iam_managed_policy - Manage User Managed IAM policies
New in version 2.4.
Synopsis
- Allows creating and removing managed IAM policies
Requirements (on host that executes module)
- boto3
- botocore
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
make_default | no | True | Make this revision the default revision. | |
only_version | no | Remove all other non default revisions, if this is used with make_default it will result in all other versions of this policy being deleted. | ||
policy | no | A properly json formatted policy | ||
policy_description | no | A helpful description of this policy, this value is immuteable and only set when creating a new policy. | ||
policy_name | yes | The name of the managed policy. | ||
state | yes |
| Should this managed policy be present or absent. Set to absent to detach all entities from this policy and remove it if found. |
Examples
# Create Policy ex nihilo - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy_description: "A Helpful managed policy" policy: "{{ lookup('template', 'managed_policy.json.j2') }}" state: present # Update a policy with a new default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{{ lookup('file', 'managed_policy_update.json') }}" state: present # Update a policy with a new non default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{{ lookup('file', 'managed_policy_update.json') }}" make_default: false state: present # Update a policy and make it the only version and the default version - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" policy: "{ 'Version': '2012-10-17', 'Statement':[{'Effect': 'Allow','Action': '*','Resource': '*'}]}" only_version: true state: present # Remove a policy - name: Create IAM Managed Policy iam_managed_policy: policy_name: "ManagedPolicy" state: absent
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample |
---|---|---|---|---|
policy | Returns the policy json structure, when state == absent this will return the value of the removed policy. | success | string | { "arn": "arn:aws:iam::aws:policy/AdministratorAccess " "attachment_count": 0, "create_date": "2017-03-01T15:42:55.981000+00:00", "default_version_id": "v1", "is_attachable": true, "path": "/", "policy_id": "ANPALM4KLDMTFXGOOJIHL", "policy_name": "AdministratorAccess", "update_date": "2017-03-01T15:42:55.981000+00:00" } |
Status
This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/iam_managed_policy_module.html