Ansible - AWS - Security Group

This looks like a definition of a role, not a play. If you want this to be a play you have to turn this into the ‘tasks’ section of the yaml file and specify at least hosts you want this ran against.

kind regards
Pshem

It seems like you have any tasks in your playbook. Could you show the content of the playbook?

kind regards
Pshem

Hi,

Firstly - please regenerate access keys used for that account, as now the whole internet can access your account.

Secondly - can you run the playbook with -vv to see what’s actually going on.

kind regards
Pshem

Hi Pshem,
Please find below error details with -vvv.

Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/amazon/ec2_group.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: devopsadmin
<127.0.0.1> EXEC /bin/sh -c ‘echo ~ && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163” && echo ansible-tmp-1516336698.6-150169371339163=“echo /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163” ) && sleep 0’
<127.0.0.1> PUT /tmp/tmplD4zPE TO /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163/ec2_group.py
<127.0.0.1> EXEC /bin/sh -c ‘chmod u+x /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163/ /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163/ec2_group.py && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘sudo -H -S -n -u root /bin/sh -c ‘"’“‘echo BECOME-SUCCESS-wqtfwybgoqhbfezogxxtowkktmtihqlj; /usr/bin/python /home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163/ec2_group.py; rm -rf “/home/devopsadmin/.ansible/tmp/ansible-tmp-1516336698.6-150169371339163/” > /dev/null 2>&1’”’"’ && sleep 0’
The full traceback is:
Traceback (most recent call last):
File “/tmp/ansible_jB7bqT/ansible_module_ec2_group.py”, line 487, in
main()
File “/tmp/ansible_jB7bqT/ansible_module_ec2_group.py”, line 283, in main
for curGroup in ec2.get_all_security_groups():
File “/usr/lib/python2.7/site-packages/boto/ec2/connection.py”, line 2984, in get_all_security_groups
[(‘item’, SecurityGroup)], verb=‘POST’)
File “/usr/lib/python2.7/site-packages/boto/connection.py”, line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized

<?xml version="1.0" encoding="UTF-8"?>

AuthFailureCredential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got ‘Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,SignedHeaders=host;x-amz-date,Signature=76afdaaa0c55e555680cc35ef200f75d660d90fb98022bd412e216822af4c110’f8c83e5f-a069-41eb-956a-126440cf0730

fatal: [localhost]: FAILED! => {
“changed”: false,
“failed”: true,
“module_stderr”: “Traceback (most recent call last):\n File "/tmp/ansible_jB7bqT/ansible_module_ec2_group.py", line 487, in \n main()\n File "/tmp/ansible_jB7bqT/ansible_module_ec2_group.py", line 283, in main\n for curGroup in ec2.get_all_security_groups():\n File "/usr/lib/python2.7/site-packages/boto/ec2/connection.py", line 2984, in get_all_security_groups\n [(‘item’, SecurityGroup)], verb=‘POST’)\n File "/usr/lib/python2.7/site-packages/boto/connection.py", line 1186, in get_list\n raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\nAuthFailureCredential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got ‘Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,SignedHeaders=host;x-amz-date,Signature=76afdaaa0c55e555680cc35ef200f75d660d90fb98022bd412e216822af4c110’f8c83e5f-a069-41eb-956a-126440cf0730\n”,
“module_stdout”: “”,
“msg”: “MODULE FAILURE”,
“rc”: 0

PS: I have chnaged my security creds.

Hi Pshem,
Please find below the latest error details.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ClientError: An error occurred (AuthFailure) when calling the DescribeSecurityGroups operation: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got ‘Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,’
fatal: [localhost]: FAILED! => {“changed”: false, “error”: {“code”: “AuthFailure”, “message”: “Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got ‘Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,’”}, “msg”: “Error in describe_security_groups: An error occurred (AuthFailure) when calling the DescribeSecurityGroups operation: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got ‘Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,’”, “response_metadata”: {“http_headers”: {“date”: “Fri, 19 Jan 2018 06:06:24 GMT”, “server”: “AmazonEC2”, “transfer-encoding”: “chunked”}, “http_status_code”: 401, “request_id”: “096c5f20-ff34-4c4f-b5ff-7e5216ec727d”, “retry_attempts”: 0}}

Regards,
Reddy

Hi,

Looking at your debug it’s some sort of authentication issue with AWS:

boto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized

This might mean that the keys are not correct or the user that the keys are associated with doesn’t have the permission to carry out the operation.

kind regards
Pshem