ssm connection: pull bucket region info rather than taking from regio…

…n var (#1176) (#1290) [PR #1176/1be7da11 backport][stable-3] ssm connection: pull bucket region info rather than taking from region var This is a backport of PR #1176 as merged into main (1be7da1). SUMMARY Fix issue where syntax error is reported if using ssm connection and the target node is located in a different region to the s3 bucket. Fixes #1190, #637 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin ADDITIONAL INFORMATION When using SSM for ansible connection and the target node is in a different region to the s3 bucket used, the playbook immediately errors with the following. (There are no issues when both target and s3 bucket are in the same region) fatal: [i-04444a7f03cc2bffd]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"failed": true, "module_stderr": "", "module_stdout": " File \"/tmp/ansible/ansible-tmp-1653576081.8378458-29658-258097978113216/AnsiballZ_setup.py\", line 1\r\r\n <?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\r\n ^\r\r\nSyntaxError: invalid syntax\r\r", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"} The tmp file has the following contents <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AuthorizationQueryParametersError</Code><Message>Error parsing the X-Amz-Credential parameter; the region 'us-east-1' is wrong; expecting 'eu-west-1'</Message><Region>eu-west-1</Region><RequestId>4VTAGR4C1V9ATBJT</RequestId><HostId>OahjGsFQHlr3ihxobH/yyH7Mzxq98mwjcb6+J3Y2EifDU7FykCe8b6QJTNodIG5WSquVeJF+Zsk=</HostId></Error> Steps to reproduce: run an ansible playbook using the following: aws_ec2 inventory aws_ssm connection type specify an s3 bucket (ansible_aws_ssm_bucket_name var) that is in a different location to the target node The presigned url generated includes the region the s3 bucket is in, so this region must be used for the session obtained in the _get_url function. Reviewed-by: Mark Chappell <None>
ansible-collections · Jun 30, 2022 · 9f44d3c · 9f44d3c
1 parent 24259ab
commit 9f44d3c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/changelogs/fragments/1176-ssm-connection-plugin-region-fix.yml b/changelogs/fragments/1176-ssm-connection-plugin-region-fix.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - aws_ssm - pull S3 bucket region for session generated for file transfer during playbooks (https://github.com/ansible-collections/community.aws/issues/1190).
diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py
@@ -534,7 +534,12 @@ def _flush_stderr(self, subprocess):
 
     def _get_url(self, client_method, bucket_name, out_path, http_method, profile_name, extra_args=None):
         ''' Generate URL for get_object / put_object '''
-        region_name = self.get_option('region') or 'us-east-1'
+
+        bucket_location = boto3.client('s3').get_bucket_location(
+            Bucket=(self.get_option('bucket_name')),
+        )
+        region_name = bucket_location['LocationConstraint']
+
         client = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name)
         params = {'Bucket': bucket_name, 'Key': out_path}
         if extra_args is not None:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- aws_ssm - pull S3 bucket region for session generated for file transfer during playbooks (https://github.com/ansible-collections/community.aws/issues/1190).