I've got a new Ansible AWX server running and one of the things I'd like to do with it is to create an AMI of AWS instances before then installing regular updates to the instances.
I've got the playbooks working well with regards to installing updates, but I cannot get the AWX UI to correctly pass AWS credentials via a template.
I'm running a test template which only does the AMI creation and i consistently fails with a message about not finding the credentials.
AWX has a credentials section. I've added the access key and secret key of an IAM user that has the right permissions to do this. Despite adding that credentials to the job template, this is the output I am getting:
{
"_ansible_parsed": true,
"exception": "Traceback (most recent call last):\n File \"/tmp/ansible_fj8G6M/ansible_module_ec2_ami.py\", line 433, in create_image\n image_id = connection.create_image(**params).get('ImageId')\n File \"/usr/lib/python2.7/site-packages/botocore/client.py\", line 320, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File \"/usr/lib/python2.7/site-packages/botocore/client.py\", line 610, in _make_api_call\n operation_model, request_dict)\n File \"/usr/lib/python2.7/site-packages/botocore/endpoint.py\", line 102, in make_request\n return self._send_request(request_dict, operation_model)\n File \"/usr/lib/python2.7/site-packages/botocore/endpoint.py\", line 132, in _send_request\n request = self.create_request(request_dict, operation_model)\n File \"/usr/lib/python2.7/site-packages/botocore/endpoint.py\", line 116, in create_request\n operation_name=operation_model.name)\n File \"/usr/lib/python2.7/site-packages/botocore/hooks.py\", line 356, in emit\n return self._emitter.emit(aliased_event_name, **kwargs)\n File \"/usr/lib/python2.7/site-packages/botocore/hooks.py\", line 228, in emit\n return self._emit(event_name, kwargs)\n File \"/usr/lib/python2.7/site-packages/botocore/hooks.py\", line 211, in _emit\n response = handler(**kwargs)\n File \"/usr/lib/python2.7/site-packages/botocore/signers.py\", line 90, in handler\n return self.sign(operation_name, request)\n File \"/usr/lib/python2.7/site-packages/botocore/signers.py\", line 157, in sign\n auth.add_auth(request)\n File \"/usr/lib/python2.7/site-packages/botocore/auth.py\", line 356, in add_auth\n raise NoCredentialsError\nNoCredentialsError: Unable to locate credentials\n",
"_ansible_no_log": false,
"botocore_version": "1.12.16",
"changed": false,
"invocation": {
"module_args": {
"enhanced_networking": null,
"purge_tags": false,
"launch_permissions": null,
"ramdisk_id": null,
"no_reboot": false,
"ec2_url": null,
"aws_secret_key": null,
"billing_products": null,
"state": "present",
"virtualization_type": "hvm",
"sriov_net_support": null,
"architecture": "x86_64",
"profile": null,
"image_location": null,
"description": "",
"tags": {
"Name": "i-sdfsdf987987"
},
"kernel_id": null,
"image_id": null,
"wait_timeout": 900,
"wait": false,
"aws_access_key": null,
"name": "i-sdfsdf987987",
"security_token": null,
"delete_snapshot": false,
"region": "eu-west-2",
"instance_id": "i-sdfsdf987987",
"root_device_name": null,
"validate_certs": true,
"device_mapping": null
}
},
"msg": "Error registering image: Unable to locate credentials",
"boto3_version": "1.9.16"
And this is my playbook:
---
- hosts: all
remote_user: "{{ remote_user }}"
become: yes
tasks:
- name: create an ami
ec2_ami:
instance_id: "{{ instance_id }}"
name: "{{ instance_id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ instance_id }}"
If I add the credentials manually as a variable on the host in the AWX UI, then add the lines:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
then all is well. But that would seem to ignore the obvious advantages of using the credential storage support of AWX.
Environment details:
- ansible 2.6.4
- awx version 1.0.7.2
- ubuntu 18.04.1
Can anyone see what I'm doing wrong?
