iam_managed_policy - Manage User Managed IAM policies

New in version 2.4.

Synopsis

  • Allows creating and removing managed IAM policies

Requirements (on host that executes module)

  • boto3
  • botocore

Options

parameter required default choices comments
make_default
no True
Make this revision the default revision.
only_version
no
Remove all other non default revisions, if this is used with make_default it will result in all other versions of this policy being deleted.
policy
no
A properly json formatted policy
policy_description
no
A helpful description of this policy, this value is immuteable and only set when creating a new policy.
policy_name
yes
The name of the managed policy.
state
yes
  • present
  • absent
Should this managed policy be present or absent. Set to absent to detach all entities from this policy and remove it if found.

Examples

# Create Policy ex nihilo
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy_description: "A Helpful managed policy"
    policy: "{{ lookup('template', 'managed_policy.json.j2') }}"
    state: present

# Update a policy with a new default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{{ lookup('file', 'managed_policy_update.json') }}"
    state: present

# Update a policy with a new non default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{{ lookup('file', 'managed_policy_update.json') }}"
    make_default: false
    state: present

# Update a policy and make it the only version and the default version
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    policy: "{ 'Version': '2012-10-17', 'Statement':[{'Effect': 'Allow','Action': '*','Resource': '*'}]}"
    only_version: true
    state: present

# Remove a policy
- name: Create IAM Managed Policy
  iam_managed_policy:
    policy_name: "ManagedPolicy"
    state: absent

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
policy
Returns the policy json structure, when state == absent this will return the value of the removed policy.
success string { "arn": "arn:aws:iam::aws:policy/AdministratorAccess " "attachment_count": 0, "create_date": "2017-03-01T15:42:55.981000+00:00", "default_version_id": "v1", "is_attachable": true, "path": "/", "policy_id": "ANPALM4KLDMTFXGOOJIHL", "policy_name": "AdministratorAccess", "update_date": "2017-03-01T15:42:55.981000+00:00" }

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/iam_managed_policy_module.html