-
Notifications
You must be signed in to change notification settings - Fork 391
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use aws_ssm connection with cross-account shared bucket #1979
Comments
raulpedroche
added a commit
to raulpedroche/community.aws
that referenced
this issue
Oct 25, 2023
Facing same error here in this exact scenario: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When trying to use a single organization bucket for cross-account connection, the aws_ssm connection plugin fails with
This happens even though the assumed role has the s3:GetBucketLocation permission granted (we have double checked, s3:* in the role and explicit s3:GetBucketLocation in the bucket policy).
The root of the issue is that, according to the CLI help,
The online API documentation does not mention it, although it says the call is supported only for backwards compatibility and advises the usage of HeadBucket.
Switching to HeadBucket API call would involve changin the code from
to something like
Issue Type
Bug Report
Component Name
aws_ssm
Ansible Version
Collection Versions
AWS SDK versions
Configuration
OS / Environment
Debian GNU/Linux 12 (bookworm)
Steps to Reproduce
Expected Results
Expected playbook to run to end.
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: