Reputation: 43
creating AWS S3 bucket with Ansible
Below is my yml file to create S3 bucket. For security purpose i have not pasted here actual aws_access_key and aws_secret_key just showing them as ***** in the snippet below. I have installed boto3, boto,AWS CLI on the Ec2 instance which is having Ansible installed on it.
---
- hosts: localhost
tasks:
- name: Create an S3 bucket
become: true
aws_s3: aws_access_key=****** aws_secret_key=**** bucket=testbuck mode=create permission=public-read region=us-east-1
when i execute above yml file using ansible-playbook command then it gives exception as shown below. Please help me to fix this issue so that a S3 bucket with name "testbuck" gets created.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden
fatal: [localhost]: FAILED! => {"boto3_version": "1.10.44", "botocore_version": "1.13.44", "changed": false, "error": {"code": "403", "message": "Forbidden"}, "msg": "Failed while looking up bucket (during bucket_check) testbuck.: An error occurred (403) when calling the HeadBucket operation: Forbidden", "response_metadata": {"host_id": "OmIY2bLkh4T4JwxD/UJsM47n7oUUS6ttEL9ZMl+vv66bVsLcwQuP2pzAGr05m1LdtznYudrrapk=", "http_headers": {"content-type": "application/xml", "date": "Fri, 17 Jan 2020 16:54:49 GMT", "server": "AmazonS3", "transfer-encoding": "chunked", "x-amz-bucket-region": "us-east-1", "x-amz-id-2": "OmIY2bLkh4T4JwxD/UJsM47n7oUUS6ttEL9ZMl+vv66bVsLcwQuP2pzAGr05m1LdtznYudrrapk=", "x-amz-request-id": "51740FB276A10A18"}, "http_status_code": 403, "request_id": "51740FB276A10A18", "retry_attempts": 0}}
Upvotes: 2
Views: 4585
Answers (3)
Reputation: 1
The HeadBucket action is to check if an s3 bucket exists and you have permissions to it. To use this operation your IAM role/user must have the ability to perform s3:ListBucket action. The bucket owner has this permission by default and grant this permission to other. For more information refer to the s3 official documentation https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html
Upvotes: 0
Reputation: 1
You should need to check whether s3:ListBucket access is there. This is the official s3 documentation https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html
Upvotes: 0
Reputation: 2532
By default the Ansible command runs with check if a bucket exists before creating it. Maybe the IAM user you use doesn't have the permissions to check if the bucket exists. Try to add:
aws_s3: ... ignore_nonexistent_bucket: True
Or grant the s3:ListBucket permission to the user.
Upvotes: 1
Related Questions
- How to upload a folder to aws s3 recursivly using ansible
- AWS s3 private bucket creation
- I'm not able to create bucket in Amazon S3 using AWS CLI
- Unable to create a bucket in s3
- Create EC2 instance by Ansible with aws credentials
- Ansible aws s3 fails on directory checksuom when getting an object
- Ansible and s3 module
- AWS - S3 - Create bucket which is already existing - through CLI
- Aws passing credentials to ansible s3 module
- AWS provision with ansible