我是AWS的新手。我的公司使用AD联盟登录到AWS管理控制台。我正试图通过Ansible 2.7.5启动一个ec2实例,但我认为我需要使用sts_section_token模块向AWS进行身份验证?
可解释2.7.5config file=无配置的模块搜索路径=['~/.assible/plugins/modules','/usr/share/assible/pplugins/modules']ansible python模块位置=/usr/local/Cellar/ansible/2.7.5/libexec/lib/python3.7/site-packages/ansible可执行文件位置=/usr/local/bin/ansiblepython版本=3.7.2(默认,2019年1月13日,12:50:15)[Crang 10.0.0(Clang-1000.11.45.5)]
我的想法来自这里的链接:https://www.google.com/url?sa=i&source=图像&cd=&cad=rja&uact=8&ved=2ahUKEwi xbHX_zfAhWGiOAKHUslBdAQjRx6BAgBEAU&url=https%3A%2F%2Fwww.slideshare.net%2FAmazonWebServices%2F委派访问您的aws环境&psig=AOvVaw2fyLa59UGpxplzXgLCyDqB&ust=1548094527815558
我的想法来自这里的链接:https://www.google.com/url?sa=i&source=图像&cd=&cad=rja&uact=8&ved=2ahUKEwi xbHX_zfAhWGiOAKHUslBdAQjRx6BAgBEAU&url=https%3A%2F%2Fwww.slideshare.net%2FAmazonWebServices%2F委派访问您的aws环境&psig=AOvVaw2fyLa59UGpxplzXgLCyDqB&ust=1548094527815558
对于python,我安装了boto、boto3和botocore。
我有一个~/.aws/目录,其中包含凭据和配置
凭证
[默认]
aws_access_key_id=
aws_secret_access_key=
配置
[默认]
region=us-east-1
输出=json
可靠的行动手册
---
- hosts: localhost
gather_facts: False
tasks:
- name: Get Session Token Credentials from STS
sts_session_token:
duration_seconds: 3600
register: session_credentials
- debug:
var: session_credentials
- name: Assume Role AWS
sts_assume_role:
role_arn: "arn:aws:iam::<id+role>"
role_session_name: "session role name"
register: assumed_role
- debug:
var: assumed_role`
错误结果:
完整的回溯是:追踪(最近一次通话):文件"~/.ansible/tmp/ansible-tmp-1548005854.2440192-70823728355706/AnsiballZ_sts_session_token.py",第113行,位于_ansiballz_main()文件"~/.assible/tmp/assible-tmp-1548005854.240192-70823728355706/AssiballZ_sts_session_token.py",第105行,在_AnsiballZ_main中invoke_module(zipped_mod、temp_path、ANSIBALLZ_PARAMS)invoke_module中的文件"~/.ansible/tmp/ansible-tmp-1548005854.240192-70823728355706/AnsiballZ_sts_session_token.py",第48行imp.load_module('main',mod,module,mod_DESC)文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_payload_6Rj3ys/main.py",第155行,位于文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_payload_6Rj3ys/main.py",第151行,在main中文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_pyload_6Rj3ys/main.py",第124行,在get_session_ken中文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_payload_6Rj3ys/assible_sts_session_token_paiload.zip/assible/module_utils/basic.py",第2369行,故障_json_return_formated中的文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_paiload_6Rj3ys/assible_sts_session_token_payload.zip/assible/module_utils/basic.py",第2341行文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_payload_6Rj3ys/assible_sts_session_token_paiload.zip/assible/module_utils/basic.py",第522行,remove_values文件"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_payload_6Rj3ys/assible_sts_session_token_paiload.zip/assible/module_utils/basic.py",第505行,在_remove_values_conditions中TypeError:未知类型的值:,调用GetSessionToken操作时发生错误(InvalidClientTokenId):请求中包含的安全令牌无效。
致命:[localhost]:失败!=>{"changed":false,"module _stderr":"Traceback(最后一次调用):\n File \"~/.assible/tmp/assible-tmp-1548008854.401902-70823728355706/AnsiballZ_sts_session_token.py\",第113行,在_AnsiballZ_main()中\n File \"~/.ansible/tmp/Assible-tmp-1548005854.4019092-7082372835.5706/AssiballZ-sts_session_togen.py\",第105行,在_AnsiballZ _main中\n invoke_module(zipped_mod,temp_path,AnsiballZ_PA RAMS)\n文件\"~/.assible/tmp/assible-tmp-1548008854.2440192-70823728355706/AssiballZ_sts_session_token.py\",第48行,invoke_module imp.load_module('main',mod,module,mod_DESC)\n File \"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_paiload_6Rj3ys/main.py\",文件中的第155行\"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_paiload_6Rj3ys/main.py\",第151行,在main文件中"/var/folders/gn/1zrt_ymj2_qf1dqyz6rgk 99ymbz 39/T/ansible_sts_ession_token_pyload_6Rj3ys/main\py\",第124行,在get_session_token文件中"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_paiload_6Rj3ys/assible-sts_session_token_payload.zip/assible/module_utils/basic.py\",第2369行,在fail_json文件中"/var/folders/gn/1zrt_ymj2_qf1dqyz6rgk 99ymbz 39/T/ansible_sts_ession_token_pyload_6Rj3ys/ansible_sts_session_token-paiload.zip/ansible/module_utils/basic.py\",第2341行,在_return_formatted\n文件中\"/var/folders/gn/2zrt_ymj2_qf1dqysz6rgk99ymbz39/T/assible_sts_session_token_paiload_6Rj3ys/assible-sts_session_token_payload.zip/assible/module_utils/basic.py\",第522行,在remove_values文件中"/var/folders/gn/1zrt_ymj2_qf1dqyz6rgk 99ymbz 39/T/ansible_sts_ession_token_pyload_6Rj3ys/ansible_sts_session_token_pailooad.zip/ansible/module_utils/basic.py\",第505行,在_remove_values_conditions\n类型错误:未知类型的值:,调用GetSessionToken操作时发生错误(InvalidClientTokenId):请求中包含的安全令牌无效。\n","module_stdout":","msg":"模块故障\n有关确切错误,请参阅stdout/stderr","rc":1}
您需要尝试使用EC2模块并安装boto并对其进行配置。您可以在此处找到示例剧本。这是最简单的方法。但建议不要将凭据存储在EC2实例(您的ansible框)中,并建议使用AWS角色。