{"id":19308721,"url":"https://github.com/mtulio/ansible-role-cloud-iam","last_synced_at":"2026-02-07T22:31:21.292Z","repository":{"id":39941825,"uuid":"117321129","full_name":"mtulio/ansible-role-cloud-iam","owner":"mtulio","description":"Ansible role to manager Identity and Access Management resources","archived":false,"fork":false,"pushed_at":"2024-01-05T23:01:14.000Z","size":45,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-01T16:55:43.716Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mtulio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-13T06:46:24.000Z","updated_at":"2022-12-27T20:48:29.000Z","dependencies_parsed_at":"2025-01-06T01:27:53.698Z","dependency_job_id":"1840157c-1b65-42ba-9449-aa6fcd468523","html_url":"https://github.com/mtulio/ansible-role-cloud-iam","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/mtulio/ansible-role-cloud-iam","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtulio%2Fansible-role-cloud-iam","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtulio%2Fansible-role-cloud-iam/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtulio%2Fansible-role-cloud-iam/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtulio%2Fansible-role-cloud-iam/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mtulio","download_url":"https://codeload.github.com/mtulio/ansible-role-cloud-iam/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtulio%2Fansible-role-cloud-iam/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29211127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T22:22:11.602Z","status":"ssl_error","status_checked_at":"2026-02-07T22:22:10.684Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T00:16:15.544Z","updated_at":"2026-02-07T22:31:21.274Z","avatar_url":"https://github.com/mtulio.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"cloud-iam\n=========\n\n[![Project Status: WIP – Initial development is in progress, but there has not yet been a stable, usable release suitable for the public.](https://www.repostatus.org/badges/latest/wip.svg)](https://www.repostatus.org/#wip)\n[![](https://github.com/mtulio/ansible-role-cloud-iam/actions/workflows/release.yml/badge.svg)](https://github.com/mtulio/ansible-role-cloud-iam/actions/workflows/release.yml)\n[![](https://github.com/mtulio/ansible-role-cloud-iam/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/mtulio/ansible-role-cloud-iam/actions/workflows/ci.yml)\n[![](https://img.shields.io/ansible/role/59588)](https://galaxy.ansible.com/mtulio/cloud_iam)\n\n\nAnsible role to manage **I**dentity and **A**ccess **M**anagement resources in your Cloud\nInfrastructure, both Unix-based systems and Cloud service provider.\n\nNow we are supporting AWS - please help us to improve =]\n\nRequirements\n------------\n\n- boto3\n- ansible \u003e= 4.1\n\nRole Variables\n--------------\n\n`iam_roles`: the list of roles to create on resources.\n\n`iam_groups`: Groups to be created or removed, depending on the `state` option.\n\n- `name`: Group's name\n- `providers`: list of cloud provider. Supported: `unix` and `aws`\n- `unix_sudoers_line`: list of sudoers line itens. `value` should be sudoers file syntax. `regex` should match to unique line on /etc/sudoers.\n\n`iam_user`: Users to be created or removed, depending on the `state` option.\n\n- `name`: User's name\n- `full_name`: Full Name of the user\n- `providers`: list of cloud provider. Supported: `unix` and `aws`\n- `ssh_pub_key`: SSH public key to be added on `unix` provider.\n- `groups`: groups to be associated to the user.\n\nDependencies\n------------\n\n`boto` and `boto3`: when using `aws` provider.\n\nExample Playbook\n----------------\n\n* Create groups in Unix systems and AWS:\n\n      - hosts: servers\n        vars:\n          iam_groups:\n            - name: admin\n              providers:\n                - unix\n                - aws\n              unix_sudoers_line:\n                - regex: '^%admin'\n                  value: '%admin ALL=(ALL) NOPASSWD: ALL'\n              aws_managed_policies:\n                - arn:aws:iam::aws:policy/IAMFullAccess\n                - arn:aws:iam::aws:policy/job-function/Billing\n                - arn:aws:iam::aws:policy/AdministratorAccess\n                - arn:aws:iam:::policy/pol-BillingFullAccess\n            - name: rundeck\n              providers:\n                - unix\n              unix_sudoers_line:\n                - regex: '^%rundeck'\n                  value: '%rundeck ALL=(ALL) NOPASSWD: ALL'\n\n        roles:\n           - { role: cloud-iam.mtulio }\n\n\n* Create users in Unix systems and AWS:\n\n      - hosts: servers\n        vars_files:\n          - vars/vault_pass.yml\n          - vars/vault_ssh_keys.yml\n        vars:\n          iam_users:\n            - name: marco\n              full_name: 'Marco'\n              password: \"{{ vault_pass_md5_marco }}\"\n              providers:\n                - unix\n                - aws\n              ssh_pub_key: \"{{ lookup('file', playbook_dir'/files/ssh_keys/marco.pub') }}\"\n              groups:\n                - admin\n\n            - name: rundeck\n              password: \"{{ vault_pass_md5_rundeck }}\"\n              providers:\n                - aws\n              ssh_pub_key: \"{{ lookup('file', playbook_dir'/files/ssh_keys/rundeck.pub') }}\"\n              ssh_priv_key: \"{{ vault_ssh_key_rundeck }}\"\n              groups:\n                - rundeck\n\n        roles:\n           - { role: cloud-iam.mtulio }\n\n* Create and keep updated AWS IAM role:\n\n      - hosts: localhost\n        vars:\n          iam_roles:\n          - iam_name: \"instance-role-myserver\"\n            providers:\n              - aws\n            iam_s3_policies:\n              - service: s3\n                bucket: mybucket_01\n                mode: rw\n                file_type: template\n                file_path: aws-s3-policy-rw.json.j2\n              - service: s3\n                bucket: mybucket_02\n                mode: ro\n                file_type: template\n                file_path: aws-s3-policy-ro.json.j2\n            iam_resources_policies:\n              - service: custom\n                resource: ec2-describe\n                mode: ro\n                file_type: template\n                file_path: aws-ec2-describe.json.j2\n                version: '2012-10-17'\n\n          - iam_name: \"lambda-myFunction\"\n            providers:\n              - aws\n            iam_policy_type: file\n            iam_policy_path: \"aws-sts-assume-lambda.json\"\n            iam_managed_policies:\n                - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole\n            iam_resources_policies:\n              - service: dynamodb\n                resource: myTable\n                mode: rw\n                region: us-east-1\n                file_type: template\n                file_path:aws-dynamodb-rw.json.j2\n            iam_s3_policies:\n              - service: s3\n                bucket: functionState\n                mode: rw\n                file_type: template\n                file_path: aws-s3-policy-rw.json.j2\n\n          - iam_name: \"instance-role-dns\"\n            providers:\n              - aws\n            iam_resources_policies:\n              - service: r53\n                resource: mydomain.internal\n                mode: delete\n                zone_id: Z1FBB4KJZQ20Y7\n                file_type: template\n                file_path: aws-r53-rw-rrset.json.j2\n\n\n        roles:\n           - { role: cloud-iam.mtulio }\n\nLicense\n-------\n\nGPLv3\n\nTODO\n----\n\n* AWS\n  * supporting creation of custom IAM policy\n* Supporting other Cloud providers\n* IPA\n  * support to create users on IPA/IdM\n\nAuthor Information\n------------------\n\n[Marco Túlio R Braga](https://github.com/mtulio)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtulio%2Fansible-role-cloud-iam","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmtulio%2Fansible-role-cloud-iam","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtulio%2Fansible-role-cloud-iam/lists"}