我正在使用Ansible创建AWS用户。 Ansible的一个功能是创建一个具有访问密钥的用户。我想知道如何在成功创建用户后获取访问密钥。
http://docs.ansible.com/ansible/iam_module.html
tasks:
- name: Create two new IAM users with API keys
iam:
iam_type: user
name: "{{ item }}"
state: present
password: "{{ temp_pass }}"
access_key_state: create
with_items:
- user
答案 0 :(得分:6)
我试过2.0.1.0。应该在2.0.0.2。
tasks:
- iam:
iam_type: user
name: foo
state: present
access_key_state: create
register: credentials
- debug: var=credentials
<强>输出
[debug] *******************************************************************
ok: [127.0.0.1] => {
"credentials": {
"changed": false,
"groups": null,
"keys": {
"AKIAXXXXXXXXXXTTGFXX": "Active"
},
"user_name": "foo"
}
}
从Ansible 2.0.1.0开始,无法获得秘密。这是一个错误。见iam module not very useful for managing access keys
答案 1 :(得分:4)
与此同时(我正在使用Ansible 2.3.2.0)该问题已成功修复:
- name: Create restricted bot user to access S3
iam:
iam_type: user
name: blubaa
state: present
access_key_state: create
connection: local
register: credentials
- debug: var=credentials
输出:
ok: [XXXXXXXXXX] => {
"credentials": {
"changed": true,
"groups": null,
"keys": [
{
"access_key_id": "AKIAJXXXXXXXXXXZX6GQ",
"create_date": "2017-08-26T01:04:05Z",
"status": "Active",
"user_name": "blubaa"
}
],
"user_meta": {
"access_keys": [
{
"access_key_id": "AKIAJXXXXXXXXXXZX6GQ",
"access_key_selector": "XXXX",
"create_date": "2017-08-26T01:04:05.720Z",
"secret_access_key": "wPwd2H0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXkHB08Elo",
"status": "Active",
"user_name": "blubaa"
}
],
"created_user": {
"arn": "arn:aws:iam::30XXXXXXXXXX:user/blubaa",
"create_date": "2017-08-26T01:04:05.557Z",
"path": "/",
"user_id": "AIDAXXXXXXXXXXOYT7M",
"user_name": "blubaa"
},
"password": null
}
}
}