role#

Exec module for IAM role resource.

async idem_aws.exec.aws.iam.role.get(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#

Get an IAM role from AWS.

Parameters:

  • name (str) – An Idem name of the IAM role. Idem will use this as the role name if resource_id is not specified.

  • resource_id (str, Optional) – AWS IAM role name.

Returns:

Retrieves information about the specified role.

Return type:

dict[str, Any]

Examples

Calling this exec module function from the cli:

idem exec aws.iam.role.get name=<idem-name> resource_id=<role-name>

Calling this exec module function from within a state:

my_unmanaged_resource:
  exec.run:
    - path: aws.iam.role.get
    - kwargs:
        name: 'idem_name'
        resource_id: 'role-name'
async idem_aws.exec.aws.iam.role.update_role_tags(hub, ctx, role_name: str, old_tags: Dict[str, Any], new_tags: Dict[str, Any]) Dict[str, Any][source]#

Update tags of AWS IAM Role

Parameters:

  • role_name (str) – AWS IAM role name

  • old_tags (dict) – A dict of old tags

  • new_tags (dict) – A dict of new tags

Returns:

Returns a dict of updated tags

Return type:

dict[str, Any]

Examples

Calling this exec module function from the cli

idem exec aws.iam.role.update_role_tags role_name="some_role" old_tags='{"old_tag": "old_val"}' new_tags='{"new_tag": "new_val"}'

Using in a state:

my_unmanaged_resource:
  exec.run:
    - path: aws.iam.role.update_role_tags
    - kwargs:
        role_name: some_role
        old_tags:
          old_tag: old_val
        new_tags:
          new_tag: new_val
async idem_aws.exec.aws.iam.role.update_role(hub, ctx, old_state: Dict[str, Any], description: str = None, max_session_duration: int = None, timeout: Dict = None)[source]#

Updates the description or maximum session duration setting of a role

Parameters:

  • old_state (dict) – Old role state

  • description (str) – The new description that you want to apply to the specified role

  • max_session_duration (int) – The maximum session duration (in seconds) for the specified role

  • timeout (dict) – Timeout (in seconds)

Returns:

Returns a dict of updated tags

Return type:

dict[str, Any]

Examples

Calling this exec module function from the cli

idem exec aws.iam.role.update_role old_state='{}' role_name="some_role" description="Some description" max_session_duration=3600

Using in a state:

my_unmanaged_resource:
  exec.run:
    - path: aws.iam.role.update_role
    - kwargs:
        old_state: {}
        role_name: some_role
        description: Some description
        max_session_duration: 3600
async idem_aws.exec.aws.iam.role.update_policy(hub, ctx, role_name: str, policy: str)[source]#

Updates the policy that grants an IAM entity permission to assume a role

Parameters:

  • role_name (str) – The name of the role to update with the new policy

  • policy (dict) – The policy that grants an entity permission to assume the role

Returns:

Returns status of the update

Return type:

dict[str, Any]

Examples

Calling this exec module function from the cli

idem exec aws.iam.role.update_policy role_name="some_role" policy='{}'

Using in a state:

my_unmanaged_resource:
  exec.run:
    - path: aws.iam.role.update_policy
    - kwargs:
        role_name: some_role
        policy: {}