Too late in the day to split iam module?

I was just wondering peoples thoughts on splitting out the functionality in the iam module before 2.0 ships.

Rather than just iam we could have…

iam_user
iam_role
iam_access_key
iam_group

It just seems to make more sense as these are all pretty self contained units and it will remove complexity from one monolithic module.

The iam module returns somewhat arbitrary values. E.g. when you create a role, it will return a list of IAM roles in the account rather than detail on the role just created. I would be easier to focus in on the return values if the module was separated out.

Boto3 supports attaching managed policies to roles and this is something i’d like to implement but this kind of work is not small so again it seems to make sense to do it in a specific iam_role module.

I’m happy to do the work but just thought i’d ask for some feedback first.

plus one on making these separate modules…

when using ansible in an inventory driven way, simple one trick pony modules trump swiss army knives every time

Andy

too late for 2.0, but lets plan this for 2.1

Breaking up the modules would definitely make them easier to work with, particularly ad-hoc.

+1 that would really help

This is okay with me. I’d certainly welcome the PRs for this.

Just to keep people in the loop, started work on these today.

Should hopefully be ready for 2.1