I'm new to AWS. My company uses AD federation to login to the AWS management console. I am trying to launch an ec2 instance via Ansible 2.7.5, but I think I need to authenticate to AWS using the sts_session_token module?
ansible 2.7.5 config file = None configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/Cellar/ansible/2.7.5/libexec/lib/python3.7/site-packages/ansible executable location = /usr/local/bin/ansible python version = 3.7.2 (default, Jan 13 2019, 12:50:15) [Clang 10.0.0 (clang-1000.11.45.5)]
My thinking is from this link here: https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwi-xbHX-_zfAhWGiOAKHUslBdAQjRx6BAgBEAU&url=https%3A%2F%2Fwww.slideshare.net%2FAmazonWebServices%2Fdelegating-access-to-your-aws-environment&psig=AOvVaw2fyLa59UGpxplzXgLCyDqB&ust=1548094527815558
My thinking is from this link here: https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwi-xbHX-_zfAhWGiOAKHUslBdAQjRx6BAgBEAU&url=https%3A%2F%2Fwww.slideshare.net%2FAmazonWebServices%2Fdelegating-access-to-your-aws-environment&psig=AOvVaw2fyLa59UGpxplzXgLCyDqB&ust=1548094527815558
For python I have boto, boto3, and botocore installed.
I have a ~/.aws/ directory with credentials and config
Credentials
[default]
aws_access_key_id =
aws_secret_access_key =
Config
[default]
region=us-east-1
output=json
Ansible Playbook
---
- hosts: localhost
gather_facts: False
tasks:
- name: Get Session Token Credentials from STS
sts_session_token:
duration_seconds: 3600
register: session_credentials
- debug:
var: session_credentials
- name: Assume Role AWS
sts_assume_role:
role_arn: "arn:aws:iam::<id+role>"
role_session_name: "session role name"
register: assumed_role
- debug:
var: assumed_role`
Errored Results:
The full traceback is: Traceback (most recent call last): File "~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py", line 113, in _ansiballz_main() File "~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py", line 105, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py", line 48, in invoke_module imp.load_module('main', mod, module, MOD_DESC) File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py", line 155, in File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py", line 151, in main File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py", line 124, in get_session_token File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py", line 2369, in fail_json File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py", line 2341, in _return_formatted File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py", line 522, in remove_values File "/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py", line 505, in _remove_values_conditions TypeError: Value of unknown type: , An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid.
fatal: [localhost]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py\", line 113, in \n _ansiballz_main()\n File \"~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"~/.ansible/tmp/ansible-tmp-1548008584.240192-70823728355706/AnsiballZ_sts_session_token.py\", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py\", line 155, in \n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py\", line 151, in main\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/main.py\", line 124, in get_session_token\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py\", line 2369, in fail_json\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py\", line 2341, in _return_formatted\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py\", line522, in remove_values\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/ansible_sts_session_token_payload_6Rj3ys/ansible_sts_session_token_payload.zip/ansible/module_utils/basic.py\", line 505, in _remove_values_conditions\nTypeError: Value of unknown type: , An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request isinvalid.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }
