Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lookup with STS #56551

Open
wants to merge 2 commits into
base: devel
from

Conversation

Projects
None yet
5 participants
@baptistamarcelo
Copy link

commented May 16, 2019

Full example of parameter lookup using temporary credentials granted by STS AssumeRole.

SUMMARY
ISSUE TYPE
  • Docs Pull Request
COMPONENT NAME

aws_ssm

ADDITIONAL INFORMATION

Lookup with STS
Full example of parameter lookup using temporary credentials granted by STS AssumeRole.
@acozine

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Thanks @baptistamarcelo for adding examples to the Ansible documentation. There are three failures on your PR:

ERROR: lib/ansible/plugins/lookup/aws_ssm.py:102:1: W293 blank line contains whitespace (100%)
ERROR: lib/ansible/plugins/lookup/aws_ssm.py:115:161: E501 line too long (170 > 160 characters) (100%)
ERROR: lib/ansible/plugins/lookup/aws_ssm.py:120:1: W293 blank line contains whitespace (100%)

can you fix those?

@mattclay

This comment has been minimized.

Copy link
Member

commented May 22, 2019

bot_status

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

Components

lib/ansible/plugins/lookup/aws_ssm.py
support: community
maintainers:

Metadata

waiting_on: baptistamarcelo
changes_requested_by: null
needs_info: False
needs_revision: True
needs_rebase: False
merge_commits: []
too many files or commits: False
mergeable_state: unstable
shippable_status: failure
maintainer_shipits (module maintainers): False
community_shipits (namespace maintainers): False
ansible_shipits (core team members): False
shipit_actors (maintainer or core team member): None
shipit_actors_other:
automerge: automerge shipit test failed

click here for bot help

fixing PEP8
Fix for the following errors:

ERROR: lib/ansible/plugins/lookup/aws_ssm.py:102:1: W293 blank line contains whitespace (100%)
ERROR: lib/ansible/plugins/lookup/aws_ssm.py:115:161: E501 line too long (170 > 160 characters) (100%)
ERROR: lib/ansible/plugins/lookup/aws_ssm.py:120:1: W293 blank line contains whitespace (100%)
sts_assume_role:
role_arn: 'arn:aws:iam::<acc_id>:role/<role_name>'
role_session_name: "{{ aws_sts_session_name | default('ansible-session') }}"
region: '<region_name>'

This comment has been minimized.

Copy link
@s-hertel

s-hertel May 29, 2019

Contributor

In case people copy and paste this, either make '<region_name>' a variable or replace the string with a valid one. Below too. But I think creating temporary credentials for plugins/modules should be documented somewhere more central since this isn't specific to this plugin.

Also, since this plugin uses boto3 a nicer way to do this is use a profile in your config file (usually found at ~/.aws/config) that has a source profile and the role to assume. For example:

# In ~/.aws/credentials:
[development]
aws_access_key_id=foo
aws_access_key_id=bar

# In ~/.aws/config
[profile crossaccount]
role_arn=arn:aws:iam:...
source_profile=development

and then use "{{ lookup('aws_ssm', 'my-parameter', aws_profile='crossaccount'}}" to assume the role instead of needing this first setup task.

@ansibot ansibot added the stale_ci label Jun 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.