I am using Ansible's Dynamic Inventory feature to connect to the ec2 instances in AWS account using below:
AWS_PROFILE=personal ansible-playbook cifarm.yml -C
I have copied the https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.py into and https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.ini file under inventory directory.
On running AWS_PROFILE=personal ansible-playbook cifarm.yml -C, it throws below error:
Output:
ERROR: Inventory script (inventory/ec2.py) had an execution error: ERROR: "Authentication error retrieving ec2 inventory.
- AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct
- Boto configs found at '~/.boto, ~/.aws/credentials', but the credentials contained may not be correct", while: getting EC2 instances
I am running the playbook from a MAC OS. Please note that I am able to run below successfully:
aws ec2 describe-instances --page-size 5 --profile personal
This prooves that the credentials are correct and also I have exported the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
I tried to execute the inventory/ec2.py file as below:
./ec2.py --list
And it comes back with the same error. I saw a post where it was suggested to update the time on the machine, I am running the playbook. So I ran ntpdate -u
But the issue still persists. I have no idea what is the reason.
Any help/suggestions is much appreciated.
I managed to resolve the issue. Explaining it here for others to benefit. When I generated the aws credentials for AWS_PROFILE= personal, I had values for below environment variables in ~/.aws/credentials:
aws_access_key_id
aws_secret_access_key
aws_session_token.
However if you look in the ec2.py, it expects variable value called aws_security_token. So all I did was changed the variable name from aws_session_token to aws_security_token in ~/.aws/credentials.
And voila. Works fine.
Related
hi I am unable to run this command aws sts get-caller-identity.
when I do sudo nano ~/.aws/credentials I can only locate this
[default]
aws_access_key_id = my_id
aws_secret_access_key = my_secret_id
and after doing successful steps of command aws configure when I am doing aws sts get-caller-identity I am getting this error
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
any reason which could cause this ?
Sometimes this kind of issues are caused by another credential configuration.
Environment variables credential configuration takes prority over credentials config file.
So in case there are present the environment variables "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY" or "AWS_SESSION_TOKEN" these could generate issues if it were missconfigured or have been expired.
Try checking the env vars associated to AWS Credentials and removing them using the 'unset' command in linux.
Additionally, to remove env vars permanently you need to remove the lines related on configuration files like:
/etc/environment
/etc/profile
~/.profile
~/.bashrc
Reference:
Configuration settings and precedence
I had my default region disabled by default (eu-south-1), so I had to enable it via the Web console at first, then it worked.
While configuring my access keys in AWS CLI, there is an issue with credentials and config file creation. when using "$ aws configure --profile xxxxx" command.
It used to work fine, "$ aws configure --profile xxxxx" would create .aws/config and .aws/credentials files, through which I was able to run any aws commands, while in any of the drives or folder through cli.
I uninstalled and reinstalled AWS CLI for the latest version.
Now "$ aws configure --profile xxxxx" just created .awsconfig and .awscredentials files in the same old path (C:\Users\Profile).
I can run any aws command and get the required output.
But, when I change my path, like moving to another folder, it throughs an error "The config profile (xxxxx) could not be found".
There are no documents in AWS regarding this issue.
I was able to find the issue. I wanted to set the env variables so used the
$setx commands
$setx AWS_ACCESS_KEY_ID
$setx AWS_SECRET_ACCESS_KEY
$setx AWS_DEFAULT_REGION
$setx AWS_PROFILE
$setx AWS_CREDENTIAL_FILE
$setx AWS_CONFIG_FILE
So whenever I tried to $aws configure, instead of the .aws folder, .awsconfig and .awscredentials files were created which were not global. By using $unset, I was able to remove all these and $aws configure now creates folder .aws with config and credentials files.
Hopes this helps.
#DanielScott
I'm playing around with AWS and my credentials worked few months back. I'm using credentials file located in ~/.aws/credentials
and using the keys provided by AWS. They updated the access key so I've changed it in the file but secret key remained the same.
I've got the credentials file in this format:
[default]
aws_access_key_id=xyz
aws_secret_access_key=xyz
region=eu-west-2
vpc-id=xyz
when I run docker-machine create --driver amazonec2 testdriven-prod
I get this output:
Error setting machine configuration from flags provided: amazonec2 driver requires AWS credentials configured with the --amazonec2-access-key and --amazonec2-secret-key options, environment variables, ~/.aws/credentials, or an instance role
The file is in the right directory though. Why Docker-machine can't see it ? I really don't understand this error.
What can I try to resolve this ?
This isn't a real answer rather a find.
I used verbose cli command to create the instance and it worked. Even though
this:
docker-machine create --driver amazonec2 --amazonec2-access-key XYZ --amazonec2-secret-key XYZ --amazonec2-open-port 8000 --amazonec2-region eu-west-2 testdriven-prod
should be equivalent to:
aws_access_key_id=XYZ
aws_secret_access_key=XYZ
region=eu-west-2
in ~/.aws/credentials file the behaviour was different.
So if anyone is still interested in sharing what the real answer to this might
be please feel free to post it.
I am trying to configure AWS CONFIGURE via AWS CLI on my laptop having Windows 10 professional. This is not the first time I am configuring AWS CONFIGURE. I already have many profiles settings.
I have enough free system memory and storage and have sufficient rights to run aws configure. I am using Python 3.6
Here is the detail, how I am trying to setup AWS CONFIGURE.
When I run this command again, it asks all the values again.
Even if I run an AWS CLI command using this new profile; to create a lambda function ( aws lambda create-function xxxxxxxxx --profile lambdaprofile ).
It gives below error.
The config profile (lambdaprofile) could not be found.
Please help me.
Some times this issue happens and AWS CLI is unable to set new profile and settings in config file.
Here is a fix of this issue.
Run below command from windows console.
notepad %USERPROFILE%\.aws\credentials
You will see last line of credentials file with overlapping line.
e.g in your particular case, it would be showing like below.
region = us-east-1[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Similar issue would be in config file, which can be checked by opening this file.
notepad %USERPROFILE%\.aws\config
To fix this issue set [lambdaprofile] to new line, preferably add another empty line before [lambdaprofile]. It should look like below.
region = us-east-1
[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Also do the same fix in config file. After fixing it, if you will run aws configure --profile lambdaprofile it should show the previously saved values in credentials and config files.
You may also check if values are saved or not with below command.
aws configure list --profile lambdaprofile
Alternately to the fix detail mentioned above, you can also set new profile directly with AWS CONFIGURE SET
e.g in your particular case.
aws configure --profile lambdaprofile set aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure --profile lambdaprofile set aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure --profile lambdaprofile set region use-east-1
or
aws configure set profile.lambdaprofile.aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure set profile.lambdaprofile.aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure set profile.lambdaprofile.region use-east-1
configured AWS Cli on Linux system.
While running any command like "aws ec2 describe-instances" it is showing error "Invalid IPv6 URL"
Ran into the same error.
Running this command fixed the error for me:
export AWS_DEFAULT_REGION=us-east-1
You might also try specifying the region when running any command:
aws s3 ls --region us-east-1
Hope this helps!
or run aws configure and enter valid region for default region name
I ran into this issue due to region being wrongly typed. When you run aws configure during initial setup, if you try to delete a mistaken entry, it will end up having invalid characters in the region name.
Hopefully, running aws configure again will resolve your issue.