community.aws icon indicating copy to clipboard operation
community.aws copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Use HeadBucket instead of GetBucketLocation (#1979)

Open raulpedroche opened this issue 8 months ago • 18 comments

SUMMARY

Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint().

The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account.

Fixes #1979.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

aws_ssm

ADDITIONAL INFORMATION

The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead.

# Before change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""}

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0 

# After change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered
Python interpreter at /usr/libexec/platform-python, but future installation of
another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [i-00a8cb5930bd5f7dc]

TASK [Ping] ********************************************************************
ok: [i-00a8cb5930bd5f7dc]

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

raulpedroche avatar Oct 25 '23 07:10 raulpedroche