Hi, I've been struggling to get IAM policy and IAM role working properly, These are the two modules with the issues:
http://docs.ansible.com/ansible/iam_policy_module.html http://docs.ansible.com/ansible/iam_role_module.html#examples IAM_ROLE is where the issue happens: when creating a IAM_policy works and it accepts a policy_json file, with no issues. next step is to create IAM_role and assotate that policy with the role and add a "Trust relationship" as AWS calls it. this is passed as a small json file but fails at assume_role_policy_document: The Json is very simple, {"Version": "2008-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "ec2.amazonaws.com"},"Action": "sts:AssumeRole"}]} task config: - name: Create IAM Role with policy iam_role: name: "iamrole-{{ aws_deploy_stage }}-{{ aws_deployment_tag }}" state: present *assume_role_policy_document: "{{ lookup('file'.'../templates/role-trust-policy-document.json) }}"* managed_policy: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - arn:aws:iam::aws:policy/AWSXrayFullAccess - "policy-{{ aws_deploy_stage }}-{{ aws_deployment_name }}" fatal: [localhost]: FAILED! => { "failed": true, "msg": "template error while templating string: expected name or number. String: {{ lookup ('file'.'../templates/role-trust-policy-document.json')|to_json }}" } if I just pass a string in double quotes "" I managed to make the module pass this to AWS and it expects JSON "msg": "An error occurred (MalformedPolicyDocument) when calling the CreateRole operation: This policy contains invalid Json", "response_metadata": { "http_headers": { "connection": "close", "content-length": "288", "content-type": "text/xml", "date": "Wed, 28 Jun 2017 09:12:50 GMT", "x-amzn-requestid": "f61bb6b4-5be1-11e7-9679-d5c1bf3ed860" }, "http_status_code": 400, "request_id": "f61bb6b4-5be1-11e7-9679-d5c1bf3ed860", "retry_attempts": 0 } after spending quite some time googling and reading github issues, there is allot of related issues, both closed and opened but none accurately tell where the issue is if looks like a PR open tries to solve the great issue https://github.com/ansible/ansible/pull/22097 another but old https://github.com/ansible/ansible-modules-core/issues/2688 I hope someone else encounters this issue. any feedback welcome -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1e736ad1-816e-4cc4-a10e-a2456c91d7e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
