Authentication error retrieving ec2 inventory. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct

3
votes

We're using Ansible and aws-cli for deployment, configuration management and orchestration of our application.It's a great way to automate those process.
Unfortunately, from time to time (I can't point exactly when, but it happens after few days of working with ansible) I'm getting the following message:

Authentication error retrieving ec2 inventory. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct

I'm using Ubuntu 14.04 for running ansible, I'm not changing anything related to aws access-key or secret-key. I also tried to work with boto but acts the same. The only thing that helps is restart my machine.
Any idea, what can cause this problem?

Thanks, Effi

2
amazon-ec2ubuntu-14.04ansiblebotoansible-playbook
Please, share how did you set the credentials, environment vars? and more details. If you are using awscli, I suppose that you check k first the connection with aws ec2 describe instances?Raul Hugo
Try setting up the credentials, in the aws cli, is more stable qith the command --> aws configureRaul Hugo
Thanks Raul, but aws configure didn't help :(Effi Bar-She'an
I setup AWS_SECRET_ACCESS_KEY and AWS_SECRET_ACCESS_KEY as env. variables export AWS_ACCESS_KEY_ID=XXX export AWS_SECRET_ACCESS_KEY=XXXEffi Bar-She'an

2 Answers

13
votes

Seems like amazon authentication mechanism uses client time stamp, see: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationTimeStamp

Time Stamp Requirement
A valid time stamp (using either the HTTP Date header or an x-amz-date alternative) is mandatory for authenticated requests. Furthermore, the client timestamp included with an authenticated request must be within 15 minutes of the Amazon S3 system time when the request is received.

So I used (https://askubuntu.com/questions/81293/what-is-the-command-to-update-time-and-date-from-internet): 

sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"

in order to update my date time, and it fixed :)

-1
votes

I would assume that it was running before and now it is not working. Make sure your aws cli parameters are all set and aws user has access to run ansible script. Just run date command on your machine and see whether you have correct time. If not, use time server to update your machine time and it should resolve your issue.