Please find my code below: So it complains about line 12 colum 6. I checked
using the Yaml validator and it is valid yaml.
---
# This playbook builds IAM infrastructure in all configured accounts
- name: Install/Update RXGT Identity account CF templates
hosts: infrastructure
tasks:
- name: Install/Update RXGT PS cross account CF templates
hosts: infrastructure
tasks:
# Support using STS temporary creds (optional)
# See readme.md
- name: get sts session token
sts_session_token:
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
register: sts_session_token
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: retrieve sts credentials
set_fact:
sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: debug role arns
debug:
msg: "Assuming role: {{ account_config.sts_role_arn }}"
verbosity: 1
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
tags:
rxgt-ps-identity-stack-deploy
- name: assume cross account roles
sts_assume_role:
role_arn: "{{ account_config.sts_role_arn }}"
role_session_name: "ansibledeploy"
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Use STS temporary creds or fallback to aws cli/boto creds - see readme.md
aws_access_key: "{{ sts_access_key | default(omit) }}"
aws_secret_key: "{{ sts_secret_key | default(omit) }}"
security_token: "{{ sts_session_token | default(omit) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
#
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
register: assumed_roles_with_account_config
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: true
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets/rxgt-ps-software-eu-west-1-061934891466/rxbootstrap/cloudformation/rxgtidentity/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
}}"
termination_protection: no
tags: "{{ global_tags |
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: false
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets/rxgt-ps-software-eu-west-1-061934891466/rxbootstrap/cloudformation/rxgtidentity/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
}}"
termination_protection: no
tags: "{{ global_tags |
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
when: with_stack_deploy
tags:
rxgt-ps-identity-stack-deploy
On Tuesday, January 8, 2019 at 1:37:43 AM UTC, goforawalktwice wrote:
>
> ooops ... the error was due to me copy/paste formatting - the second
> '-name' got indented too far - fixing that indentation makes it valid YAML
> according to that site
>
>
> On Tuesday, January 8, 2019 at 2:04:24 PM UTC+13, Karl Auer wrote:
>>
>> What is the problem that it reports on line 22?
>>
>> When posting code, please post in a fixed-width font if you can. Makes it
>> easier to check indentation.
>>
>> Regards, K.
>>
>>
>> On Tue, Jan 8, 2019 at 11:58 AM goforawalktwice <[email protected]>
>> wrote:
>>
>>> hi, when I paste that YAML to
>>>
>>> https://jsonformatter.org/yaml-validator
>>>
>>> it reckons line 22 is a problem - the second -name entry. When I remove
>>> from line 22 down it reckons it's valid YAML.
>>>
>>> Regards, Straff
>>>
>>>
>>>
>>> On Tuesday, January 8, 2019 at 5:34:25 AM UTC+13, Kishore Ponniah wrote:
>>>>
>>>> Hi all,
>>>>
>>>> My cloudformation template has exceeded the template body limit more
>>>> than 51200 bytes and I am trying to upload to s3 and deploy using cross
>>>> account. I used template_url parameter in the playbook but giving an
>>>> error.
>>>> Before adding template_url, I had template_body which was working fine. I
>>>> have only replaced template_body to template_url.
>>>>
>>>> Please find the playbook below:
>>>>
>>>> - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles
>>>> changeset
>>>> cloudformation:
>>>> stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles"
>>>> state: present
>>>> region: "{{ account_config.1 }}"
>>>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>>>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>>>> security_token: "{{ account_config.0.sts_creds.session_token }}"
>>>> create_changeset: true
>>>> changeset_name: "{{ cf_changeset_name }}"
>>>> template_url: "
>>>> https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml
>>>> "
>>>> template_parameters: "{{
>>>> account_config.0.account_config.stacks['
>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params
>>>> }}"
>>>> termination_protection: no
>>>> tags: "{{ global_tags |
>>>> combine(account_config.0.account_config.stacks['
>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags,
>>>> recursive=True) }}"
>>>> loop: "{{
>>>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>>>
>>>> skip_missing=True) }}"
>>>> loop_control:
>>>> loop_var: account_config
>>>> label: "{{ account_config.0.account_config.account_alias }}:{{
>>>> account_config.1 }}"
>>>> tags:
>>>> rxgt-ps-identity-stack-deploy
>>>>
>>>> - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles stack
>>>> cloudformation:
>>>> stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles"
>>>> state: present
>>>> region: "{{ account_config.1 }}"
>>>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>>>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>>>> security_token: "{{ account_config.0.sts_creds.session_token }}"
>>>> create_changeset: false
>>>> changeset_name: "{{ cf_changeset_name }}"
>>>> template_url: "
>>>> https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml
>>>> "
>>>> template_parameters: "{{
>>>> account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params
>>>>
>>>> }}"
>>>> termination_protection: no
>>>> tags: "{{ global_tags |
>>>> combine(account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags,
>>>>
>>>> recursive=True) }}"
>>>> # Convert to a list of dicts duplicated per region. See
>>>> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
>>>> loop: "{{
>>>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>>>
>>>> skip_missing=True) }}"
>>>> loop_control:
>>>> loop_var: account_config
>>>> label: "{{ account_config.0.account_config.account_alias }}:{{
>>>> account_config.1 }}"
>>>> when: with_stack_deploy
>>>> tags:
>>>> rxgt-ps-identity-stack-deploy
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/c8fce4d7-b3f2-4495-9604-d554187f7ea0%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/c8fce4d7-b3f2-4495-9604-d554187f7ea0%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> Karl Auer
>>
>> Email : [email protected]
>> Website: http://2pisoftware.com
>>
>> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
>> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/658b6d05-c9f5-4d76-840d-0e758b161536%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
