Last active
June 7, 2021 16:30
-
-
Save ebridges/ebfc9042dd7c756cd101cfa807b7ae2b to your computer and use it in GitHub Desktop.
Ansible playbook to generate one or more S3 buckets with permissions useful for rclone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ## Usage: | |
| ## ansible-playbook s3-playbook.yml | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: False | |
| vars: | |
| buckets: | |
| '<BucketName>' : '<BucketARN>' | |
| 'com.example.bucket' : 'arn:aws:s3:::com.example.bucket' | |
| user_account: '<UserAccountARN>' # e.g.: 'arn:aws:iam::123456789012:user/example-user' | |
| tasks: | |
| - name: Create empty buckets for backup | |
| s3_bucket: | |
| name: '{{ item.key }}' | |
| state: present | |
| policy: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| 'AWS' : '{{ user_account }}' | |
| Action: [ | |
| 's3:ListBucket', | |
| 's3:DeleteObject', | |
| 's3:GetObject', | |
| 's3:PutObject', | |
| 's3:PutObjectAcl' | |
| ] | |
| Resource: [ | |
| '{{item.value}}/*', | |
| '{{item.value}}' | |
| ] | |
| with_dict: "{{ buckets }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for sharing, but Ansible does not support specifying policy as a dict anymore. You need to specify a json string:
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/s3_bucket.py#L203
However, you may use
lookupfunction to load a template from json.j2 file.