@ -23,56 +23,70 @@ options:
description :
description :
- Type of IAM resource
- Type of IAM resource
choices : [ " user " , " group " , " role " ]
choices : [ " user " , " group " , " role " ]
type : str
name :
name :
description :
description :
- Name of IAM resource to create or identify
- Name of IAM resource to create or identify
required : true
required : true
type : str
new_name :
new_name :
description :
description :
- When state is update , will replace name with new_name on IAM resource
- When state is update , will replace name with new_name on IAM resource
type : str
new_path :
new_path :
description :
description :
- When state is update , will replace the path with new_path on the IAM resource
- When state is update , will replace the path with new_path on the IAM resource
type : str
state :
state :
description :
description :
- Whether to create , delete or update the IAM resource . Note , roles cannot be updated .
- Whether to create , delete or update the IAM resource . Note , roles cannot be updated .
required : true
required : true
choices : [ " present " , " absent " , " update " ]
choices : [ " present " , " absent " , " update " ]
type : str
path :
path :
description :
description :
- When creating or updating , specify the desired path of the resource . If state is present ,
- When creating or updating , specify the desired path of the resource . If state is present ,
it will replace the current path to match what is passed in when they do not match .
it will replace the current path to match what is passed in when they do not match .
default : " / "
default : " / "
type : str
trust_policy :
trust_policy :
description :
description :
- The inline ( JSON or YAML ) trust policy document that grants an entity permission to assume the role . Mutually exclusive with C ( trust_policy_filepath ) .
- The inline ( JSON or YAML ) trust policy document that grants an entity permission to assume the role . Mutually exclusive with C ( trust_policy_filepath ) .
version_added : " 2.2 "
version_added : " 2.2 "
type : dict
trust_policy_filepath :
trust_policy_filepath :
description :
description :
- The path to the trust policy document that grants an entity permission to assume the role . Mutually exclusive with C ( trust_policy ) .
- The path to the trust policy document that grants an entity permission to assume the role . Mutually exclusive with C ( trust_policy ) .
version_added : " 2.2 "
version_added : " 2.2 "
type : str
access_key_state :
access_key_state :
description :
description :
- When type is user , it creates , removes , deactivates or activates a user ' s access key(s). Note that actions apply only to keys specified.
- When type is user , it creates , removes , deactivates or activates a user ' s access key(s). Note that actions apply only to keys specified.
choices : [ " create " , " remove " , " active " , " inactive " ]
choices : [ " create " , " remove " , " active " , " inactive " , " Create " , " Remove " , " Active " , " Inactive " ]
type : str
key_count :
key_count :
description :
description :
- When access_key_state is create it will ensure this quantity of keys are present . Defaults to 1.
- When access_key_state is create it will ensure this quantity of keys are present . Defaults to 1.
default : ' 1 '
default : 1
type : int
access_key_ids :
access_key_ids :
description :
description :
- A list of the keys that you want impacted by the access_key_state parameter .
- A list of the keys that you want impacted by the access_key_state parameter .
type : list
groups :
groups :
description :
description :
- A list of groups the user should belong to . When update , will gracefully remove groups not listed .
- A list of groups the user should belong to . When update , will gracefully remove groups not listed .
type : list
password :
password :
description :
description :
- When type is user and state is present , define the users login password . Also works with update . Note that always returns changed .
- When type is user and state is present , define the users login password . Also works with update . Note that always returns changed .
type : str
update_password :
update_password :
default : always
default : always
choices : [ ' always ' , ' on_create ' ]
choices : [ ' always ' , ' on_create ' ]
description :
description :
- C ( always ) will update passwords if they differ . C ( on_create ) will only set the password for newly created users .
- C ( always ) will update passwords if they differ . C ( on_create ) will only set the password for newly created users .
type : str
notes :
notes :
- ' Currently boto does not support the removal of Managed Policies, the module will error out if your
- ' Currently boto does not support the removal of Managed Policies, the module will error out if your
user / group / role has managed policies when you try to do state = absent . They will need to be removed manually . '
user / group / role has managed policies when you try to do state = absent . They will need to be removed manually . '
@ -603,11 +617,9 @@ def delete_role(module, iam, name, role_list, prof_list):
def main ( ) :
def main ( ) :
argument_spec = ec2_argument_spec ( )
argument_spec = ec2_argument_spec ( )
argument_spec . update ( dict (
argument_spec . update ( dict (
iam_type = dict (
iam_type = dict ( required = True , choices = [ ' user ' , ' group ' , ' role ' ] ) ,
default = None , required = True , choices = [ ' user ' , ' group ' , ' role ' ] ) ,
groups = dict ( type = ' list ' , default = None , required = False ) ,
groups = dict ( type = ' list ' , default = None , required = False ) ,
state = dict (
state = dict ( required = True , choices = [ ' present ' , ' absent ' , ' update ' ] ) ,
default = None , required = True , choices = [ ' present ' , ' absent ' , ' update ' ] ) ,
password = dict ( default = None , required = False , no_log = True ) ,
password = dict ( default = None , required = False , no_log = True ) ,
update_password = dict ( default = ' always ' , required = False , choices = [ ' always ' , ' on_create ' ] ) ,
update_password = dict ( default = ' always ' , required = False , choices = [ ' always ' , ' on_create ' ] ) ,
access_key_state = dict ( default = None , required = False , choices = [
access_key_state = dict ( default = None , required = False , choices = [