+# this is only ansible 2.3+
+# - name: management role policies
+# iam_role:
+# name: management
+# state: present
+# managed_policy:
+# - arn:aws:iam::{{ ACCT_ID }}:policy/base-policy
+# - arn:aws:iam::{{ ACCT_ID }}:policy/management-policy
+
+# will need to rev name-version when changing AMI