You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

54 lines
1.7 KiB

  1. - name: update profile "{{ item.profile }}"
  2. block:
  3. - name: Get the current caller identity facts
  4. aws_caller_info:
  5. profile: "{{ item.profile }}"
  6. register: caller_facts
  7. - name: read current credentials
  8. set_fact:
  9. current_access_key: "{{ lookup('ini', 'aws_access_key_id section=' + item.profile + ' file=~/.aws/credentials') }}"
  10. current_secret_key: "{{ lookup('ini', 'aws_secret_access_key section=' + item.profile + ' file=~/.aws/credentials') }}"
  11. username: "{{ caller_facts.arn.split('/')[1] }}"
  12. - name: create new iam credentials
  13. iam:
  14. iam_type: user
  15. name: "{{ username }}"
  16. state: update
  17. access_key_state: create
  18. key_count: 2
  19. profile: "{{ item.profile }}"
  20. register: new_credentials
  21. - name: delete old credentials
  22. iam:
  23. iam_type: user
  24. name: "{{ username }}"
  25. state: update
  26. access_key_state: remove
  27. access_key_ids: "{{ current_access_key }}"
  28. profile: "{{ item.profile }}"
  29. key_count: 1
  30. - name: update secret access key credentials file
  31. ini_file:
  32. path: ~/.aws/credentials
  33. section: "{{ item.profile }}"
  34. option: aws_secret_access_key
  35. value: "{{ new_credentials.created_keys[0].secret_access_key }}"
  36. mode: '0600'
  37. backup: yes
  38. - name: update access key credentials file
  39. ini_file:
  40. path: ~/.aws/credentials
  41. section: "{{ item.profile }}"
  42. option: aws_access_key_id
  43. value: "{{ new_credentials.created_keys[0].access_key_id }}"
  44. mode: '0600'
  45. rescue:
  46. - name: print new created credentials in case of task failure
  47. debug:
  48. msg: "{{ new_credentials }}"