I am trying to use the amazon.aws.aws_secret lookup but I can’t figure out how.
This command returns the result I am expecting:
ansible localhost -m shell -a “aws secretsmanager get-secret-value --secret-id ansible/private-key --output text --query SecretString --profile the-honor-flight-application”
But this task in my playbook isn’t
- name: Lookup secretsmanager secret in the the-honor-flight-application profile
ansible.builtin.debug: msg=“{{ lookup(‘amazon.aws.aws_secret’, ‘ansible/private-key’, ‘region=us-east-1’, ‘profile=the-honor-flight-application’) }}”
Error while resolving value for ‘msg’: The lookup plugin ‘amazon.aws.aws_secret’ failed: Failed to find secret ansible/private-key (ResourceNotFound)"}
Anyone have an idea as to which piece to the puzzle I am missing?
Since you’re getting ResourceNotFound rather than a permissions error or a failed connection, my first suspicion would be that the secret isn’t in us-east-1. AWS’s Secrets Manager service is primarily a regional service, although it supports cross-region replication this has to be explicitly enabled. When you provide region to the lookup plugin it will override the region that is configured in the profile (or other defaults that can be picked up from various places).
Try ansible localhost -m shell -a “aws secretsmanager get-secret-value --secret-id ansible/private-key --output text --query SecretString --profile the-honor-flight-application --region us-east-1" if that fails, then the issue is that you’re trying to pull from the wrong region.