amazon.aws.aws_resource_actions callback – summarizes all “resource:actions” completed
Note
This callback plugin is part of the amazon.aws collection (version 5.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install amazon.aws
.
You need further requirements to be able to use this callback plugin,
see Requirements for details.
To use it in a playbook, specify: amazon.aws.aws_resource_actions
.
Synopsis
Ansible callback plugin for collecting the AWS actions completed by all boto3 modules using AnsibleAWSModule in a playbook. Botocore endpoint logs need to be enabled for those modules, which can be done easily by setting debug_botocore_endpoint_logs to True for group/aws using module_defaults.
Requirements
The below requirements are needed on the local controller node that executes this callback.
whitelisting in configuration - see examples section below for details.
Examples
example: >
To enable, add this to your ansible.cfg file in the defaults block
[defaults]
callback_whitelist = aws_resource_actions
sample output: >
#
# AWS ACTIONS: ['s3:PutBucketAcl', 's3:HeadObject', 's3:DeleteObject', 's3:PutObjectAcl', 's3:CreateMultipartUpload',
# 's3:DeleteBucket', 's3:GetObject', 's3:DeleteObjects', 's3:CreateBucket', 's3:CompleteMultipartUpload',
# 's3:ListObjectsV2', 's3:HeadBucket', 's3:UploadPart', 's3:PutObject']
#
sample output: >
#
# AWS ACTIONS: ['ec2:DescribeVpcAttribute', 'ec2:DescribeVpcClassicLink', 'ec2:ModifyVpcAttribute', 'ec2:CreateTags',
# 'sts:GetCallerIdentity', 'ec2:DescribeSecurityGroups', 'ec2:DescribeTags', 'ec2:DescribeVpcs', 'ec2:CreateVpc']
#
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.