aws_ec2 inventory plugin: backport/2.5/40240 (#40277)

* Add fallback check for IAM role temp creds (#40240) * Add fallback check for IAM role temp creds (cherry picked from commit d5a5e37fcf) * changelog * Fix changelog * Fix fix changelog
2018-05-17 01:47:07 -04:00 · 2018-05-17 01:47:07 -04:00 · ae2453850e
commit ae2453850e
parent 136e8a1e58
2 changed files with 10 additions and 0 deletions
--- a/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
+++ b/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fallback to instance role STS credentials if none are explicitly provided for the aws_ec2 inventory plugin
--- a/lib/ansible/plugins/inventory/aws_ec2.py
+++ b/lib/ansible/plugins/inventory/aws_ec2.py
@ -440,6 +440,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        self.aws_secret_access_key = self._options.get('aws_secret_access_key')
        self.aws_security_token = self._options.get('aws_security_token')

+        if not self.boto_profile and not (self.aws_access_key_id and self.aws_secret_access_key):
+            session = botocore.session.get_session()
+            if session.get_credentials() is not None:
+                self.aws_access_key_id = session.get_credentials().access_key
+                self.aws_secret_access_key = session.get_credentials().secret_key
+                self.aws_security_token = session.get_credentials().token
+
        if not self.boto_profile and not (self.aws_access_key_id and self.aws_secret_access_key):
            raise AnsibleError("Insufficient boto credentials found. Please provide them in your "
                               "inventory configuration file or set them as environment variables.")