-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSM connector docs should explain the S3 part #1775
Comments
@mdavis-xyz looks like you're more familar with ssm connections. |
I need confirmation of the answers. Also, what's the right way to put hyperlinks in the docs? Q: Why a bucket is required, even if you're not running any copy commands. (One sentence explanation is probably fine.): A: Ansible is to designed to not require anything (except Python) to be installed on the target. For each Ansible module, Ansible copies a python script to the target, and then executes it. This is true for all modules, not just the file copying ones like Q: Which IAM permissions are required on the target (e.g. s3:GetObject, or s3:GetObjectVersion, etc, or also ListBucket?) Q: which IAM permissions are required on the controller (s3:PutObject, s3:DeleteObject. Anything else? e.g. presigned URLs?) Q: which prefix within S3 the objects are saved to Q: whether the files in S3 are deleted when done. A: whether the files in S3 are deleted if the general Ansible setting keep_remote_files=True. |
One other reason for S3 is that if you send files directly over SSM (e.g. |
I was struggling with the S3 permissions as well due to missing documentary. Finally I found out that the Ansible host as the target need these actions allowed: A short documentation would be helpful, thank you! Edit: Update required actions |
…plugin (#1850) (#2032) [PR #1850/e5a41df3 backport][stable-7] Document the requirement for an S3 bucket for the aws_ssm connection plugin This is a backport of PR #1850 as merged into main (e5a41df). SUMMARY Fixes #1775 This explains why an S3 bucket is needed for the aws_ssm plugin, and some considerations relating to that. ISSUE TYPE Docs Pull Request COMPONENT NAME aws_ssm Reviewed-by: Mark Chappell
Summary
The SSM connector docs don't mention S3 up the top.
They only mention it in the details of the arguments, which is a bit unclear for someone completely new to this.
In the "Requirements" section, it should say
copy
commands. (One sentence explanation is probably fine.)s3:GetObject
, ors3:GetObjectVersion
, etc, or also ListBucket?)keep_remote_files=True
.Issue Type
Documentation Report
Component Name
community.aws.aws_ssm connection
Ansible Version
Collection Versions
Configuration
OS / Environment
Mac OS
Additional Information
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: