diff options
| author | Ryan S. Brown <sb@ryansb.com> | 2016-10-07 14:49:12 -0400 |
|---|---|---|
| committer | Ryan S. Brown <sb@ryansb.com> | 2016-10-07 15:00:43 -0400 |
| commit | 7244ea1e407f722e2969a699ba8d91d9eb77b2f2 (patch) | |
| tree | b34673564cf3d5910a2731843ed477f87bdabfd2 | |
| parent | d256c2e43ef1aa9401672473affea62a90273df0 (diff) | |
| download | ansible-modules-extras-7244ea1e407f722e2969a699ba8d91d9eb77b2f2.tar.gz | |
`lambda` Support using the role name
Instead of needing the full role ARN, allow users to specify a role name
as long as the role exists in the same account.
| -rw-r--r-- | cloud/amazon/lambda.py | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/cloud/amazon/lambda.py b/cloud/amazon/lambda.py index 7fb5ea83..18977c2f 100644 --- a/cloud/amazon/lambda.py +++ b/cloud/amazon/lambda.py @@ -38,9 +38,9 @@ options: description: - The runtime environment for the Lambda function you are uploading. Required when creating a function. Use parameters as described in boto3 docs. Current example runtime environments are nodejs, nodejs4.3, java8 or python2.7 required: true - role_arn: + role: description: - - The Amazon Resource Name (ARN) of the IAM role that Lambda assumes when it executes your function to access any other Amazon Web Services (AWS) resources + - The Amazon Resource Name (ARN) of the IAM role that Lambda assumes when it executes your function to access any other Amazon Web Services (AWS) resources. You may use the bare ARN if the role belongs to the same AWS account. default: null handler: description: @@ -110,7 +110,7 @@ tasks: state: present zip_file: '{{ item.zip_file }}' runtime: 'python2.7' - role_arn: 'arn:aws:iam::987654321012:role/lambda_basic_execution' + role: 'arn:aws:iam::987654321012:role/lambda_basic_execution' handler: 'hello_python.my_handler' vpc_subnet_ids: - subnet-123abcde @@ -197,7 +197,7 @@ def main(): name=dict(type='str', required=True), state=dict(type='str', default='present', choices=['present', 'absent']), runtime=dict(type='str', required=True), - role_arn=dict(type='str', default=None), + role=dict(type='str', default=None), handler=dict(type='str', default=None), zip_file=dict(type='str', default=None, aliases=['src']), s3_bucket=dict(type='str'), @@ -226,7 +226,7 @@ def main(): name = module.params.get('name') state = module.params.get('state').lower() runtime = module.params.get('runtime') - role_arn = module.params.get('role_arn') + role = module.params.get('role') handler = module.params.get('handler') s3_bucket = module.params.get('s3_bucket') s3_key = module.params.get('s3_key') @@ -257,6 +257,18 @@ def main(): except (botocore.exceptions.ClientError, botocore.exceptions.ValidationError) as e: module.fail_json(msg=str(e)) + if role.startswith('arn:aws:iam'): + role_arn = role + else: + # get account ID and assemble ARN + try: + iam_client = boto3_conn(module, conn_type='client', resource='iam', + region=region, endpoint=ec2_url, **aws_connect_kwargs) + account_id = iam_client.get_user()['User']['Arn'].split(':')[4] + role_arn = 'arn:aws:iam::{0}:role/{1}'.format(account_id, role) + except (botocore.exceptions.ClientError, botocore.exceptions.ValidationError) as e: + module.fail_json(msg=str(e)) + # Get function configuration if present, False otherwise current_function = get_current_function(client, name) |