salt.modules.boto_iam

Connection module for Amazon IAM

New in version 2014.7.0.

configuration:

This module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
iam.region: us-east-1

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:

keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1

depends:

boto

salt.modules.boto_iam.associate_profile_to_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)

Associate an instance profile with an IAM role.

CLI example:

salt myminion boto_iam.associate_profile_to_role myirole myiprofile
salt.modules.boto_iam.create_instance_profile(name, region=None, key=None, keyid=None, profile=None)

Create an instance profile.

CLI example:

salt myminion boto_iam.create_instance_profile myiprofile
salt.modules.boto_iam.create_role(name, policy_document=None, path=None, region=None, key=None, keyid=None, profile=None)

Create an instance role.

CLI example:

salt myminion boto_iam.create_role myrole
salt.modules.boto_iam.create_role_policy(role_name, policy_name, policy, region=None, key=None, keyid=None, profile=None)

Create or modify a role policy.

CLI example:

salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
salt.modules.boto_iam.delete_instance_profile(name, region=None, key=None, keyid=None, profile=None)

Delete an instance profile.

CLI example:

salt myminion boto_iam.delete_instance_profile myiprofile
salt.modules.boto_iam.delete_role(name, region=None, key=None, keyid=None, profile=None)

Delete an IAM role.

CLI example:

salt myminion boto_iam.delete_role myirole
salt.modules.boto_iam.delete_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)

Delete a role policy.

CLI example:

salt myminion boto_iam.delete_role_policy myirole mypolicy
salt.modules.boto_iam.disassociate_profile_from_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)

Disassociate an instance profile from an IAM role.

CLI example:

salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile
salt.modules.boto_iam.get_account_id(region=None, key=None, keyid=None, profile=None)

Get a the AWS account id associated with the used credentials.

CLI example:

salt myminion boto_iam.get_account_id
salt.modules.boto_iam.get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)

Get a role policy.

CLI example:

salt myminion boto_iam.get_role_policy myirole mypolicy
salt.modules.boto_iam.instance_profile_exists(name, region=None, key=None, keyid=None, profile=None)

Check to see if an instance profile exists.

CLI example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.list_role_policies(role_name, region=None, key=None, keyid=None, profile=None)

Get a list of policy names from a role.

CLI example:

salt myminion boto_iam.list_role_policies myirole
salt.modules.boto_iam.profile_associated(role_name, profile_name, region, key, keyid, profile)

Check to see if an instance profile is associated with an IAM role.

CLI example:

salt myminion boto_iam.profile_associated myirole myiprofile
salt.modules.boto_iam.role_exists(name, region=None, key=None, keyid=None, profile=None)

Check to see if an IAM role exists.

CLI example:

salt myminion boto_iam.role_exists myirole