I am using machine on gcp and have workload identity federation to access route53 in aws. Via CLI interface it is able to create entry over route53 but when using ansible playbook it is giving error.
File “/usr/local/lib/python2.7/dist-packages/boto/auth.py”, line 1021, in get_auth_handler
‘Check your credentials’ % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. [‘HmacAuthV3Handler’] Check your credentials
The error is pretty self-explanatory, you are not giving the playbook the proper credentials. When running through CLI, I believe AWS calls default to your AWS CLI credentials/config settings. Ansible does not. So, for example, whenever I have to run an AWS module in a task, I have to add an environment variable specifically defining the AWS Profile I am using.
So, for example, a Route 53 call for me looks like this (key being the environment section):
- name: Create Route 53 record
delegate_to: localhost
environment:
AWS_PROFILE: "ansible-devops"
amazon.aws.route53:
state: present
zone: "{{ route53_zone }}"
record: "{{ sso_url_name }}.{{ route53_zone }}"
type: "{{ route53_record_type }}"
ttl: "{{ route53_ttl }}"
value: "{{ alb_dns_name }}"
wait: true
overwrite: true
Hope this helps!