Invalid security_token in cloudformation module

Vicent_Soria · August 5, 2015, 3:27pm

Hi,

I’m trying to manage a cloudformation stack with assume role credentials.

I exported AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN as environment variables.

- name: my cloudformation task
  cloudformation:
    stack_name: "my_stack"
    region: "{{ region }}"
    template: "template.json"
    state: present

When I run the playbook, this is the error:

failed: [localhost] => {“failed”: true}
msg: The security token included in the request is invalid.

If I try to create an ec2 key, it works fine:

name: test
ec2_key:
region: “{{ region }}”
name: example

    state: present

I tried with temporary credentials created with aws cli and boto.

I have ansible 1.9.2 and boto 2.38 installed.

Could you help me?

Thank you!

Vicent_Soria · August 13, 2015, 5:25pm

Anyone?

Dan_Farrell · September 23, 2015, 2:29am

yeah, what gives? The CLI commands work fine in my environment too.

John_Heller · October 22, 2015, 3:11am

I’ve encountered this too. After some investigation, I’ve discovered its a bug in Ansible/boto. The security token is not being passed through to boto and the AWS API call.

Looking at GitHub, it has been fixed, and the fix is in the v2.0 code, but it did not make it to the 1.9.x code. Go figure.

I got around it by copying the v2 cloudformation module code into my module library. That works properly with assumed role credentials, and appears to be otherwise backward compatible.

Topic		Views
cloudformation module support for AWS Security Token Ansible Project aws	2	September 25, 2014
cloudformation module support for AWS Security Token Ansible Developer aws	6	December 25, 2014
security token for ec2* modules Ansible Project aws	4	February 21, 2014
AWS sts in stable-1.9? Ansible Developer aws	2	November 28, 2015
exception for cloudformation module Ansible Project ubuntu	2	November 9, 2015

Invalid security_token in cloudformation module

Related topics