I have had to do something like this to query IAM for information. I
attacked my issue by shelling out and running an AWS CLI command (and
passing aws_access_key, aws_secret_key and aws_region as variables)
export AWS_ACCESS_KEY_ID={{aws_access_key}}; export
AWS_SECRET_ACCESS_KEY={{aws_secret_key}};/bin/aws iam list-roles --query
'Roles[*].[\"RoleName\",\"Arn\"]' --output text --region {{aws_region}}
In your case, you might do something like this in Ansible by adding two new
variables: user_name and tags (YMMV as I wrote this at the browser; not
sure if its syntactically correct):
- name: Set fact for user name:
set_fact:
user_name: "Some user name"
- name: set iam user tags
set_fact:
iam_user_tags:
user_tag1: "same_value"
user_tag2: "same_value"
user_tag3: "same_value"
- name: Set tags for user using AWS CLI
shell: "export AWS_ACCESS_KEY_ID={{aws_access_key}}; export
AWS_SECRET_ACCESS_KEY={{aws_secret_key}};/bin/aws iam tag-user --user-name
{{user_name}} --tags {{iam_user_tags}}"
Honestly, I would probably attack this with a library using python/boto3.
If you have time, its pretty easy to build and run.
On Wednesday, October 30, 2019 at 9:49:28 AM UTC-4, MarkM wrote:
>
> Hey guys,
>
> I'm an Ansible noob and was using the AWS IAM module to create users and I
> noticed this module does not support tagging. Does anyone have any ideas
> how this can be achieved or if this will be an added feature.
>
> Thanks
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-devel/788dc5d5-6b5f-4982-94d5-cda961ce7291%40googlegroups.com.
