Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
| --- | |
| ## Usage: | |
| ## ansible-playbook s3-playbook.yml | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: False | |
| vars: | |
| buckets: | |
| '<BucketName>' : '<BucketARN>' | |
| 'com.example.bucket' : 'arn:aws:s3:::com.example.bucket' | |
| user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user' | |
| tasks: | |
| - name: Create empty buckets for backup | |
| s3_bucket: | |
| name: '{{ item.key }}' | |
| state: present | |
| policy: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| 'AWS' : '{{ user_account }}' | |
| Action: [ | |
| 's3:ListBucket', | |
| 's3:DeleteObject', | |
| 's3:GetObject', | |
| 's3:PutObject', | |
| 's3:PutObjectAcl' | |
| ] | |
| Resource: [ | |
| '{{item.value}}/*', | |
| '{{item.value}}' | |
| ] | |
| with_dict: "{{ buckets }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203
However, you may use
lookupfunction to load a template from json.j2 file.