Hi All,
Here is my lab setup
ansible-master
node1
node2
All are on AWS (EC2 Instances)
I attached IAM Role (Administrator) to my Ansible-master
aws_ec2.yaml
plugin: aws_ec2
#aws_profile: default
regions:
Contents of ansible.cfg
enable_plugins = host_list, virtualbox, yaml, constructed, aws_ec2, script, ini, auto, toml
Still Ansible-inventory command doesn’t retreive my node1 and node2.
Can someone help me in this.
-jalsaman
Do you have boto3 and botocore installed on ansible-master?
You could check you have the profile attached with the aws CLI by running aws sts get-caller-identity on ansible-master, and verify you have a permissions attached to the profile with aws ec2 describe-instances
If the aws_ec2 inventory plugin had an issue you should see a warning, for example
“[WARNING]: * Failed to parse aws_ec2.yml with auto plugin: Failed to import the required Python library (botocore and boto3)…”
or
“[WARNING]: * Failed to parse aws_ec2.yml with auto plugin: Failed to describe instances: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the
request is invalid.”
Also just to note, aws_ec2 doesn’t need to be configured (the auto plugin will parse it).
Hi Shertel,
Thanks for reaching out.
I tried
aws sts get-caller-identity
“UserId”: “AROAXGJWXEQ4XFI6D6IEG:i-0fb418d79eda012548”,
“Account”: “49457287212458”,
“Arn”: “arn:aws:sts::49457287212345:assumed-role/aws-ec2-ansible/i-0fb418d79eda012548”
ubuntu@ip-172-31-17-69:~/ansible$ ansible-inventory -i aws_ec2.yaml --list
[WARNING]: Collection amazon.aws does not support Ansible version 2.10.8
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with yaml plugin: Plugin configuration YAML file, not YAML
inventory
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with constructed plugin: Incorrect plugin name in file:
aws_ec2
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with
ansible_collections.amazon.aws.plugins.inventory.aws_ec2 plugin: ‘super’ object has no attribute ‘get_options’
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with ini plugin: Invalid host pattern ‘plugin:’ supplied,
ending in ‘:’ is not allowed, this character is reserved to provide a port.
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with auto plugin: ‘super’ object has no attribute
‘get_options’
[WARNING]: Unable to parse /home/ubuntu/ansible/aws_ec2.yaml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
{
“_meta”: {
“hostvars”: {}
},
“all”: {
“children”: [
“ungrouped”
]
}
}
ubuntu@ip-172-31-17-69:~/ansible$ aws ec2 describe-instances
An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials
ubuntu@ip-172-31-17-69:~/ansible$
I tried AWS configure and everything is just blank
Regards,
jalsaman
[WARNING]: * Failed to parse /home/ubuntu/ansible/aws_ec2.yaml with
ansible_collections.amazon.aws.plugins.inventory.aws_ec2 plugin: ‘super’ object has no attribute ‘get_options’
amazon.aws 6.4.0 requires ansible-core >=2.12.0, the plugin will not work with older versions
The instance profile needs to have permission for ec2:DescribeInstances. If you create an IAM role and attach a policy that allows it, you can add it to the instance profile (AddRoleToInstanceProfile - AWS Identity and Access Management). Or if you already have an IAM role associated with the instance profile, you may just need to adjust the policy (Testing IAM policies with the IAM policy simulator - AWS Identity and Access Management).
Speaking of aws configure, I guess it doesn’t show metadata, you could get temporary credentials this way though IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud.
