Invalid security_token in cloudformation module

[Vicent Soria]

Hi,

I'm trying to manage a cloudformation stack with assume role credentials.

I exported AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN as environment variables.

- name: my cloudformation task
  cloudformation:
    stack_name: "my_stack"
    region: "{{ region }}"
    template: "template.json"
    state: present

When I run the playbook, this is the error:

failed: [localhost] => {"failed": true}
msg: The security token included in the request is invalid.

 

If I try to create an ec2 key, it works fine:

- name: test

  ec2_key:
    region: "{{ region }}"
    name: example

    state: present

I tried with temporary credentials created with aws cli and boto.

I have ansible 1.9.2 and boto 2.38 installed.

Could you help me?

Thank you!

[Vicent Soria]

Anyone?

[Dan Farrell]

yeah, what gives?  The CLI commands work fine in my environment too.  

[John Heller]

I've encountered this too. After some investigation, I've discovered its a bug in Ansible/boto. The security token is not being passed through to boto and the AWS API call.

Looking at GitHub, it has been fixed, and the fix is in the v2.0 code, but it did not make it to the 1.9.x code. Go figure.

I got around it by copying the v2 cloudformation module code into my module library. That works properly with assumed role credentials, and appears to be otherwise backward compatible.