Skip to content

Instantly share code, notes, and snippets.

@ebridges

ebridges/s3-playbook.yml

Last active Nov 5, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
Raw
s3-playbook.yml
---
## Usage:
## ansible-playbook s3-playbook.yml
- hosts: localhost
connection: local
gather_facts: False
vars:
buckets:
'<BucketName>' : '<BucketARN>'
'com.example.bucket' : 'arn:aws:s3:::com.example.bucket'
user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user'
tasks:
- name: Create empty buckets for backup
s3_bucket:
name: '{{ item.key }}'
state: present
policy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
'AWS' : '{{ user_account }}'
Action: [
's3:ListBucket',
's3:DeleteObject',
's3:GetObject',
's3:PutObject',
's3:PutObjectAcl'
]
Resource: [
'{{item.value}}/*',
'{{item.value}}'
]
with_dict: "{{ buckets }}"
@bmamouri

This comment has been minimized.

Sign in to view
Copy link

@bmamouri bmamouri commented Jun 4, 2018
edited

Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203

However, you may use lookup function to load a template from json.j2 file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.