Trying to fetch secrets from another AWS account using ansible. Do we have any option to use I am role arn of the secret aws account to fetch parameters. Because every instance that we are creating will have linked with this secrets AWS accounts ARN.
IAMSECRETARN : arn:aws:iam::xxxxxxxx:role/service/xxx-xxxx-xxxxx-xxxxx-xxx-79392xx94110xxxx
---
- name: Testing shared Roles
hosts: all
tasks:
- name: lookup a key which doesn't exist failing to store it in a fact
set_fact:
temp_secret: "{{ lookup('aws_ssm', '/xxx/xxx/xxx/ansible-tower/admin_password' region='us-east-1', aws_profile='xxx-xxx-xxx') }}"
ignore_errors: true
- name: SSM PARAMS
debug:
msg: "{{ temp_secret }}"
Instead of "profile" need to use the "arn" or any other method without secret and access key
I DID WITH THE BELOW CODE AS OF NOW:
---
- name: ssm parameter
hosts: localhost
gather_facts: false
connection: local
tasks:
- sts_assume_role:
role_arn: "arn:aws:iam::xxxxxxx:role/xxxxx/xxxxxx"
role_session_name: "ssm"
region: us-east-1
register: assumed_role
no_log: true
- name: lookup ssm parameter
debug: msg="{{ lookup('aws_ssm', '/xxx/xxx/xxx/xxxx/database_password', region='us-east-1', aws_access_key=assumed_role.sts_creds.access_key, aws_secret_key=assumed_role.sts_creds.secret_key, aws_security_token=assumed_role.sts_creds.session_token ) }}"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.