diff options
| author | Will Thames <will@thames.id.au> | 2018-04-06 04:06:04 +1000 |
|---|---|---|
| committer | Ryan Brown <sb@ryansb.com> | 2018-04-05 14:06:04 -0400 |
| commit | a1d3cf488d899890ed1e71d42afdb99ef1630dc5 (patch) | |
| tree | f46f3d19c58b24d445e5087081c0628b694a4a2f | |
| parent | 55fd3d62fbcf8c29e2d84072a35327a916e3f332 (diff) | |
| download | ansible-a1d3cf488d899890ed1e71d42afdb99ef1630dc5.tar.gz | |
[cloud][test]Add missing IAM policy for cloudfront (#38248)
Cloudfront needs CreateOriginAccessIdentity
Add profile parameter to setup-iam.yml. Could arguably just use
AWS_PROFILE but given that other tasks are using profile, should
be consistent.
| -rw-r--r-- | hacking/aws_config/setup-iam.yml | 1 | ||||
| -rw-r--r-- | hacking/aws_config/testing_policies/cloudfront-policy.json | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/hacking/aws_config/setup-iam.yml b/hacking/aws_config/setup-iam.yml index fffc04ac72..c1d8dd68cc 100644 --- a/hacking/aws_config/setup-iam.yml +++ b/hacking/aws_config/setup-iam.yml @@ -26,6 +26,7 @@ - name: Get aws account ID aws_caller_facts: + profile: "{{ profile|default(omit) }}" register: aws_caller_facts - name: Set aws_account_fact diff --git a/hacking/aws_config/testing_policies/cloudfront-policy.json b/hacking/aws_config/testing_policies/cloudfront-policy.json index 5bb22ffe5a..057cb586d6 100644 --- a/hacking/aws_config/testing_policies/cloudfront-policy.json +++ b/hacking/aws_config/testing_policies/cloudfront-policy.json @@ -7,6 +7,7 @@ "Action": [ "cloudfront:CreateDistribution", "cloudfront:CreateDistributionWithTags", + "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:DeleteDistribution", "cloudfront:GetDistribution", "cloudfront:GetStreamingDistribution", |