Skip to content

SSM connection doesn't use regional S3 endpoint #1190

New issue
New issue
Closed
#1176
Closed
SSM connection doesn't use regional S3 endpoint#1190
#1176
Labels
bugThis issue/PR relates to a bugneeds_triagepython3
@davidgiga1993

Description

@davidgiga1993
davidgiga1993
opened on Jun 1, 2022

Summary

When using ansible_connection: aws_ssm the url used to download data from a bucket is always *.s3.amazonaws.com regardless of the region specified in ansible_aws_ssm_region.

This causes issues since in restricted environments the EC2 instance has to use the S3 gateway endpoint which is only available using the region specific url, for example *.s3.eu-central-1.amazonaws.com

Issue Type

Bug Report

Component Name

s3

Ansible Version

$ ansible --version
ansible [core 2.12.6]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ssm-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ssm-user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Apr  2 2022, 09:04:19) [GCC 11.2.0]
  jinja version = 3.0.3
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto3
Version: 1.24.0
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.8/dist-packages
Requires: s3transfer, botocore, jmespath
Required-by:
---
Name: botocore
Version: 1.27.0
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.8/dist-packages
Requires: python-dateutil, jmespath, urllib3
Required-by: s3transfer, boto3

Configuration

$ ansible-config dump --only-changed

OS / Environment

Ubuntu 22

Steps to Reproduce

ll:
  hosts:
    test:
      ansible_connection: aws_ssm
      ansible_aws_ssm_instance_id: "i-...."

  vars:
    ansible_aws_ssm_bucket_name: my-bucket
    ansible_aws_ssm_region: eu-central-1

Expected Results

Ansible should use the region specific s3 url for download

Actual Results

EXEC curl 'https://my-bucket.s3.amazonaws.com/...

Code of Conduct

  • I agree to follow the Ansible Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis issue/PR relates to a bugneeds_triagepython3

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions