Hi all,
This is resolved by using template_url: "https://s3.amazonaws.com/{{
build_account.account_config.s3_sync.params.bucket }}/{{
build_account.account_config.s3_sync.params.key_prefix
}}ps-cross-account-iam-roles.yaml"
Regards
Kishore
On Tuesday, January 22, 2019 at 12:32:02 PM UTC, Kishore Ponniah wrote:
>
> Hi All,
>
> The cloudformation template_url parameter requires Amazon S3 URL which is
> currently working by providing the complete URL of the file. But I wanted
> to convert that to be the Jinja template substitution.
>
> My playbook below:
>
> - name: create ps-cross-account-roles changeset
> cloudformation:
> stack_name: "ps-cross-account-roles"
> state: present
> region: "{{ account_config.1 }}"
> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
> security_token: "{{ account_config.0.sts_creds.session_token }}"
> create_changeset: true
> changeset_name: "{{ cf_changeset_name }}"
> # Don't pass the cd-deploy-role to CF due to [possible privilege
> escalation](
> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html
> )
> # for anyone able to perform stack updates.
> # role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
> template_url: "
> https://s3-eu-west-1.amazonaws.com/xxxxxxxxxxx/cloudformation/xxxxxxxxxxxx/ps-cross-account-roles.yaml
> "
> template_parameters: "{{
> account_config.0.account_config.stacks['ps-cross-account-roles'].params
> }}"
> termination_protection: no
> tags: "{{ global_tags |
> combine(account_config.0.account_config.stacks['ps-cross-account-roles'].override_tags,
>
> recursive=True) }}"
> # Convert to a list of dicts duplicated per region. See
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
> loop: "{{
> assumed_roles_with_account_config.results|subelements('account_config.regions',
>
> skip_missing=True) }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.0.account_config.account_alias }}:{{
> account_config.1 }}"
> tags:
> rxgt-ps-identity-stack-deploy
>
>
> build_account:
> account_alias: xxxxxxx
> sts_role_arn: arn:aws:iam::xxxxxxxxxxx:role/xxxx/xx/cd-deploy-role
> pass_role_arn: ""
> account_config:
> s3_sync:
> params:
> region: eu-west-1
> bucket: xxxxxxxxxxxxxxx
> file_root: files/
> key_prefix: cloudformation/xxxxxx/
> mode: push
> file_change_strategy: date_size
> permission: private
> include: "*.yaml,*.json"
>
>
> How to convert the template_url to jinja template substitution?
>
> template_url: "{{
> build_account.account_config.s3_sync.params.bucket }}"
>
> Can someone please advise?
>
> Thanks
> Kishore
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f35e1cc0-a5ad-4ec8-b66b-34e22371b981%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
