How to create service accounts on MinIO S3 using Ansible

have a single-server MinIO S3 installation running on Debian 11 Bullseye, with an NGINX reverse proxy in front.

I have created a myapp user and given it readwrite permissions. This user is to be used by an Ansible playbook when deploying a new website of our application to:

  1. Create a service account, to be used by the new website.

  2. Create a bucket with write access for the just-created service account (policy in JSON format). For this I use amazon.aws.s3_bucket and this is working fine.

What I have not been able to figure out is how to create a service account using Ansible. I have tried the community.aws.iam-access-key module without success (it complains about the security token included in the request being invalid).

The only option remaining seems to be as follows:

  1. Create the hashes for the key and secret using Python
  2. Feed them to the MinIO console client via an ansible.builtin.shell task.

Any ideas? Am I missing some module in the Ansible docs to do this?

Thanks in advance.