---
|
- name: Set account arn
|
set_fact:
|
account_arn: "arn:aws:iam::{{ account_id }}:role/{{ aws_role_name }}"
|
|
- debug:
|
var: account_arn
|
|
- name: Check if profile already exists in ~/.aws/config
|
shell: >-
|
grep -q '\[profile {{ account_profile }}\]' ~/.aws/config
|
register: _grepprofile
|
failed_when: false
|
changed_when: false
|
|
- name: Creating a new AWS profile for the new account if not present
|
when: _grepprofile.rc != 0
|
shell: |-
|
(flock 10 || exit 1
|
aws --profile {{ account_profile }} configure set region {{ aws_region }}
|
aws --profile {{ account_profile }} configure set role_arn {{ account_arn }}
|
aws --profile {{ account_profile }} configure set source_profile {{ aws_master_profile }}
|
) 10> /tmp/awsprofile.lock
|
