callback – summarizes all “resource:actions” completed


This callback plugin is part of the collection (version 5.5.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install You need further requirements to be able to use this callback plugin, see Requirements for details.

To use it in a playbook, specify:


  • Ansible callback plugin for collecting the AWS actions completed by all boto3 modules using AnsibleAWSModule in a playbook. Botocore endpoint logs need to be enabled for those modules, which can be done easily by setting debug_botocore_endpoint_logs to True for group/aws using module_defaults.


The below requirements are needed on the local controller node that executes this callback.

  • whitelisting in configuration - see examples section below for details.


example: >
  To enable, add this to your ansible.cfg file in the defaults block
    callback_whitelist = aws_resource_actions
sample output: >
# AWS ACTIONS: ['s3:PutBucketAcl', 's3:HeadObject', 's3:DeleteObject', 's3:PutObjectAcl', 's3:CreateMultipartUpload',
#               's3:DeleteBucket', 's3:GetObject', 's3:DeleteObjects', 's3:CreateBucket', 's3:CompleteMultipartUpload',
#               's3:ListObjectsV2', 's3:HeadBucket', 's3:UploadPart', 's3:PutObject']
sample output: >
# AWS ACTIONS: ['ec2:DescribeVpcAttribute', 'ec2:DescribeVpcClassicLink', 'ec2:ModifyVpcAttribute', 'ec2:CreateTags',
#               'sts:GetCallerIdentity', 'ec2:DescribeSecurityGroups', 'ec2:DescribeTags', 'ec2:DescribeVpcs', 'ec2:CreateVpc']


Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.