I’m having trouble with boto and the ec2_tags module I’m hoping someone will know what is up.
I’m spinning up an ec2 instance and then immediately calling the ec2_facts and ec2_tags to grab data to
configure the instance. The creation and ec2_facts work without a problem, but the ec2_tags fails with
msg: No handler was ready to authenticate. 1 handlers were checked. [‘QuerySignatureV2AuthHandler’] Check your credentials
which is the typical error when the the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are not set; clearly
they are as the previous 2 calls (and the ec2 inventory plugin) are using them.
Try having the module run locally on an instance that is in an IAM role that has perms to update the tags on other instances. Boto should then get the credentials automatically from the metadata.
Thanks for the reply, the instance is created with an iam profile with very open permissions and its on this instance that the ec2_tag module is running. If I look at the metadata on the host i do see credentials for the profile
Though I’m not too sure if this enough as its still complaining. I’ve tried a number of combinations of permissions but no joy this far. If its not too sensitive, would you mind sharing what your tagging profile looks like? Cheers for your help I really appreciate it.