have a single-server MinIO S3 installation running on Debian 11 Bullseye, with an NGINX reverse proxy in front.
I have created a myapp user and given it readwrite permissions. This user is to be used by an Ansible playbook when deploying a new website of our application to:
-
Create a service account, to be used by the new website.
-
Create a bucket with write access for the just-created service account (policy in JSON format). For this I use amazon.aws.s3_bucket and this is working fine.
What I have not been able to figure out is how to create a service account using Ansible. I have tried the community.aws.iam-access-key module without success (it complains about the security token included in the request being invalid).
The only option remaining seems to be as follows:
- Create the hashes for the key and secret using Python
- Feed them to the MinIO console client via an ansible.builtin.shell task.
Any ideas? Am I missing some module in the Ansible docs to do this?
Thanks in advance.