Ansible dynamic inventory: Authentication error retrieving ec2 inventory

Question

I am using Ansible's Dynamic Inventory feature to connect to the ec2 instances in AWS account using below:

AWS_PROFILE=personal ansible-playbook cifarm.yml -C

I have copied the https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.py into and https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.ini file under inventory directory.

On running AWS_PROFILE=personal ansible-playbook cifarm.yml -C, it throws below error:

Output: ERROR: Inventory script (inventory/ec2.py) had an execution error: ERROR: "Authentication error retrieving ec2 inventory. - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct - Boto configs found at '~/.boto, ~/.aws/credentials', but the credentials contained may not be correct", while: getting EC2 instances

I am running the playbook from a MAC OS. Please note that I am able to run below successfully:

aws ec2 describe-instances --page-size 5 --profile personal

This prooves that the credentials are correct and also I have exported the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

I tried to execute the inventory/ec2.py file as below:

./ec2.py --list

And it comes back with the same error. I saw a post where it was suggested to update the time on the machine, I am running the playbook. So I ran ntpdate -u

But the issue still persists. I have no idea what is the reason. Any help/suggestions is much appreciated.

Answer 1

I managed to resolve the issue. Explaining it here for others to benefit. When I generated the aws credentials for AWS_PROFILE= personal, I had values for below environment variables in ~/.aws/credentials:

1. aws_access_key_id
2. aws_secret_access_key
3. aws_session_token.

However if you look in the ec2.py, it expects variable value called aws_security_token. So all I did was changed the variable name from aws_session_token to aws_security_token in ~/.aws/credentials.

And voila. Works fine.