diff --git a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md index ed47563d3..5efcb1e66 100644 --- a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md +++ b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md @@ -20,6 +20,7 @@ Before using the Akeyless Ansible plugin, ensure the following prerequisites are * Python 3 installed on the Ansible control node. * Ansible installed. +* For `aws_iam` authentication, install the Akeyless CLI when the playbook must generate `cloud_id` explicitly. For installation steps, see [Akeyless CLI documentation](https://docs.akeyless.io/docs/cli). * The Akeyless Python package installed: ```shell @@ -170,6 +171,31 @@ login: uid_token: '' ``` +### AWS IAM cloud identity for login + +In some environments, `akeyless.secrets_management.login` with `access_type: 'aws_iam'` may require an explicit `cloud_id` value. + +Generate the value with the Akeyless CLI, then pass it to the `login` task: + +```yaml +- name: Generate cloud identity for AWS IAM + ansible.builtin.command: akeyless get-cloud-identity --cloud-provider aws_iam + register: aws_identity + changed_when: false + +- name: Login via AWS IAM + login: + akeyless_api_url: 'https://api.akeyless.io' + access_id: '' + access_type: 'aws_iam' + cloud_id: '{{ aws_identity.stdout | trim }}' + register: auth_res +``` + +> ℹ️ **Note:** +> +> `cloud_id` is the full output from `akeyless get-cloud-identity --cloud-provider aws_iam`. + Where: * `akeyless_api_url`: Gateway URL API V2 endpoint that is `https://Your_GW_URL:8000/api/v2`.