-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
community.aws.dynamodb_table ignores AWS role #486
Comments
Files identified in the description: If these files are inaccurate, please update the |
|
Files identified in the description:
If these files are inaccurate, please update the |
Hi @szpak, Thank you for reporting this. As you've guessed, the difference of behavior comes from the use of boto2. This module needs to be ported to boto3. |
Probably this is resolved now by #726 |
@marknet15 Thanks for following up here. Yes, this should be resolved by #726 and will be available with release 2.1.0 of the community.aws collection. As such I'm going to close this issue. |
Great, thanks @tremble! I will try to retest it with 2.1.0, but looking at the changes it looks fine. |
SUMMARY
community.aws.dynamodb_table
silently ignores AWS role.ISSUE TYPE
COMPONENT NAME
dynamodb_table
ANSIBLE VERSION
OS / ENVIRONMENT
Fedora 33
STEPS TO REPRODUCE
Having the following playbook:
and the following
~/.aws/config
:and
~/.aws/credentials
(not very elegant):amazon.aws.aws_caller_info
andamazon.aws.aws_s3
executes in the context of AWS role defined in a profile, whilecommunity.aws.dynamodb_table
silently ignores it (creating a table in an unexpected place/scope/account). One can even set non existing role to havecommunity.aws.dynamodb_table
executed without any problem, while the other tool fails.I realize that only
aws.dynamodb_table
is from thecommunity
package, but I put it here to ensure my AWS configuration (seems to be) ok. However, the behavior is somehow inconsistent with the documentation where theprofile
field is mentioned and no limitations about role ARNs are mentioned.Looking at that PR most suggests that the problem might be caused by the fact that dynamodb_table uses boto which might not support the aforementioned. However, I might be wrong here.
It would be good to have it supported.
ansible 2.9.18, community.aws 1.4.0, amazon.aws 1.4.1, Fedora 33.
EXPECTED RESULTS
Configured
role_arn
is used for performed operation.ACTUAL RESULTS
Configured
role_arn
is ignored and a table is created in the wrong (basic) account.The text was updated successfully, but these errors were encountered: