failed when using aws default key_id aws/ssm #1
Labels
Comments
|
Could you please provide details include the error message first? When you start to use SSM parameter store at the first time, kms key If the key |
|
ansible 2.3 (also with ansible 2.4 same behavior)
…---
# Provision New Resource in AWS
- name: ssm
hosts: localhost
connection: local
tasks:
- name: Create or update secure key/value pair with nominated kms key
ssm_parameter_store:
name: "Hello"
description: "This is your first key"
region: "us-east-1"
string_type: "SecureString"
value: "World"%
Got following, not sure why with traceback error
The full traceback is:
Traceback (most recent call last):
File "/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py", line 249, in <module>
main()
File "/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py", line 245, in main
(changed, reponse) = invocations[state](client, module)
File "/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py", line 167, in create_update_parameter
module.fail_json(msg=e.message, exception=traceback.format_exc(),
NameError: global name 'traceback' is not defined
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Traceback (most recent call last):\n File \"/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py\", line 249, in <module>\n main()\n File \"/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py\", line 245, in main\n (changed, reponse) = invocations[state](client, module)\n File \"/var/folders/5k/m9hvl9ld2wv8zs33vhlrhvw40000gn/T/ansible_YuNMy2/ansible_module_ssm_parameter_store.py\", line 167, in create_update_parameter\n module.fail_json(msg=e.message, exception=traceback.format_exc(),\nNameError: global name 'traceback' is not defined\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}
little change just to show the error
except ClientError as e:
module.fail_json(msg=e.message)
# module.fail_json(msg=e.message, exception=traceback.format_exc(),
# **camel_dict_to_snake_dict(e.response))
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"aws_access_key": null,
"aws_secret_key": null,
"decryption": true,
"description": "This is your first key",
"ec2_url": null,
"key_id": "aws/ssm",
"name": "Hello",
"overwrite": true,
"profile": null,
"region": "us-east-1",
"security_token": null,
"state": "present",
"string_type": "SecureString",
"validate_certs": true,
"value": "World"
}
},
"msg": "An error occurred (InvalidKeyId) when calling the PutParameter operation: Invalid keyId (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: a5b599e1-2468-11e7-8cc0-0bfda6e23b6f)"
If takeout KeyId=module.params.get(‘key_id’) when default aws/ssm used, then it works
I verify this in boto3 ssm put_parameter and aws cli, same behavior
On Apr 18, 2017, at 13:54, Bill Wang ***@***.***> wrote:
Could you please provde details include the error message first?
When you start to use ssm parameter store at first time, kms key aws/ssm is created by aws as default.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACmH0vLk27FZF_agOeCcHEUUi5_qjz_Zks5rxPjhgaJpZM4NAp7R>.
|
|
Could you confirm, in your environment, the kms key |
|
yes it exists.
… On Apr 18, 2017, at 15:53, Bill Wang ***@***.***> wrote:
Could you confirm, in your environment, the kms key aws/ssm exists or not? if not, you need to create a kms key first.
https://www.terraform.io/docs/providers/aws/r/kms_key.html <https://www.terraform.io/docs/providers/aws/r/kms_key.html>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACmH0jVtr_hJUMxwvkZrSr-IBSN6PM2-ks5rxRS8gaJpZM4NAp7R>.
|
|
Seems I don't accept |
|
Yes, I also manually created the parameter from AWS console as well in us-east-1.
Thanks!
…--
James Zhang
Sent with Airmail
On Apr 18, 2017, 19:42 -0400, Bill Wang ***@***.***>, wrote:
Please confirm again, if kms key aws/ssm exists in the region you are working on.
provider "aws" { region = "<Region_Where_KMS_KEY_exist>" }
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub (#1 (comment)), or mute the thread (https://github.com/notifications/unsubscribe-auth/ACmH0hIVFpzbxONNljafBDCIPefvzkbwks5rxUpigaJpZM4NAp7R).
|
|
change default key_id from The problem is fixed, thanks to raise this issue. I have tagged release to |
ozbillwang
pushed a commit
that referenced
this issue
Apr 19, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
looks like, with calling client.put_parameter, if you passed KeyId='aws/ssm', you will get InvalidKeyId
so in the case without key_id option or key_id is set 'aws/ssm', KeyId can't be present when making put_parameter call.
The text was updated successfully, but these errors were encountered: