New in version 2015.8.0.
This module uses boto
, which can be installed via package, or pip.
This module accepts explicit IAM credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.
It's also possible to specify key
, keyid
and region
via a profile, either
passed in as a dict, or as a string to pull from pillars or minion config:
delete-user:
boto_iam.user_absent:
- name: myuser
- delete_keys: true
delete-keys:
boto_iam.keys_absent:
- access_keys:
- 'AKIAJHTMIQ2ASDFLASDF'
- 'PQIAJHTMIQ2ASRTLASFR'
- user_name: myuser
create-user:
boto_iam.user_present:
- name: myuser
- policies:
mypolicy: |
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"}]
}
- password: NewPassword$$1
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'fdkjsafkljsASSADFalkfjasdf'
create-group:
boto_iam.group_present:
- name: mygroup
- users:
- myuser
- myuser1
- policies:
mypolicy: |
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"}]
}
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'safsdfsal;fdkjsafkljsASSADFalkfj'
change-policy:
boto_iam.account_policy:
- change_password: True
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'safsdfsal;fdkjsafkljsASSADFalkfj'
create server certificate:
boto_iam.server_cert_present:
- name: mycert
- public_key: salt://base/mycert.crt
- private_key: salt://base/mycert.key
- cert_chain: salt://base/mycert_chain.crt
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'fdkjsafkljsASSADFalkfjasdf'
delete server certificate:
boto_iam.server_cert_absent:
- name: mycert
create keys for user:
boto_iam.keys_present:
- name: myusername
- number: 2
- save_dir: /root
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'fdkjsafkljsASSADFalkfjasdf'
create policy:
boto_iam.policy_present:
- name: myname
- policy_document: '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
- region: eu-west-1
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'fdkjsafkljsASSADFalkfjasdf'
add-saml-provider:
boto_iam.saml_provider_present:
- name: my_saml_provider
- saml_metadata_document: salt://base/files/provider.xml
- keyid: 'AKIAJHTMIQ2ASDFLASDF'
- key: 'safsdfsal;fdkjsafkljsASSADFalkfj'
salt.states.boto_iam.
account_policy
(name=None, allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None, region=None, key=None, keyid=None, profile=None)¶Change account policy.
New in version 2015.8.0.
salt.states.boto_iam.
group_absent
(name, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM group is absent.
salt.states.boto_iam.
group_present
(name, policies=None, policies_from_pillars=None, managed_policies=None, users=None, path='/', region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM group is present
salt.states.boto_iam.
keys_absent
(access_keys, user_name, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM user access_key_id is absent.
salt.states.boto_iam.
keys_present
(name, number, save_dir, region=None, key=None, keyid=None, profile=None, save_format='{2}\n{0}\n{3}\n{1}\n')¶New in version 2015.8.0.
Ensure the IAM access keys are present.
- name (string)
- The name of the new user.
- number (int)
- Number of keys that user should have.
- save_dir (string)
- The directory that the key/keys will be saved. Keys are saved to a file named according to the username privided.
- region (string)
- Region to connect to.
- key (string)
- Secret key to be used.
- keyid (string)
- Access key to be used.
- profile (dict)
- A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.
- save_format (dict)
- Save format is repeated for each key. Default format is "{2}
{0} {3} {1} ",
where {0} and {1} are placeholders for new key_id and key respectively, whereas {2} and {3} are "key_id-{number}" and 'key-{number}' strings kept for compatibility.
salt.states.boto_iam.
policy_absent
(name, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM managed policy with the specified name is absent
salt.states.boto_iam.
policy_present
(name, policy_document, path=None, description=None, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM managed policy is present
salt.states.boto_iam.
saml_provider_absent
(name, region=None, key=None, keyid=None, profile=None)¶Ensure the SAML provider with the specified name is absent.
salt.states.boto_iam.
saml_provider_present
(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)¶Ensure the SAML provider with the specified name is present.
salt.states.boto_iam.
server_cert_absent
(name, region=None, key=None, keyid=None, profile=None)¶Deletes a server certificate.
New in version 2015.8.0.
salt.states.boto_iam.
server_cert_present
(name, public_key, private_key, cert_chain=None, path=None, region=None, key=None, keyid=None, profile=None)¶Crete server certificate.
New in version 2015.8.0.
salt.states.boto_iam.
user_absent
(name, delete_keys=True, delete_mfa_devices=True, delete_profile=True, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM user is absent. User cannot be deleted if it has keys.
Delete all mfa devices from user.
New in version 2016.3.0.
Delete profile from user.
New in version 2016.3.0.
salt.states.boto_iam.
user_present
(name, policies=None, policies_from_pillars=None, managed_policies=None, password=None, path=None, region=None, key=None, keyid=None, profile=None)¶New in version 2015.8.0.
Ensure the IAM user is present
The path of the user. Default is '/'.
New in version 2015.8.2.