not sure if that needs new topic but I see that other AWS modules also fail to pickup variables in Environment as they should .
Example is rds_instance_facts
again, I set up the sts credentials in environment block, and then the module doesn't use them ,why is that ?
Saisissez le code ici...
# playbook.yml
pre_tasks:
- name: Assume teardown devel stack role
sts_assume_role:
role_arn: "arn:aws:iam:::role/role"
role_session_name: "session"
region: "{{ region }}"
register: assumed_role
# no_log: false
- name: import roles
block:
- import_role:
name: test2
when: cf_region is defined
environment:
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token:
"{{ assumed_role.sts_creds.session_token }}
# test2.yml
- name: Get rds facts
rds_instance_facts:
# command: facts
db_instance_identifier: "{{ cf_stack_name }}"
region: "{{ cf_region }}"
register: rds
in the exec I see the temporary keys:
EXEC /bin/sh -c 'aws_secret_key=cHAyHECUKdRXeMNELOADIjPKRwdYfJR/BIY8nVMZ aws_access_key=ASIA3K27TU7xxxxxxxxxxxx
security_token=FwoGZXIvYXdzEOv//////////wEaDBTRsHoNaa4W+L0bkiK+ASTwafNPh9h+q2E6IqgZAR/MjX4eDpo/Vh2zLfFX+D/XHH/B1fCcLUaGp+6AXc0H/wqJG58dt9SQP5Dym1iLq3Xzn3rVwmEc9U+0Q3PcdbczO4qwJS/A2mr1lnZ03HV+PsT0lFbActJJ65VHcNvVCqy4sSvRd+ykeBgkkiM6L35icm8eTr5RJdnTMb2tmcHogNXteaXbaag1AjABC/114coEMspTOCPjexiPtic3io67lQvIJPK9L3gqKsMMn4Ioq7js+AUyLer/WPTStS/PBgsU8WsLrlxd/iuaU4qGgquy4+6vY5H/X7vEaSMyT/8OKo6MVg==
but the module doesn't care and bail with :
ClientError: An error occurred (AccessDenied) when calling the DescribeDBInstances operation: User: arn:aws:iam:::user/myuser is not authorized to perform: rds:DescribeDBInstances on resource
I am losing hope in ansible :(
What is the point of having a global environment if each and single AWS module requires a set of local credentials ?
please help me understand the logic here,
cheers