From 7b90520de37b5cd2bac5b0cd352ba454eb439464 Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Wed, 20 May 2026 21:48:17 -0600 Subject: [PATCH 1/2] docs(ansible): clarify aws_iam cloud_id flow (DOCS-493) --- .../ansible-awx-plugin/ansible-plugin.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md index ed47563d3..630521fbd 100644 --- a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md +++ b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md @@ -26,6 +26,8 @@ Before using the Akeyless Ansible plugin, ensure the following prerequisites are pip install akeyless ``` + * For `aws_iam` authentication, install the Akeyless CLI when the playbook must generate `cloud_id` explicitly. For installation steps, see [Akeyless CLI documentation](https://docs.akeyless.io/docs/cli). + * Access to an Akeyless Authentication Method (for example, API Key, AWS IAM, Azure AD, OIDC, or Certificate) with a valid `access_id` and required credentials. * Network access from the Ansible control node to `https://api.akeyless.io` (or to your Akeyless Gateway endpoint if applicable). @@ -170,6 +172,31 @@ login: uid_token: '' ``` +### AWS IAM cloud identity for login + +In some environments, `akeyless.secrets_management.login` with `access_type: 'aws_iam'` may require an explicit `cloud_id` value. + +Generate the value with the Akeyless CLI, then pass it to the `login` task: + +```yaml +- name: Generate cloud identity for AWS IAM + ansible.builtin.command: akeyless get-cloud-identity --cloud-provider aws_iam + register: aws_identity + changed_when: false + +- name: Login via AWS IAM + login: + akeyless_api_url: 'https://api.akeyless.io' + access_id: '' + access_type: 'aws_iam' + cloud_id: '{{ aws_identity.stdout | trim }}' + register: auth_res +``` + +> ℹ️ **Note:** +> +> `cloud_id` is the full output from `akeyless get-cloud-identity --cloud-provider aws_iam`. + Where: * `akeyless_api_url`: Gateway URL API V2 endpoint that is `https://Your_GW_URL:8000/api/v2`. From bf35fef3de04708ca9b3da748f1158e5caf5af22 Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Wed, 20 May 2026 21:53:53 -0600 Subject: [PATCH 2/2] docs(ansible): fix prerequisites bullet indentation in ansible plugin page --- .../plugins-overview/ansible-awx-plugin/ansible-plugin.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md index 630521fbd..5efcb1e66 100644 --- a/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md +++ b/docs/Integrations & Plugins/plugins-overview/ansible-awx-plugin/ansible-plugin.md @@ -20,14 +20,13 @@ Before using the Akeyless Ansible plugin, ensure the following prerequisites are * Python 3 installed on the Ansible control node. * Ansible installed. +* For `aws_iam` authentication, install the Akeyless CLI when the playbook must generate `cloud_id` explicitly. For installation steps, see [Akeyless CLI documentation](https://docs.akeyless.io/docs/cli). * The Akeyless Python package installed: ```shell pip install akeyless ``` - * For `aws_iam` authentication, install the Akeyless CLI when the playbook must generate `cloud_id` explicitly. For installation steps, see [Akeyless CLI documentation](https://docs.akeyless.io/docs/cli). - * Access to an Akeyless Authentication Method (for example, API Key, AWS IAM, Azure AD, OIDC, or Certificate) with a valid `access_id` and required credentials. * Network access from the Ansible control node to `https://api.akeyless.io` (or to your Akeyless Gateway endpoint if applicable).