0

I got the following playbook to update IAM policy and it works fine. But it wipes out what the IAM policy has currently and replaces it with what I have. I want to just append to the policy. How do I do it?

---
- name: test
  hosts: localhost
  tasks:
  - name: Create IAM Managed Policy
    amazon.aws.iam_policy:
      iam_type: role
      iam_name: "aws_test_role"
      policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
      policy_json: "{{ lookup('template','policy.json.j2') }}"
      state: present
Zeitounator
  • 38,476
  • 7
  • 53
  • 66
wwe34124
  • 11
  • 4
  • Get the existing policy with [iam_policy_info](https://docs.ansible.com/ansible/latest/collections/amazon/aws/iam_policy_info_module.html#ansible-collections-amazon-aws-iam-policy-info-module) and merge the returned json with yours prior to setting the policy. – Zeitounator May 25 '23 at 16:30
  • can you provide example? – wwe34124 May 26 '23 at 13:07
  • 1
    https://docs.ansible.com/ansible/latest/collections/amazon/aws/iam_policy_info_module.html#examples – Zeitounator May 26 '23 at 14:45

0 Answers0