Role stored in main.yml- name: Create S3 bucket s3_bucket: aws_access_key

1. Role stored in main.yml
2. - name: Create S3 bucket
3. s3_bucket:
4. aws_access_key: "{{ aws_key }}"
5. aws_secret_key: "{{ aws_secret }}"
6. name: "{{ bucket_name }}"
7. policy: "{{ lookup('template', templates/main.yml) }}"
8. region: "{{ aws_region }}"
9. register: aws_config_bucket
10.  
11. Template stored in templates folder in main.yml
12. {
13. "Version": "2012-10-17",
14. "Statement": [
15. {
16. "Sid": "AWSConfigBucketPermissionsCheck",
17. "Effect": "Allow",
18. "Principal": {
19. "Service": "config.amazonaws.com"
20. },
21. "Action": "s3:GetBucketAcl",
22. "Resource": "arn:aws:s3:::{{ bucket_name }}"
23. },
24. {
25. "Sid": "AWSConfigBucketDelivery",
26. "Effect": "Allow",
27. "Principal": {
28. "Service": "config.amazonaws.com"
29. },
30. "Action": "s3:PutObject",
31. "Resource": "arn:aws:s3:::{{ bucket_name }}/AWSLogs/{{ account_number }}/Config/*",
32. "Condition": {
33. "StringEquals": {
34. "s3:x-amz-acl": "bucket-owner-full-control"
35. }
36. }
37. }
38. ]
39. }