community.aws
community.aws copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
msg: The following modules failed to execute: ansible.legacy.setup
Summary
Hello,
First time set to aws_ssm for both linux and windows using the community.aws.aws_ssm plugin to connect to the ec2 instances. The connection looks ok, but failing with the weird syntax error which im not able to figure it out.
I have created a S3 with SSE enabled for temp copy to execute the ansible playbooks.
Issue Type
Bug Report
Component Name
community.aws.aws_ssm, ansible.legacy.setup
Ansible Version
$ ansible --version
```$ ansible --version
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
ansible [core 2.12.5]
config file = /Users/a1022933/git/ansible-platforms/playbooks/migration/ansible.cfg
configured module search path = ['/Users/a1022933/git/ansible-platforms/ssm/community.aws/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/a1022933/git/ansible-platforms/galaxy/collections
executable location = /usr/local/bin/ansible
python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
jinja version = 3.1.2
libyaml = True
### Collection Versions
```console (paste below)
$ ansible-galaxy collection list
```$ ansible-galaxy collection list
# /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 2.2.0
ansible.netcommon 2.6.1
ansible.posix 1.3.0
ansible.utils 2.6.0
ansible.windows 1.9.0
arista.eos 3.1.0
awx.awx 19.4.0
azure.azcollection 1.12.0
check_point.mgmt 2.3.0
chocolatey.chocolatey 1.2.0
cisco.aci 2.2.0
cisco.asa 2.1.0
cisco.intersight 1.0.18
cisco.ios 2.8.1
cisco.iosxr 2.9.0
cisco.ise 1.2.1
cisco.meraki 2.6.1
cisco.mso 1.4.0
cisco.nso 1.0.3
cisco.nxos 2.9.1
cisco.ucs 1.8.0
cloud.common 2.1.1
cloudscale_ch.cloud 2.2.1
community.aws 2.4.0
community.azure 1.1.0
community.ciscosmb 1.0.4
community.crypto 2.2.4
community.digitalocean 1.16.0
community.dns 2.1.0
community.docker 2.4.0
community.fortios 1.0.0
community.general 4.8.0
community.google 1.0.0
community.grafana 1.4.0
community.hashi_vault 2.4.0
community.hrobot 1.3.0
community.kubernetes 2.0.1
community.kubevirt 1.0.0
community.libvirt 1.0.2
community.mongodb 1.3.3
community.mysql 2.3.5
community.network 3.1.0
community.okd 2.1.0
community.postgresql 1.7.2
community.proxysql 1.3.2
community.rabbitmq 1.1.0
community.routeros 2.0.0
community.sap 1.0.0
community.skydive 1.0.0
community.sops 1.2.1
community.vmware 1.18.0
community.windows 1.9.0
community.zabbix 1.6.0
containers.podman 1.9.3
cyberark.conjur 1.1.0
cyberark.pas 1.0.13
dellemc.enterprise_sonic 1.1.0
dellemc.openmanage 4.4.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
f5networks.f5_modules 1.16.0
fortinet.fortimanager 2.1.5
fortinet.fortios 2.1.4
frr.frr 1.0.3
gluster.gluster 1.0.2
google.cloud 1.0.2
hetzner.hcloud 1.6.0
hpe.nimble 1.1.4
ibm.qradar 1.0.3
infinidat.infinibox 1.3.3
infoblox.nios_modules 1.2.1
inspur.sm 1.3.0
junipernetworks.junos 2.10.0
kubernetes.core 2.3.0
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.16.0
netapp.elementsw 21.7.0
netapp.ontap 21.18.1
netapp.storagegrid 21.10.0
netapp.um_info 21.8.0
netapp_eseries.santricity 1.3.0
netbox.netbox 3.7.0
ngine_io.cloudstack 2.2.3
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.1
openstack.cloud 1.8.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 1.6.6
purestorage.flasharray 1.12.1
purestorage.flashblade 1.9.0
sensu.sensu_go 1.13.1
servicenow.servicenow 1.0.6
splunk.es 1.0.2
t_systems_mms.icinga_director 1.29.0
theforeman.foreman 2.2.0
vyos.vyos 2.8.0
wti.remote 1.0.3
# /Users/a1022933/git/ansible-platforms/galaxy/collections/ansible_collections
Collection Version
-------------- -------
amazon.aws 4.1.0
community.aws 4.1.1
sensu.sensu_go 1.4.2
### AWS SDK versions
```console (paste below)
$ pip show boto boto3 botocore
```$ pip3 show boto boto3 botocore
WARNING: Package(s) not found: boto, boto3, botocore
### Configuration
```console (paste below)
$ ansible-config dump --only-changed
```$ ansible-config dump --only-changed
ANSIBLE_FORCE_COLOR(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = True
ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
COLLECTIONS_PATHS(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/galaxy/collections']
DEFAULT_HOST_LIST(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb']
DEFAULT_MODULE_PATH(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/ssm/community.aws/plugins/modules']
DEFAULT_ROLES_PATH(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ['/Users/unixuser/git/ansible-platforms/roles']
DEFAULT_STDOUT_CALLBACK(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = unixy
DEFAULT_TIMEOUT(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = 30
HOST_KEY_CHECKING(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = False
RETRY_FILES_ENABLED(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = False
TRANSFORM_INVALID_GROUP_CHARS(/Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg) = ignore
### OS / Environment
MacOS Monterey
### Steps to Reproduce
<!--- Paste example playbooks or commands between quotes below -->
```yaml (paste below)
- hosts: all
collections:
- community.aws
vars:
ansible_connection: community.aws.aws_ssm
ansible_aws_ssm_region: us-east-1
ansible_aws_ssm_bucket_name: 'sample-s3bucket-for-ansible'
tasks:
- shell: echo "Hello World"
### Expected Results
Expected the playbook run , but fails with error .
```$ ansible-playbook linux_file.yml
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
[ERROR]: /Users/unixuser/git/ansible-platforms/inventories/lib/Inv/Chef/Api/Search.rb:103: warning: URI.escape is obsolete
Executing playbook linux_file.yml
- all on hosts: all -
Gathering Facts...
i-01abdcdeghijk1234 failed | msg: The following modules failed to execute: ansible.legacy.setup
- Play recap -
i-01abdcdeghijk1234 : ok=0 changed=0 unreachable=0 failed=1 rescued=0 ignored=0
### Actual Results
```console (paste below)
```$ ansible-playbook linux_file.yml -vvvv
/usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
ansible-playbook [core 2.12.5]
config file = /Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg
configured module search path = ['/Users/unixuser/git/ansible-platforms/ssm/community.aws/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/unixuser/git/ansible-platforms/galaxy/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
jinja version = 3.1.2
libyaml = True
Using /Users/unixuser/git/ansible-platforms/playbooks/migration/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb as it did not pass its verify_file() method
[ERROR]: /Users/unixuser/git/ansible-platforms/inventories/lib/Inv/Chef/Api/Search.rb:103: warning: URI.escape is obsolete
Parsed /Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb inventory source with script plugin
Loading collection amazon.aws from /Users/unixuser/git/ansible-platforms/galaxy/collections/ansible_collections/amazon/aws
Loading collection community.aws from /Users/unixuser/git/ansible-platforms/galaxy/collections/ansible_collections/community/aws
redirecting (type: callback) ansible.builtin.unixy to community.general.unixy
Loading collection community.general from /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.unixy to community.general.unixy
Loading callback plugin community.general.unixy of type stdout, v2.0 from /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible_collections/community/general/plugins/callback/unixy.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Executing playbook linux_file.yml
Positional arguments: linux_file.yml
verbosity: 4
connection: smart
timeout: 30
become_method: sudo
tags: ('all',)
inventory: ('/Users/unixuser/git/ansible-platforms/inventories/migration/migration.rb',)
forks: 5
1 plays in linux_file.yml
- all on hosts: all -
Gathering Facts...
<i-01abdcdeghijk1234> ESTABLISH SSM CONNECTION TO: i-01abdcdeghijk1234
<i-01abdcdeghijk1234> SSM COMMAND: ['/usr/local/bin/session-manager-plugin', '{"SessionId": "[email protected]", "TokenValue": "AAEAAQOucPDuQTxc84YsPS4yW70aRt0X6AcUQrZ+nlrJkp8uAAAAAGMGdzYYRcx0LLvcGjzOoMW9VUsep+sjjswaFn6z/YfWOoxT3XlcrHYYm2zMjMBc3K+/nsd0XTJ1Mciei6+Od0QSvzkyOa0Hig6cief/zo5bi86hcYPGn5WMRpbBZkmq4OYedEbLBbxiEE4vRguL6soOGMSL2RmQMaautLmUMLLLG7rU5JK6SFiOHHMuGckB1SwyWjFSK9nK14s/toldXZa+5GsUZnSEdGLERJHzTisgPNHpOauzTt+IXlVBD70WmH1wEOQShQVT9jAkbcOZzSVSJVL9sQqGAFFWOfyrbT/KhBbzs8pvjaK6w5LqUcUm1UdmmW74/QK4GAWEupxTj4mB9TfwwGRROBip39spqrcy5zDQRKXFwtxerM8y1IaphtFyWVqqwjS2J/mFFVA893wwMWcePnOy3OaM5aptgajf8cL6hA==", "StreamUrl": "wss://ssmmessages.us-east-1.amazonaws.com/v1/data-channel/[email protected]?role=publish_subscribe&cell-number=AAEAAbi57Gjk86X7Kdm53YqwkgMN7PYx3d1oSIoUYt4MCohJAAAAAGMGdzbgsDWRSE5algnoOOnJcGpnSOjMKI6ZgmdJ1OfPpCqCEQ==", "ResponseMetadata": {"RequestId": "47f5c704-a5cf-4b54-9671-752979b6b75f", "HTTPStatusCode": 200, "HTTPHeaders": {"server": "Server", "date": "Wed, 24 Aug 2022 19:08:38 GMT", "content-type": "application/x-amz-json-1.1", "content-length": "809", "connection": "keep-alive", "x-amzn-requestid": "47f5c704-a5cf-4b54-9671-752979b6b75f"}, "RetryAttempts": 0}}', 'us-east-1', 'StartSession', '', '{"Target": "i-01abdcdeghijk1234"}', 'https://ssm.us-east-1.amazonaws.com']
<i-01abdcdeghijk1234> SSM CONNECTION ID: [email protected]
<i-01abdcdeghijk1234> EXEC ( umask 77 && mkdir -p "` echo /tmp/.ansible-/tmp `"&& mkdir "` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" && echo ansible-tmp-1661368117.597832-30918-210997495718512="` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" )
<i-01abdcdeghijk1234> _wrap_command: 'echo XOjNwpjBJdHzGwYdkDgpxNskpJ
( umask 77 && mkdir -p "` echo /tmp/.ansible-/tmp `"&& mkdir "` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" && echo ansible-tmp-1661368117.597832-30918-210997495718512="` echo /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512 `" )
echo $'\n'$?
echo mIYLgDyMzFAbzbbgzvzyOGzSFV
'
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: Starting session with SessionId: [email protected]
<i-01abdcdeghijk1234> EXEC remaining: 60
<i-01abdcdeghijk1234> EXEC stdout line: This session is encrypted using AWS KMS.
<i-01abdcdeghijk1234> EXEC remaining: 59
<i-01abdcdeghijk1234> EXEC stdout line: sh-4.2$ stty -echo
<i-01abdcdeghijk1234> EXEC stdout line: sh-4.2$ XOjNwpjBJdHzGwYdkDgpxNskpJ
<i-01abdcdeghijk1234> EXEC stdout line: ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: mIYLgDyMzFAbzbbgzvzyOGzSFV
<i-01abdcdeghijk1234> POST_PROCESS: ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512
0
<i-01abdcdeghijk1234> (0, 'ansible-tmp-1661368117.597832-30918-210997495718512=/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512\r\r', '')
<i-01abdcdeghijk1234> Attempting python interpreter discovery
<i-01abdcdeghijk1234> EXEC echo PLATFORM; uname; echo FOUND; command -v 'python3.10'; command -v 'python3.9'; command -v 'python3.8'; command -v 'python3.7'; command -v 'python3.6'; command -v 'python3.5'; command -v '/usr/bin/python3'; command -v '/usr/libexec/platform-python'; command -v 'python2.7'; command -v 'python2.6'; command -v '/usr/bin/python'; command -v 'python'; echo ENDFOUND
<i-01abdcdeghijk1234> _wrap_command: 'echo lqOZgwyroFqqwguAcWovvhgUrx
echo PLATFORM; uname; echo FOUND; command -v 'python3.10'; command -v 'python3.9'; command -v 'python3.8'; command -v 'python3.7'; command -v 'python3.6'; command -v 'python3.5'; command -v '/usr/bin/python3'; command -v '/usr/libexec/platform-python'; command -v 'python2.7'; command -v 'python2.6'; command -v '/usr/bin/python'; command -v 'python'; echo ENDFOUND
echo $'\n'$?
echo NEiUabHsNwYAhiFLBcBBthkDuE
'
<i-01abdcdeghijk1234> EXEC stdout line: lqOZgwyroFqqwguAcWovvhgUrx
<i-01abdcdeghijk1234> EXEC stdout line: PLATFORM
<i-01abdcdeghijk1234> EXEC stdout line: Linux
<i-01abdcdeghijk1234> EXEC stdout line: FOUND
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python3.6
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python3
<i-01abdcdeghijk1234> EXEC stdout line: /usr/libexec/platform-python
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python2.7
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python
<i-01abdcdeghijk1234> EXEC stdout line: /usr/bin/python
<i-01abdcdeghijk1234> EXEC stdout line: ENDFOUND
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: NEiUabHsNwYAhiFLBcBBthkDuE
<i-01abdcdeghijk1234> POST_PROCESS: PLATFORM
Linux
FOUND
/usr/bin/python3.6
/usr/bin/python3
/usr/libexec/platform-python
/usr/bin/python2.7
/usr/bin/python
/usr/bin/python
ENDFOUND
0
<i-01abdcdeghijk1234> (0, 'PLATFORM\r\r\nLinux\r\r\nFOUND\r\r\n/usr/bin/python3.6\r\r\n/usr/bin/python3\r\r\n/usr/libexec/platform-python\r\r\n/usr/bin/python2.7\r\r\n/usr/bin/python\r\r\n/usr/bin/python\r\r\nENDFOUND\r\r', '')
<i-01abdcdeghijk1234> Python interpreter discovery fallback (pipelining support required for extended interpreter discovery)
Using module file /usr/local/Cellar/ansible/5.7.1/libexec/lib/python3.10/site-packages/ansible/modules/setup.py
<i-01abdcdeghijk1234> PUT /Users/unixuser/.ansible/tmp/ansible-local-30910eqhqc8l8/tmpa3sam7uc TO /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> EXEC curl 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-01abdcdeghijk1234//tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJS7HRWAG%2F20220824%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220824T190844Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDQaCXVzLWVhc3QtMSJIMEYCIQDxDjggcpX82cwc0IE%2BMeZyRjrq7p9fPtLXA%2FRB4uxCywIhAKl0CEeL4nVVsBZ8%2BuFfR%2B4Qe%2FxVG08wxUSqF71ppY6zKpsDCKz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMMjQ1OTU2NzEyNDA0IgzbFx5Mkj9LBzFh5Lgq7wK2Q3EEQylKiJhE%2BBz9t%2BGYwOJ6ACzD52AIGg8jdatJS7PzIoWA3DnrqkJiTue3pRhUcwk%2FPjsAAxwEQ%2FmAPdfvB8i5SLR1YidorjxjaZDbSfh6tLoujK7uj94F2yAtmQRYGZcYHZZMR9zMrYYln08FFoHedF8qpYuVOv59ESjPjBIaD0RhkO%2FdVb3ZEUGPvwz1mpdg3RQByvqmGcnQwPKqzw6yE1STRh1o5DiRr%2Frda%2Bus8mJUmahIsy383FVSpWv5L9g8ytZLTbcEcVmBvsTxbLNpi71dMitmEMuTWFgBTCEnM%2F3Ewz3QozcUg3taBsjEvMlRGJ5NW2Y8p95q6HPao%2BCBPLncytcTLJabDJVTeOejCVw5MUh6C9x%2Bua1BEyWLJ3COVs4T6lz5MOp0xAK1w55orNcYvhFmyxRI58rhKRGZKCYfpVl1jTi0sLCfqVDJF9HjSXuLbgBVoLobW4bbn2DgVGNIoUVQiZZQWhcBMLzumZgGOqUBsBtxQve8qoT%2FXtQbTKhHgrBDJfTkTV3sKXez49nOj8%2F8RLsa9teJXU4tEkJxYq8v1aEnbENH34VDJwYX%2B2Gn8%2BvdWOPZRRzFyLGpovPARB7Xox4Cpw4BnPiyuiWVbiM4yx12EZh7Pix06TVdAdVO4nyzA6MHEC08Abk%2FQiMpDQtesoxEHBsxoi3%2BTkfgcLgtYb92NzhhA40V2n8v5aIIwrX5E0Or&X-Amz-Signature=61b4966723c596ad074fdec22c943d3fa5a5a8efdd7b9588c9ed488b7e4042be' -o '/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py'
<i-01abdcdeghijk1234> _wrap_command: 'echo byKZxgUKGdcRGaTRjPBirXPQbt
curl 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-01abdcdeghijk1234//tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJS7HRWAG%2F20220824%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220824T190844Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDQaCXVzLWVhc3QtMSJIMEYCIQDxDjggcpX82cwc0IE%2BMeZyRjrq7p9fPtLXA%2FRB4uxCywIhAKl0CEeL4nVVsBZ8%2BuFfR%2B4Qe%2FxVG08wxUSqF71ppY6zKpsDCKz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMMjQ1OTU2NzEyNDA0IgzbFx5Mkj9LBzFh5Lgq7wK2Q3EEQylKiJhE%2BBz9t%2BGYwOJ6ACzD52AIGg8jdatJS7PzIoWA3DnrqkJiTue3pRhUcwk%2FPjsAAxwEQ%2FmAPdfvB8i5SLR1YidorjxjaZDbSfh6tLoujK7uj94F2yAtmQRYGZcYHZZMR9zMrYYln08FFoHedF8qpYuVOv59ESjPjBIaD0RhkO%2FdVb3ZEUGPvwz1mpdg3RQByvqmGcnQwPKqzw6yE1STRh1o5DiRr%2Frda%2Bus8mJUmahIsy383FVSpWv5L9g8ytZLTbcEcVmBvsTxbLNpi71dMitmEMuTWFgBTCEnM%2F3Ewz3QozcUg3taBsjEvMlRGJ5NW2Y8p95q6HPao%2BCBPLncytcTLJabDJVTeOejCVw5MUh6C9x%2Bua1BEyWLJ3COVs4T6lz5MOp0xAK1w55orNcYvhFmyxRI58rhKRGZKCYfpVl1jTi0sLCfqVDJF9HjSXuLbgBVoLobW4bbn2DgVGNIoUVQiZZQWhcBMLzumZgGOqUBsBtxQve8qoT%2FXtQbTKhHgrBDJfTkTV3sKXez49nOj8%2F8RLsa9teJXU4tEkJxYq8v1aEnbENH34VDJwYX%2B2Gn8%2BvdWOPZRRzFyLGpovPARB7Xox4Cpw4BnPiyuiWVbiM4yx12EZh7Pix06TVdAdVO4nyzA6MHEC08Abk%2FQiMpDQtesoxEHBsxoi3%2BTkfgcLgtYb92NzhhA40V2n8v5aIIwrX5E0Or&X-Amz-Signature=61b4966723c596ad074fdec22c943d3fa5a5a8efdd7b9588c9ed488b7e4042be' -o '/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py'
echo $'\n'$?
echo TGQYHnjuiuYzirdpmMFcsrMJVM
'
<i-01abdcdeghijk1234> EXEC stdout line: byKZxgUKGdcRGaTRjPBirXPQbt
<i-01abdcdeghijk1234> EXEC stdout line: % Total % Received % Xferd Average Speed Time Time Time Current
<i-01abdcdeghijk1234> EXEC stdout line: Dload Upload Total Spent Left Speed
100 243 0 243 0 0 1311 0 --:--:-- --:--:-- --:--:-- 1335
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: TGQYHnjuiuYzirdpmMFcsrMJVM
<i-01abdcdeghijk1234> POST_PROCESS: % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 243 0 243 0 0 1311 0 --:--:-- --:--:-- --:--:-- 1335
0
<i-01abdcdeghijk1234> (0, ' % Total % Received % Xferd Average Speed Time Time Time Current\r\r\n Dload Upload Total Spent Left Speed\r\r\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 243 0 243 0 0 1311 0 --:--:-- --:--:-- --:--:-- 1335\r\r', '')
<i-01abdcdeghijk1234> (0, ' % Total % Received % Xferd Average Speed Time Time Time Current\r\r\n Dload Upload Total Spent Left Speed\r\r\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 243 0 243 0 0 1311 0 --:--:-- --:--:-- --:--:-- 1335\r\r', '')
<i-01abdcdeghijk1234> EXEC chmod u+x /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> _wrap_command: 'echo bOsvBsXNffhJywcyKOSzdFUQey
chmod u+x /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
echo $'\n'$?
echo vUpRBflbwqLMswehWeOpxAKnZa
'
<i-01abdcdeghijk1234> EXEC stdout line: bOsvBsXNffhJywcyKOSzdFUQey
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: vUpRBflbwqLMswehWeOpxAKnZa
<i-01abdcdeghijk1234> POST_PROCESS:
0
<i-01abdcdeghijk1234> (0, '\r', '')
<i-01abdcdeghijk1234> EXEC /usr/bin/python3.6 /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
<i-01abdcdeghijk1234> _wrap_command: 'echo sbcbriaByAowNwRncpxvIMlkWw
sudo /usr/bin/python3.6 /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py
echo $'\n'$?
echo rkmfDZnYPgkfvtpyGYqEoubjnw
'
<i-01abdcdeghijk1234> EXEC stdout line: sbcbriaByAowNwRncpxvIMlkWw
<i-01abdcdeghijk1234> EXEC stdout line: File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
<i-01abdcdeghijk1234> EXEC stdout line: <?xml version="1.0" encoding="UTF-8"?>
<i-01abdcdeghijk1234> EXEC stdout line: ^
<i-01abdcdeghijk1234> EXEC stdout line: SyntaxError: invalid syntax
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 1
<i-01abdcdeghijk1234> EXEC stdout line: rkmfDZnYPgkfvtpyGYqEoubjnw
<i-01abdcdeghijk1234> POST_PROCESS: File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
<?xml version="1.0" encoding="UTF-8"?>
^
SyntaxError: invalid syntax
1
<i-01abdcdeghijk1234> (1, ' File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1\r\r\n <?xml version="1.0" encoding="UTF-8"?>\r\r\n ^\r\r\nSyntaxError: invalid syntax\r\r', '')
<i-01abdcdeghijk1234> EXEC rm -f -r /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ > /dev/null 2>&1
<i-01abdcdeghijk1234> _wrap_command: 'echo RNeklYXUoVoBRBxsaCQvSHZvzM
rm -f -r /tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/ > /dev/null 2>&1
echo $'\n'$?
echo GwmXWvOGaBoHZrFKewhSysLbMN
'
<i-01abdcdeghijk1234> EXEC stdout line: RNeklYXUoVoBRBxsaCQvSHZvzM
<i-01abdcdeghijk1234> EXEC stdout line:
<i-01abdcdeghijk1234> EXEC stdout line: 0
<i-01abdcdeghijk1234> EXEC stdout line: GwmXWvOGaBoHZrFKewhSysLbMN
<i-01abdcdeghijk1234> POST_PROCESS:
0
<i-01abdcdeghijk1234> (0, '\r', '')
<i-01abdcdeghijk1234> CLOSING SSM CONNECTION TO: i-01abdcdeghijk1234
<i-01abdcdeghijk1234> TERMINATE SSM SESSION: [email protected]
i-01abdcdeghijk1234 failed | msg: The following modules failed to execute: ansible.legacy.setup
- Play recap -
i-01abdcdeghijk1234 : ok=0 changed=0 unreachable=0 failed=1 rescued=0 ignored=0
### Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
the component names has been updated bot_broken
community.aws.aws_ssm, ansible.legacy.setup
I also came across the same problem. In the end, my problem was the permissions of the IAM user which is executing Ansible. You can see it in the line, which is problematic for the syntax error:
<i-01abdcdeghijk1234> EXEC stdout line: File "/tmp/.ansible-/tmp/ansible-tmp-1661368117.597832-30918-210997495718512/AnsiballZ_setup.py", line 1
<i-01abdcdeghijk1234> EXEC stdout line: <?xml version="1.0" encoding="UTF-8"?>
<i-01abdcdeghijk1234> EXEC stdout line: ^
<i-01abdcdeghijk1234> EXEC stdout line: SyntaxError: invalid syntax
Normally S3 is responding with an XML style when there is an error, which might be the case here. You have to make sure that all the presigned URL which are created by Ansible can also be executed on the host.
@jon-rei I have the IAM role attached to the instance has the below policy for the S3 bucket. Is there anything specific missing ?
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::sample-s3bucket-for-ansible/*"
]
}
]
}
curl 'https://.s3.amazonaws.com' to the presigned always uses non-regional URL and also tried to do a curl from the instance which is showing HTTP/1.1 403 Forbidden with different set of results with non-regional & regional endpoints. Any thoughts ?
I have the ENV variable added ['ansible_aws_ssm_region'] = 'us-east-1' which doesn't make any change as its still taking only non-regional endpoint.
**CURL TO REGIONAL ENDPOINT:**
sh-4.2$ curl -i 'https://sample-s3bucket-for-ansible.s3.us-east-1.amazonaws.com/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220830T183010Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&X-Amz-Signature=364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181'
HTTP/1.1 403 Forbidden
x-amz-request-id: T1N1N31VWNJC7HGZ
x-amz-id-2: Yqtae6c+Q2g3i6NF3ezZjhPrq2zSXF5ZgKwU4wEc1JJXBh0L6IewJwKfX2Hvy1KwXAjQk+JLNqI=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 30 Aug 2022 18:44:45 GMT
Server: AmazonS3
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ASIATSRBJS7KJKFL4SGN</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20220830T183010Z
20220830/us-east-1/s3/aws4_request
c65bb0f7e9728d08e4b8995675441b0211e34cac65937ac79fda53476bb371a6</StringToSign><SignatureProvided>364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 32 30 38 33 30 54 31 38 33 30 31 30 5a 0a 32 30 32 32 30 38 33 30 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 63 36 35 62 62 30 66 37 65 39 37 32 38 64 30 38 65 34 62 38 39 39 35 36 37 35 34 34 31 62 30 32 31 31 65 33 34 63 61 63 36 35 39 33 37 61 63 37 39 66 64 61 35 33 34 37 36 62 62 33 37 31 61 36</StringToSignBytes><CanonicalRequest>GET
/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220830T183010Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&X-Amz-SignedHeaders=host
host:sample-s3bucket-for-ansible.s3.us-east-1.amazonaws.com
host
UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 69 2d 30 38 64 62 63 63 34 36 64 61 37 63 31 39 37 34 30 2f 2f 74 6d 70 2f 2e 61 6e 73 69 62 6c 65 2d 2f 74 6d 70 2f 61 6e 73 69 62 6c 65 2d 74 6d 70 2d 31 36 36 31 38 38 34 31 39 39 2e 37 33 31 32 36 39 38 2d 36 38 32 33 33 2d 32 34 33 39 37 39 30 35 30 34 35 36 37 2f 41 6e 73 69 62 61 6c 6c 5a 5f 70 69 6e 67 2e 70 79 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 53 49 41 54 53 52 42 4a 53 37 4b 4a 4b 46 4c 34 53 47 4e 25 32 46 32 30 32 32 30 38 33 30 25 32 46 75 73 2d 65 61 73 74 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 32 30 38 33 30 54 31 38 33 30 31 30 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 65 63 75 72 69 74 79 2d 54 6f 6b 65 6e 3d 49 51 6f 4a 62 33 4a 70 5a 32 6c 75 58 32 56 6a 45 4d 50 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 45 61 43 58 56 7a 4c 57 56 68 63 33 51 74 4d 53 4a 47 4d 45 51 43 49 46 77 5a 34 37 71 65 4c 58 73 37 6e 72 54 46 6d 35 41 42 53 6d 63 48 4e 62 6d 51 68 76 6e 25 32 42 50 67 4d 64 74 34 6f 47 49 66 41 39 41 69 42 50 6e 70 74 57 53 4f 5a 6a 35 79 74 5a 25 32 42 73 4a 69 70 49 52 52 49 6a 47 39 6e 49 6f 34 52 6a 61 51 57 59 61 61 47 56 4c 37 72 53 71 53 41 77 68 4d 45 41 41 61 44 44 49 30 4e 54 6b 31 4e 6a 63 78 4d 6a 51 77 4e 43 49 4d 68 76 6b 25 32 42 52 56 73 73 64 4f 57 55 58 62 57 32 4b 75 38 43 50 73 51 6f 25 32 46 6c 67 42 6e 78 32 6a 35 49 52 71 7a 4c 31 4f 38 46 6e 75 57 38 25 32 42 46 69 7a 57 46 67 44 6e 72 42 66 6b 71 55 6b 46 34 4a 70 6d 49 7a 57 6d 44 30 42 31 65 43 74 63 42 4c 50 25 32 42 37 6f 73 4a 4c 43 4f 43 31 51 41 73 47 32 62 76 43 37 78 62 4d 6f 65 64 75 56 66 63 42 70 56 48 4f 45 49 33 43 4b 37 61 71 73 65 64 71 58 45 78 76 52 43 61 39 52 4a 4f 6c 69 67 75 36 38 5a 65 38 35 44 6c 79 72 49 65 48 50 6d 50 73 77 34 6f 6f 75 72 43 4c 5a 75 4a 77 63 61 32 55 32 6b 72 66 39 36 65 76 6d 37 65 33 4e 4f 44 4f 70 25 32 42 62 39 34 4f 61 63 65 41 4d 67 6a 66 72 4a 59 4e 58 48 52 39 6b 62 67 5a 4d 32 45 55 41 78 72 67 7a 4d 41 25 32 46 55 6e 61 47 6a 4a 6d 4c 6c 79 71 33 35 6b 51 76 33 67 4a 32 74 46 4d 45 6c 42 45 30 74 79 44 55 70 59 61 30 4f 32 6c 38 35 6d 71 4a 43 74 31 50 6b 38 68 66 35 69 65 78 4f 30 63 61 33 4e 4a 5a 55 78 61 78 25 32 42 55 58 51 57 51 25 32 42 56 46 6c 55 42 76 49 64 50 4c 61 36 4c 48 4a 46 59 63 51 72 62 54 4f 57 79 50 50 54 56 4a 36 51 79 38 6a 75 36 4b 57 65 32 70 66 34 34 44 76 34 64 49 32 4e 74 45 53 70 33 58 47 39 61 53 44 31 31 6d 78 65 77 37 4d 71 34 35 71 5a 7a 62 51 59 76 4a 51 72 71 44 56 50 66 45 32 4b 59 25 32 42 48 54 56 50 70 36 4d 6a 55 41 33 43 31 32 25 32 42 73 43 59 32 7a 76 35 6d 57 70 34 43 37 55 61 67 68 76 53 4f 56 55 69 52 4d 47 67 7a 75 4d 53 7a 41 64 68 49 46 4a 46 58 71 77 30 36 49 4e 49 25 32 46 36 70 7a 70 56 6e 58 25 32 46 75 57 65 5a 5a 49 41 32 56 56 37 72 6f 7a 38 4e 43 6c 4c 64 77 45 67 51 6f 48 34 4f 66 25 32 46 74 58 37 75 74 41 75 78 75 54 43 79 72 72 6d 59 42 6a 71 6e 41 5a 32 62 4d 7a 53 44 55 65 51 37 56 33 53 46 41 59 72 4c 5a 34 64 31 4c 5a 54 33 4c 34 77 4c 6d 45 6b 50 41 36 48 4c 79 7a 38 4f 70 71 44 56 49 4b 78 4b 4c 6e 58 52 72 68 5a 25 32 46 54 79 38 45 75 44 4c 4a 79 77 78 4f 51 68 35 51 42 70 25 32 42 4d 33 58 77 58 6f 45 6e 53 35 74 38 54 51 69 48 4a 70 7a 65 74 65 4d 35 75 6b 35 6e 39 58 46 43 5a 5a 4b 66 63 4f 44 46 57 30 41 35 6a 77 6b 6e 64 77 4c 63 49 59 4b 30 4b 35 76 49 25 32 46 78 6e 77 52 34 4a 61 68 49 6d 6e 6a 31 4b 54 4d 53 57 61 32 35 38 73 64 70 63 45 4f 73 4c 6c 73 74 38 54 67 7a 6c 4a 53 51 6a 6a 5a 36 39 74 65 66 6e 45 58 69 6b 32 70 55 64 6f 45 61 74 39 63 63 25 32 46 72 31 54 4d 48 54 75 39 59 4c 33 33 35 73 6d 43 38 64 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 62 62 79 2d 73 65 2d 6c 7a 2d 77 69 6e 64 6f 77 73 2d 61 6e 73 69 62 6c 65 2e 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>T1N1N31VWNJC7HGZ</RequestId><HostId>Yqtae6c+Q2g3i6NF3ezZjhPrq2zSXF5ZgKwU4wEc1JJXBh0L6IewJwKfX2Hvy1KwXAjQk+JLNqI=</HostId></Error>sh-4.2$
**CURL TO NON-REGIONAL ENDPOINT:**
sh-4.2$ curl -i 'https://sample-s3bucket-for-ansible.s3.amazonaws.com/i-08dbcc46da7c19740//tmp/.ansible-/tmp/ansible-tmp-1661884199.7312698-68233-2439790504567/AnsiballZ_ping.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIATSRBJS7KJKFL4SGN%2F20220830%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220830T183010Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIFwZ47qeLXs7nrTFm5ABSmcHNbmQhvn%2BPgMdt4oGIfA9AiBPnptWSOZj5ytZ%2BsJipIRRIjG9nIo4RjaQWYaaGVL7rSqSAwhMEAAaDDI0NTk1NjcxMjQwNCIMhvk%2BRVssdOWUXbW2Ku8CPsQo%2FlgBnx2j5IRqzL1O8FnuW8%2BFizWFgDnrBfkqUkF4JpmIzWmD0B1eCtcBLP%2B7osJLCOC1QAsG2bvC7xbMoeduVfcBpVHOEI3CK7aqsedqXExvRCa9RJOligu68Ze85DlyrIeHPmPsw4oourCLZuJwca2U2krf96evm7e3NODOp%2Bb94OaceAMgjfrJYNXHR9kbgZM2EUAxrgzMA%2FUnaGjJmLlyq35kQv3gJ2tFMElBE0tyDUpYa0O2l85mqJCt1Pk8hf5iexO0ca3NJZUxax%2BUXQWQ%2BVFlUBvIdPLa6LHJFYcQrbTOWyPPTVJ6Qy8ju6KWe2pf44Dv4dI2NtESp3XG9aSD11mxew7Mq45qZzbQYvJQrqDVPfE2KY%2BHTVPp6MjUA3C12%2BsCY2zv5mWp4C7UaghvSOVUiRMGgzuMSzAdhIFJFXqw06INI%2F6pzpVnX%2FuWeZZIA2VV7roz8NClLdwEgQoH4Of%2FtX7utAuxuTCyrrmYBjqnAZ2bMzSDUeQ7V3SFAYrLZ4d1LZT3L4wLmEkPA6HLyz8OpqDVIKxKLnXRrhZ%2FTy8EuDLJywxOQh5QBp%2BM3XwXoEnS5t8TQiHJpzeteM5uk5n9XFCZZKfcODFW0A5jwkndwLcIYK0K5vI%2FxnwR4JahImnj1KTMSWa258sdpcEOsLlst8TgzlJSQjjZ69tefnEXik2pUdoEat9cc%2Fr1TMHTu9YL335smC8d&X-Amz-Signature=364b2d4d93c22c49b7881b7dcd38a5408c14e27b0995430383a7453647d92181'
HTTP/1.1 403 Forbidden
x-amz-request-id: PZGCYE05S3X67K3W
x-amz-id-2: ocQnxjpKCfXzaAki+gYP8LZIfbZTZBHRls5tZ83bPajDU9jxUYQGpkoKcRjISuVU+Rh/+/svsb8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 30 Aug 2022 18:45:03 GMT
Server: AmazonS3
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>PZGCYE05S3X67K3W</RequestId><HostId>ocQnxjpKCfXzaAki+gYP8LZIfbZTZBHRls5tZ83bPajDU9jxUYQGpkoKcRjISuVU+Rh/+/svsb8=</HostId></Error>sh-4.2$
My policy looks like this:
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket/*",
"arn:aws:s3:::my-bucket"
],
}
s3:GetBucketLocation just needs the bucket-arn.
Do you have Server Side Encryption enabled on your S3 bucket with a custom KMS key? This could also lead to the permission issue you're having.
@jon-rei yes SSE is enabled on the S3 with AWS Key Management Service key (SSE-KMS).
Disabled the SSE on the bucket and still seeing Access Denied. I don't know what is blocking this.
@jon-rei It appears that the pre-signed URL is using the credentials on my local which does works only locally and per IAM profile blocking which is not coming from allowed set of subnets when the curl is ran from the server. Is there a way to use this S3 to just copy the file and then run from sensible playbook or if there is any alternate way of setting this up ? I ran out of ideas now.
Yes, I also came across exactly this issue. In my case, the permission boundary of the IAM user caused this issue. Alternatively to using the ssm plugin, you could set up ssh to use the session manager connection, described here: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html
I'm not using windows on my end. The only option for you would be to change the local IAM user you are using. Probably the GetObject is restricted by a permission boundary to only work from a specific IP range.
I'm facing the same issue, where I'm getting this error
<?xml version="1.0" encoding="UTF-8"?>
^
SyntaxError: invalid syntax
If I choose an existing old bucket, ansible-playbook runs successfully, but with new created bucket it fails with that error, although I choose the same configuration..
the content of the /AnsiballZ_command.py file:
cat ansible-tmp-1664302386.380288-16105-194981428431824/AnsiballZ_command.py
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>TemporaryRedirect</Code><Message>Please re-send this request to the specified temporary endpoint. Continue to use the original request endpoint for future requests.</Message><Endpoint>....
All my cases where I had errors which resulted in having a .py file with XML content in it where because of missing permissions to get the files from the S3 bucket. In your case you probably need to check if the IAM user has sufficient permissions on the newly created bucket.
Can we create new IAM user to use for creating pre-signed url to run the ansible playbooks ? The organization SSO has restrictions for source IP address with my current SSO to run this locally using the profile. Any alternative to override or copy the playbooks to successfully run ? I was never able to get this working .
Sorry it's taken a while to get back to you on this.
This is a known issue and should be fixed by #1669 and explicitly setting ansible_aws_ssm_s3_addressing_style: virtual.
The problem is usually caused by the AWS SDK returning a presigned URL which uses the global S3 endpoint, unfortunately, when you're using a new S3 bucket, the propagation of that bucket to the 'global' endpoints can take up to 24 hours. This results in the 'redirect' you're seeing. However, telling curl to follow that redirect results in an error message.
An alternative work around is just to keep an S3 bucket about that's used for this process. Once its existence has propagated the presigned URL works.
Note: #1669 will be available with release 5.2.0 of the community.aws collection