Hello,
I am using ansible to launch ec2 instances . As part of that using ADFS
SAML integration.
#### Playbook
---
- name: Ansible test
hosts: localhost
tasks:
- name:
sts_assume_role:
role_arn: "arn:aws:sts::925052198153:assumed-role/DBAAdmin"
role_session_name: "default"
register: assumed_role
- ec2_instance:
instance_type: t2.large
key_name: comdpl_test
image: ami-07527564b23c84506
region: us-east-1
group: ci360-stage-us-east-1-cloudera-main-sg
count: 1
vpc_subnet_id: vpc-cf5347b7
wait: yes
assign_public_ip: yes
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token: "{{ assumed_role.sts_creds.session_token }}"
volumes:
- device_name: /dev/sdb
volume_type: gp2
volume_size: 10
delete_on_termination: true
#####
I get this error. Can someone please guide me
ClientError: An error occurred (AccessDenied) when calling the AssumeRole
operation: User:
arn:aws:sts::925052198153:assumed-role/DBAAdmin/desmond.sinda...@sas.com is
not authorized to perform: sts:AssumeRole on resource:
arn:aws:sts::925052198153:assumed-role/DBAAdmin
[desind@adffddfd~]$ aws sts get-caller-identity
{
"UserId": "AROAIZEC7DF4ASDSRA2SS:desmond.sinda...@sas.com",
"Account": "925052198153",
"Arn":
"arn:aws:sts::925052198153:assumed-role/DBAAdmin/desmond.sinda...@sas.com"
}
[desind@comdpmactl01 ~]$
--
You received this message because you are subscribed to the Google Groups
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-devel/7f3ff012-961c-4d61-8234-523085132158o%40googlegroups.com.
