Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Role stored in main.yml
- - name: Create S3 bucket
- s3_bucket:
- aws_access_key: "{{ aws_key }}"
- aws_secret_key: "{{ aws_secret }}"
- name: "{{ bucket_name }}"
- policy: "{{ lookup('template', templates/main.yml) }}"
- region: "{{ aws_region }}"
- register: aws_config_bucket
- Template stored in templates folder in main.yml
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "AWSConfigBucketPermissionsCheck",
- "Effect": "Allow",
- "Principal": {
- "Service": "config.amazonaws.com"
- },
- "Action": "s3:GetBucketAcl",
- "Resource": "arn:aws:s3:::{{ bucket_name }}"
- },
- {
- "Sid": "AWSConfigBucketDelivery",
- "Effect": "Allow",
- "Principal": {
- "Service": "config.amazonaws.com"
- },
- "Action": "s3:PutObject",
- "Resource": "arn:aws:s3:::{{ bucket_name }}/AWSLogs/{{ account_number }}/Config/*",
- "Condition": {
- "StringEquals": {
- "s3:x-amz-acl": "bucket-owner-full-control"
- }
- }
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement