Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
--- | |
## Usage: | |
## ansible-playbook s3-playbook.yml | |
- hosts: localhost | |
connection: local | |
gather_facts: False | |
vars: | |
buckets: | |
'<BucketName>' : '<BucketARN>' | |
'com.example.bucket' : 'arn:aws:s3:::com.example.bucket' | |
user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user' | |
tasks: | |
- name: Create empty buckets for backup | |
s3_bucket: | |
name: '{{ item.key }}' | |
state: present | |
policy: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
'AWS' : '{{ user_account }}' | |
Action: [ | |
's3:ListBucket', | |
's3:DeleteObject', | |
's3:GetObject', | |
's3:PutObject', | |
's3:PutObjectAcl' | |
] | |
Resource: [ | |
'{{item.value}}/*', | |
'{{item.value}}' | |
] | |
with_dict: "{{ buckets }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
bmamouri commentedJun 4, 2018
•
edited
Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203
However, you may use
lookup
function to load a template from json.j2 file.