/s3-playbook.yml
Last active May 17, 2019
Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
| --- | |
| ## Usage: | |
| ## ansible-playbook s3-playbook.yml | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: False | |
| vars: | |
| buckets: | |
| '<BucketName>' : '<BucketARN>' | |
| 'com.example.bucket' : 'arn:aws:s3:::com.example.bucket' | |
| user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user' | |
| tasks: | |
| - name: Create empty buckets for backup | |
| s3_bucket: | |
| name: '{{ item.key }}' | |
| state: present | |
| policy: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| 'AWS' : '{{ user_account }}' | |
| Action: [ | |
| 's3:ListBucket', | |
| 's3:DeleteObject', | |
| 's3:GetObject', | |
| 's3:PutObject', | |
| 's3:PutObjectAcl' | |
| ] | |
| Resource: [ | |
| '{{item.value}}/*', | |
| '{{item.value}}' | |
| ] | |
| with_dict: "{{ buckets }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
bmamouri commentedJun 4, 2018
•
edited
Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203
However, you may use
lookupfunction to load a template from json.j2 file.