Adding-debug-3

Author: Matej Stajduhar

roles/aws/aws_backup_validation/templates/trusted_entitites.json.j2

@@ -9,7 +9,7 @@
       "Action": "sts:AssumeRole",
       "Condition": {
           "StringEquals": {
-              "aws:SourceArn": "arn:aws:events:{{ _aws_region }}:{{ _acc_id }}:rule/{{ aws_iam_role.name }}",
+              "aws:SourceArn": "arn:aws:lambda:{{ _aws_region }}:{{ _acc_id }}:function:{{ aws_iam_role.name }}",
               "aws:SourceAccount": "{{ _acc_id }}"
           }
       }

roles/aws/aws_iam_role/tasks/main.yml

@@ -25,10 +25,6 @@
   ansible.builtin.set_fact:
     allowed_strings: ["ec2", "ecs", "backup", "event"]
 
-- name: Debug vars-
-  ansible.builtin.debug:
-    msg: aws_iam_role.policy_document
-
 - name: Create assume role policy document if predefined string is passed.
   ansible.builtin.set_fact:
     _assume_role_policy: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}"
@@ -39,17 +35,6 @@
     _assume_role_policy: "{{ aws_iam_role.policy_document }}"
   when: aws_iam_role.policy_document not in allowed_strings
 
-- name: Create policy document if j2 file is provided.
-  ansible.builtin.template:
-    src: "{{ aws_iam_role.policy_document }}"
-    dest: /tmp/policy_document.json
-  when: (aws_iam_role.policy_document | basename) is match('.*\.j2$')
-
-- name: Set var for Assume policy document.
-  ansible.builtin.set_fact:
-    _assume_role_policy: "/tmp/policy_document.json"
-  when: (aws_iam_role.policy_document | basename) is match('.*\.j2$')
-
 - name: Create an IAM role {{ aws_iam_role.name }}.
   amazon.aws.iam_role:
     profile: "{{ aws_iam_role.aws_profile }}"