Hi there.
My team uses Ansible to manage resources across lots of different AWS accounts, and we are looking to move from using static access keys and secrets to credentials granted by IAM assume role. To do this, we’d need Ansible to be able to read credentials in an ~/.aws/config, as shown in the example below
~/.aws/credentials
[access-normal]
aws_access_key_id = XXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXX
aws_session_token = XXXXXXXXXXXXXXXXXXX
aws_security_token = XXXXXXXXXXXXXXXXXXX
~/.aws/config
[profile access-normal]
output = text
region = us-east-1
[profile powerUser]
role_arn = arn:aws:iam::XXXXXXXXXXXXX:role/PowerUser
source_profile = access-normal
region = us-east-1
ref: https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/ec2.py#L192
Do you think there is a version that use this format to access AWS resources (assuming role) for boto(2)?
Thanks