Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support STS token in aws_ssm connection plugin. #24

Closed
flavioelawi opened this issue Apr 6, 2020 · 2 comments · Fixed by #218
Closed

Support STS token in aws_ssm connection plugin. #24

flavioelawi opened this issue Apr 6, 2020 · 2 comments · Fixed by #218
Labels
affects_2.10 feature This issue/PR relates to a feature request has_pr module module needs_triage plugins plugin (any type)

Comments

@flavioelawi
Copy link
Contributor

SUMMARY

The current implementation of the aws_ssm connection plugin relies on the exported environment variables, or on a default connection profile being configured on the controller.
An ideal implementation would allow the task caller to pass an STS token, for example in cases where there is a cross-account trust policy and the node is able to retrieve such session token and execute tasks in the target account.
This would also allow a more versatile usage from the API, by dynamically assume the target role STS session and pass it to each invocation.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

aws_ssm.py connection plugin

ADDITIONAL INFORMATION

This is how a task can be called with all the sts parameters:

---
- hosts: all
  vars:
    ansible_aws_ssm_region: us-east-1
    bucket_name: helper-bucket-flavioelawi
    ansible_aws_ssm_access_key_id: <THE_ACCESS_KEY_ID>
    ansible_aws_ssm_secret_access_key: <THE_SECRET_KEY>
    ansible_aws_ssm_session_token: <THE_SESSION_TOKEN>
  tasks:
  - name: test stat
    stat:
      path: /etc/foo.conf
    register: file_details
  - debug:
      msg: "file or dir exists"
    when: file_details.stat.exists
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot ansibullbot added affects_2.10 feature This issue/PR relates to a feature request has_pr module module needs_triage labels Aug 19, 2020
@ansibullbot ansibullbot added the plugins plugin (any type) label Aug 28, 2020
flavioelawi added a commit to flavioelawi/community.aws that referenced this issue Sep 1, 2020
Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token

Co-authored-by: Mark Chappell <[email protected]>
tremble pushed a commit that referenced this issue Sep 2, 2020
* aws_ssm connection plugin: add STS token parameters.

Fixes #24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue Jul 19, 2021
…ions#218)

* aws_ssm connection plugin: add STS token parameters.

Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue Jul 19, 2021
…ions#218)

* aws_ssm connection plugin: add STS token parameters.

Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
affects_2.10 feature This issue/PR relates to a feature request has_pr module module needs_triage plugins plugin (any type)
Projects
None yet
2 participants