IMDS V2 Unauthorised Error || Guidance Required

SARANSH_BANKIWAL · July 26, 2022, 12:11am

Hello all,
Currently i was working on migration from IMDS v1 to IMDS v2 in AWS and got the below error.

FAILED! => {“changed”: false, “msg”: “Failed to retrieve metadata from AWS: HTTP Error 401: Unauthorized”, “response”: {“body”: “<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n\n<html xmlns="http://www.w3.org/1999/xhtml\” xml:lang="en" lang="en">\n \n 401 - Unauthorized\n \n \n

401 - Unauthorized

\n \n\n", “connection”: “close”, “content-length”: “343”, “content-type”: “text/html”, “date”: “Mon, 25 Jul 2022 23:26:11 GMT”, “msg”: “HTTP Error 401: Unauthorized”, “server”: “EC2ws”, “status”: 401, “url”: “http://169.254.169.254/latest/meta-data/”}}

My ansible version on this Instance is : (ansible --version)

ansible 2.9.15
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.17 (default, Jul 1 2022, 15:56:32) [GCC 7.5.0]

Can someone please in this as stuck on this.
Thanks in advance.

Rilindo_Foster1 · July 26, 2022, 12:24am

Hi Saransh,

I am going to guess that it has to do with your version of ansible as it appears 2.9 does not yet support IMDS v2, where as latest version (at least 5 and above) doesdoes, as noted in this link:

“The module is configured to utilize the session oriented Instance Metadata Service v2 (IMDSv2) https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html.”

https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_metadata_facts_module.html
https://docs.ansible.com/ansible/5/collections/amazon/aws/ec2_metadata_facts_module.html

Rilindo

SARANSH_BANKIWAL · July 26, 2022, 12:46am

Hi , thanks for the prompt response,
I read the article previously as well but was not able to install Ansible to a version of 5 or above because of less available resources. Can you please help in the same.
Thanks in advance.

Rilindo_Foster1 · July 26, 2022, 1:53am

You probably won’t be able to upgrade as long as you are using Python 2.7. You will have to figure out a way to get a newer version of Python on the machine if you intend to upgrade to the most recent version of Ansible.

Rilindo

SARANSH_BANKIWAL · July 26, 2022, 2:38am

Hi Rilindo,
As stated by you i upgraded the python version and ansible version as well. Attaching screenshots for the reference. But still the same issue persists in the Metadata fetch.

Rilindo_Foster1 · July 26, 2022, 2:43am

At this point with a supported ansible version, can you paste in the code you were using to query the metadata service?

(attachments)

SARANSH_BANKIWAL · July 26, 2022, 2:54am

PFB the used code for checking the IMDS V2 instance.

Topic		Replies	Views
Ansible unable to fetch/use temporary credentials when using metadata (IMDSv2) in Amazon linux 2023 Get Help playbook , ansible-core , aws	5	237	July 25, 2024
AWS EC2 instance create via Ansible IAM Roles instance_profile_name UnauthorizedOperation: Error Ansible Project aws	6	1	December 20, 2015
Error while using ansible with aws Ansible Project aws	0	2	June 14, 2016
Timeout errors of tests on PR to amazon.aws Get Help aws	0	21	October 29, 2024
Ansible --> Route 53 Ansible Project aws	1	0	August 29, 2018

IMDS V2 Unauthorised Error || Guidance Required

401 - Unauthorized

Related topics