Connection module for Amazon IAM
New in version 2014.7.0.
configuration: | This module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file: iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
iam.region: us-east-1
It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
|
---|---|
depends: | boto |
Associate an instance profile with an IAM role.
CLI example:
salt myminion boto_iam.associate_profile_to_role myirole myiprofile
Create an instance profile.
CLI example:
salt myminion boto_iam.create_instance_profile myiprofile
Create an instance role.
CLI example:
salt myminion boto_iam.create_role myrole
Create or modify a role policy.
CLI example:
salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
Delete an instance profile.
CLI example:
salt myminion boto_iam.delete_instance_profile myiprofile
Delete an IAM role.
CLI example:
salt myminion boto_iam.delete_role myirole
Delete a role policy.
CLI example:
salt myminion boto_iam.delete_role_policy myirole mypolicy
Disassociate an instance profile from an IAM role.
CLI example:
salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile
Get a the AWS account id associated with the used credentials.
CLI example:
salt myminion boto_iam.get_account_id
Get a role policy.
CLI example:
salt myminion boto_iam.get_role_policy myirole mypolicy
Check to see if an instance profile exists.
CLI example:
salt myminion boto_iam.instance_profile_exists myiprofile
Get a list of policy names from a role.
CLI example:
salt myminion boto_iam.list_role_policies myirole
Check to see if an instance profile is associated with an IAM role.
CLI example:
salt myminion boto_iam.profile_associated myirole myiprofile
Check to see if an IAM role exists.
CLI example:
salt myminion boto_iam.role_exists myirole
Docs for previous releases are available on readthedocs.org.
Latest Salt release: 2014.7.2
22.16.18. salt.modules.boto_elb