-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcc-iam-setup.yml
More file actions
49 lines (49 loc) · 1.79 KB
/
cc-iam-setup.yml
File metadata and controls
49 lines (49 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
- name: create requisite Code Commit IAM resources
hosts: localhost
gather_facts: False
tasks:
- name: create an IAM group
iam:
iam_type: group
name: CodeCommitPushPullGroup
state: present
register: new_group
- name: create an IAM user
iam:
iam_type: user
name: CodeCommitPushPullUser
state: present
groups: CodeCommitPushPullGroup
- name: create IAM role
iam:
iam_type: role
name: CodeCommitPushPullRole
state: present
- name: create inline IAM policy and attach to Group created above
iam_policy:
iam_type: group
iam_name: CodeCommitPushPullGroup
policy_name: CodeCommitPushPullPolicy
policy_document: files/cc-push-pull-policy.json
state: present
- name: create inline IAM policy and attach to Role created above
iam_policy:
iam_type: role
iam_name: CodeCommitPushPullRole
policy_name: CodeCommitPushPullPolicy
policy_document: files/cc-push-pull-policy.json
state: present
- name: create inline IAM policy and attach to Role created above
iam_policy:
iam_type: role
iam_name: CodeCommitPushPullRole
policy_name: S3ResourcesBucketPolicy
policy_document: files/s3-get-object-policy.json
state: present
- name: upload public SSH key for CodeCommitPushPullUser
shell: "aws iam upload-ssh-public-key --ssh-public-key-body file://./files/cc_ssh_user.pub --user-name CodeCommitPushPullUser --query 'SSHPublicKey.{ID:SSHPublicKeyId}' --output text"
register: upload_result
- name: debug upload upload_result
debug: var=upload_result
- name: set_fact for ssh public key id
set_fact: ssh_pub_key_id="{{ upload_result.stdout }}"