-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support STS token in aws_ssm connection plugin. #24
Labels
affects_2.10
feature
This issue/PR relates to a feature request
has_pr
module
module
needs_triage
plugins
plugin (any type)
Comments
Files identified in the description: If these files are inaccurate, please update the |
ansibullbot
added
affects_2.10
feature
This issue/PR relates to a feature request
has_pr
module
module
needs_triage
labels
Aug 19, 2020
flavioelawi
added a commit
to flavioelawi/community.aws
that referenced
this issue
Sep 1, 2020
Fixes ansible-collections#24 Add the following parameters to aws_ssm.py connection plugin: * ansible_aws_ssm_access_key_id * ansible_aws_ssm_secret_access_key * ansible_aws_ssm_session_token Co-authored-by: Mark Chappell <[email protected]>
tremble
pushed a commit
that referenced
this issue
Sep 2, 2020
* aws_ssm connection plugin: add STS token parameters. Fixes #24 Add the following parameters to aws_ssm.py connection plugin: * ansible_aws_ssm_access_key_id * ansible_aws_ssm_secret_access_key * ansible_aws_ssm_session_token
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this issue
Jul 19, 2021
…ions#218) * aws_ssm connection plugin: add STS token parameters. Fixes ansible-collections#24 Add the following parameters to aws_ssm.py connection plugin: * ansible_aws_ssm_access_key_id * ansible_aws_ssm_secret_access_key * ansible_aws_ssm_session_token
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this issue
Jul 19, 2021
…ions#218) * aws_ssm connection plugin: add STS token parameters. Fixes ansible-collections#24 Add the following parameters to aws_ssm.py connection plugin: * ansible_aws_ssm_access_key_id * ansible_aws_ssm_secret_access_key * ansible_aws_ssm_session_token
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
affects_2.10
feature
This issue/PR relates to a feature request
has_pr
module
module
needs_triage
plugins
plugin (any type)
SUMMARY
The current implementation of the aws_ssm connection plugin relies on the exported environment variables, or on a default connection profile being configured on the controller.
An ideal implementation would allow the task caller to pass an STS token, for example in cases where there is a cross-account trust policy and the node is able to retrieve such session token and execute tasks in the target account.
This would also allow a more versatile usage from the API, by dynamically assume the target role STS session and pass it to each invocation.
ISSUE TYPE
COMPONENT NAME
aws_ssm.py connection plugin
ADDITIONAL INFORMATION
This is how a task can be called with all the sts parameters:
The text was updated successfully, but these errors were encountered: