I’m currently using Ansible 2.9 with the aws cloud module iam_role to manage roles. I recently pushed a role with a ‘permission boundary’ (module “boundary” attribute).
Having needing to delete it, I found that just removing that parameter does not indicate that the boundary is to be removed. Code inspection seems to show that setting the boundary to empty string is a special case that removes any set boundary. It does work.
But now, I cannot create a role with that setting, since it throws an error that the boundary parameter length is zero.
Can anyone council how to get around the issue? Setting it to remove prevents it working if the role needs to be created… but not setting it means the boundary won’t get updated.
Any advice welcomed. Thanks in advance.
-Alan