Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws_ssm connection plugin: add STS token parameters. #218

Merged

Conversation

flavioelawi
Copy link
Contributor

SUMMARY

Fixes #24

Add the following parameters to aws_ssm.py connection plugin:

  • ansible_aws_ssm_access_key_id
  • ansible_aws_ssm_secret_access_key
  • ansible_aws_ssm_session_token
ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

This implements some basic STS token management, that can be passed as parameters to the task when the aws_ssm connection plugin is involved, the parameters are scoped to the plugin namespace.

ADDITIONAL INFORMATION

If you have a role that you allowed to assume in a target account, you would need to assume such role in the target account before invoking the task; this example comes from an invocation by using ansible APIs, where even assuming the role in the target account, the connection plugin was still executing under the controller-node account session.

flavioel/.virtualenvs/ansible_ssm/lib/python3.6/site-packages/botocore/client.py\", line 626, in _make_api_call\n    raise error_class(parsed_response, operation_name)\nbotocore.errorfactor
y.TargetNotConnected: An error occurred (TargetNotConnected) when calling the StartSession operation: i-01234567890123456 is not connected.\n",

By implementing the changes in this PR I am able to pass an STS token as a parameter to the task, letting it execute under the target account context.

This change also allows for backward compatibility as if nothing is specified (no OS environment variables, no parameters) the boto3 client will automatically select the default profile configured on the controller.

Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token

Co-authored-by: Mark Chappell <[email protected]>
Copy link
Contributor

@tremble tremble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor change to the changelog formatting that I'm just going to push. Otherwise LGTM, thanks for your efforts here.

@flavioelawi
Copy link
Contributor Author

thanks @tremble and sorry for the pr mess

@tremble tremble merged commit a147040 into ansible-collections:main Sep 2, 2020
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this pull request Jul 19, 2021
…ions#218)

* aws_ssm connection plugin: add STS token parameters.

Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this pull request Jul 19, 2021
…ions#218)

* aws_ssm connection plugin: add STS token parameters.

Fixes ansible-collections#24

Add the following parameters to aws_ssm.py connection plugin:

* ansible_aws_ssm_access_key_id
* ansible_aws_ssm_secret_access_key
* ansible_aws_ssm_session_token
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this pull request May 25, 2022
The `ForwardConfig` key of the action is optional. Its presence
during the `compare_listeners()` or `compare_rules()` evaluation
breaks the comparison between the expectation and current state.

With this patch, we ignore the key IF this structure is not required.

Closes: ansible-collections#218
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support STS token in aws_ssm connection plugin.
3 participants