[ansible-project] How to convert the cloudformation template_url parameter to be the Jinja template substitution

Tue, 22 Jan 2019 04:32:33 -0800 

Hi All,

The cloudformation template_url parameter requires Amazon S3 URL which is 
currently working by providing the complete URL of the file. But I wanted 
to convert that to be the Jinja template substitution.

My playbook below:

     - name: create ps-cross-account-roles changeset
      cloudformation:
        stack_name: "ps-cross-account-roles"
        state: present
        region: "{{ account_config.1 }}"
        aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
        aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
        security_token: "{{ account_config.0.sts_creds.session_token }}"
        create_changeset: true
        changeset_name: "{{ cf_changeset_name }}"
        # Don't pass the cd-deploy-role to CF due to [possible privilege 
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
        # for anyone able to perform stack updates.
        # role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
        template_url: 
"https://s3-eu-west-1.amazonaws.com/xxxxxxxxxxx/cloudformation/xxxxxxxxxxxx/ps-cross-account-roles.yaml";
        template_parameters: "{{ 
account_config.0.account_config.stacks['ps-cross-account-roles'].params 
}}"        
        termination_protection: no
        tags: "{{ global_tags | 
combine(account_config.0.account_config.stacks['ps-cross-account-roles'].override_tags,
 
recursive=True) }}"
      # Convert to a list of dicts duplicated per region. See 
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
      loop: "{{ 
assumed_roles_with_account_config.results|subelements('account_config.regions', 
skip_missing=True) }}"
      loop_control:
        loop_var: account_config
        label: "{{ account_config.0.account_config.account_alias }}:{{ 
account_config.1 }}"
      tags:
        rxgt-ps-identity-stack-deploy


build_account:
  account_alias: xxxxxxx
  sts_role_arn: arn:aws:iam::xxxxxxxxxxx:role/xxxx/xx/cd-deploy-role
  pass_role_arn: ""
  account_config:
    s3_sync:
      params:
        region: eu-west-1
        bucket: xxxxxxxxxxxxxxx
        file_root: files/
        key_prefix: cloudformation/xxxxxx/
        mode: push
        file_change_strategy: date_size
        permission: private
        include: "*.yaml,*.json"


How to convert the template_url to jinja template substitution?

        template_url: "{{ 
build_account.account_config.s3_sync.params.bucket }}"

Can someone please advise?

Thanks
Kishore


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f3490028-f323-416e-b950-405c8a8dfbfa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to