Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
---
## Usage:
## ansible-playbook s3-playbook.yml
- hosts: localhost
connection: local
gather_facts: False
vars:
buckets:
'<BucketName>' : '<BucketARN>'
'com.example.bucket' : 'arn:aws:s3:::com.example.bucket'
user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user'
tasks:
- name: Create empty buckets for backup
s3_bucket:
name: '{{ item.key }}'
state: present
policy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
'AWS' : '{{ user_account }}'
Action: [
's3:ListBucket',
's3:DeleteObject',
's3:GetObject',
's3:PutObject',
's3:PutObjectAcl'
]
Resource: [
'{{item.value}}/*',
'{{item.value}}'
]
with_dict: "{{ buckets }}"
@bmamouri

This comment has been minimized.

Show comment
Hide comment
@bmamouri

bmamouri Jun 4, 2018

Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203

However, you may use lookup function to load a template from json.j2 file.

bmamouri commented Jun 4, 2018

Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203

However, you may use lookup function to load a template from json.j2 file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment