I am starting to use ansible for my AWS environment and have run into a few snags with the STS Module. I am relatively new to ansible, so it may just be user error 
Apologies if these are
Issue #1:
I have set thefollowing variables:
sts_role_arn: āarn:aws:iam::1234567890:role/My_AccountAccessRoleā
sts_role_session_name: āansibleā
aws_access_key: ###key####
aws_secret_key: ###key###
However it seems to be trying to run the sts_assume_role as the instance, rather than the user, as the error shows:
User: arn:aws:sts::9876543210:assumed-role/My_EC2InstanceRole/i-00000000000000 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::1234567890:role/My_AccountAccessRole
If I run any commands using the aws cli, they work correctly. IE if I run: aws ec2 describe-instances --profile MyProfile | egrep āSubnetId|AvailabilityZone|testā, it returns the details. The profile contains a line of "role_arn = arn:aws:iam::1234567890:role/My_AccountAccessRole, but these are running as the user, rather than the instance.
Issue #2:
It doesnt seem to read the ~/.aws/config file for a profile. If I set āprofile: MyProfileā and this profile exists in ~/.aws/config, it till returns a ānboto.provider.ProfileNotFoundError: Profile "MyProfile" not found!\nā error. As stated above, if i use the cli with the --profile flag, it works fineā¦
Ansible was installed using git clone, make rpm, rpm -e.
Details:
[briano@ip-XXX-xx-XXX-xx tasks]$ ansible --version
ansible 2.3.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.12 (default, Sep 1 2016, 22:14:00) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)]
[briano@ip-XXX-xx-XXX-xx tasks]$ cat /etc/os-release
NAME=āAmazon Linux AMIā
VERSION=ā2017.03ā
ID=āamznā
ID_LIKE=ārhel fedoraā
VERSION_ID=ā2017.03ā
PRETTY_NAME=āAmazon Linux AMI 2017.03ā
ANSI_COLOR=ā0;33ā
CPE_NAME=ācpe:/o:amazon:linux:2017.03:gaā
HOME_URL=āhttp://aws.amazon.com/amazon-linux-ami/ā
Thanks for any help, and if i am in the wrong place, please let me know!
B