops.run_role

License¤

EPL-2.0