Hey guys,
I’m an Ansible noob and was using the AWS IAM module to create users and I noticed this module does not support tagging. Does anyone have any ideas how this can be achieved or if this will be an added feature.
Thanks
btw, here is the link to the module
https://docs.ansible.com/ansible/latest/modules/iam_module.html
I have had to do something like this to query IAM for information. I attacked my issue by shelling out and running an AWS CLI command (and passing aws_access_key, aws_secret_key and aws_region as variables)
export AWS_ACCESS_KEY_ID={{aws_access_key}}; export AWS_SECRET_ACCESS_KEY={{aws_secret_key}};/bin/aws iam list-roles --query ‘Roles[*].["RoleName","Arn"]’ --output text --region {{aws_region}}
In your case, you might do something like this in Ansible by adding two new variables: user_name and tags (YMMV as I wrote this at the browser; not sure if its syntactically correct):
-
name: Set fact for user name:
set_fact:
user_name: “Some user name” -
name: set iam user tags
set_fact:
iam_user_tags:
user_tag1: “same_value”
user_tag2: “same_value”
user_tag3: “same_value” -
name: Set tags for user using AWS CLI
shell: “export AWS_ACCESS_KEY_ID={{aws_access_key}}; export AWS_SECRET_ACCESS_KEY={{aws_secret_key}};/bin/aws iam tag-user --user-name {{user_name}} --tags {{iam_user_tags}}”
Honestly, I would probably attack this with a library using python/boto3. If you have time, its pretty easy to build and run.