Home / user-554385

Jacek's questions

Martin Hope
Jacek
Asked: 2022-02-02 08:28:43 +0800 CST
  • 2

I have the following resource:

resource "aws_iam_user_policy" "ses_send_policy" {
  count       = var.enabled ? 1 : 0
  name_prefix = var.user_policy_name_prefix
  user        = aws_iam_user.ses_smtp_user[0].name

  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ses:SendEmail",
                "ses:SendRawEmail"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ses:FromAddress": [
                        "${var.user_email_address}"
                    ]
                }
            }
        }
    ]
}
EOF
}

I'd like to ask how to make the "Condition" block in the policy optional and based on a bool type variable? I want to have it only if var.condition = true.

terraform json
Martin Hope
Jacek
Asked: 2021-11-03 04:35:04 +0800 CST
  • 0

I would like to allow users in all accounts in my AWS Organization (under a number of different OUs) to access only a few AWS services: RDS, EC2, S3, etc. In other words, I need to prevent access to anything else. I was thinking about using SCP but denying access to so many services seems to be a bad idea (the FullAWSAccess service control policy is attached by default). I would like to ask if you have ever done something like that and if you have, how?

amazon-web-services aws-organizations
Martin Hope
Jacek
Asked: 2020-01-09 04:20:57 +0800 CST
  • 0

I have a Jenkins instance running in a docker container running on an AWS EC2 instance with security group allowing traffic on ports 22, 80, and 8080. I use Ansible to install both: docker and Jenkins. The Jenkins role looks like this:

- name: Start Jenkins Container
  docker_container:
    name: Jenkins
    image: jenkins:latest
    state: started
    ports: 8080:8080

- name: Get Jenkins default password
  command: docker exec -it Jenkins bash -c 'cat /var/jenkins_home/secrets/initialAdminPassword'
  register: hello

- debug: msg="{{ hello.stdout }}"

I can access the Setup Wizzard, I pass the password from the /var/jenkins_home/secrets/initialAdminPassword file and when it comes to plugins installations they all fail to install. I can skip the installation and go to the Dashboard but there I see the message about three problems:

https://justpaste.it/1zv4r

Can you help me to understand what is going on here?

amazon-web-services
Martin Hope
Jacek
Asked: 2020-01-05 05:57:06 +0800 CST
  • 2

I use Ansible 2.9.2 on Ubuntu Server 18.04 + Python 3.6.9. Here is a simple Ansible project: https://github.com/770715/ansible.git

If I run:

ansible-playbook -i aws_ec2.yml add-ssh-keys.yml

it works just fine but when I try to run:

ansible-playbook -i aws_ec2.yml playbook.yml

I get an error:

dev@ops:~/code/build/ansible$ ansible-playbook -i aws_ec2.yml playbook.yml
/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.25.7) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
ERROR! unexpected parameter type in action: <class 'bool'>

The error appears to be in '/home/dev/code/build/ansible/roles/docker/tasks/main.yml': line 1, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Install Docker
  ^ here

The YAML file syntax seems to be correct (I have checked that with a number of different validators).

urllib3 (1.25.7) and chardet (3.0.4) are in the latest versions. I'd appreciate it if you could help.

ansible