Fix AWS STS session detection (#49536)

If CLI has already assumed a IAM Role, then the cli environment has an additional variable: AWS_SESSION_TOKEN This needs to be forwarded to boto to successfully reuse the AWS session in boto.
author: Stef Fen <stevie-@users.noreply.github.com> 2018-12-06 00:53:53 +0100
committer: Will Thames <will@thames.id.au> 2018-12-06 09:53:53 +1000
commit: 9dc36fcaf011a65a006fd887e99cd7bb55e3473a (patch)
tree: a70ac5b5551fd5f5a5c118f0462feeeb9fbd9dbb /contrib
parent: a5d98d69ffa6d622d40a40fa9ce882d30864470c (diff)
download: ansible-9dc36fcaf011a65a006fd887e99cd7bb55e3473a.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/contrib/inventory/ec2.py b/contrib/inventory/ec2.py
index 7ba6142dfe..1e9487d9bb 100755
--- a/contrib/inventory/ec2.py
+++ b/contrib/inventory/ec2.py
@@ -576,6 +576,8 @@ class Ec2Inventory(object):
         if self.boto_profile:
             connect_args['profile_name'] = self.boto_profile
             self.boto_fix_security_token_in_profile(connect_args)
+        elif os.environ.get('AWS_SESSION_TOKEN'):
+            connect_args['security_token'] = os.environ.get('AWS_SESSION_TOKEN')
 
         if self.iam_role:
             sts_conn = sts.connect_to_region(region, **connect_args)
author	Stef Fen <stevie-@users.noreply.github.com>	2018-12-06 00:53:53 +0100
committer	Will Thames <will@thames.id.au>	2018-12-06 09:53:53 +1000
commit	9dc36fcaf011a65a006fd887e99cd7bb55e3473a (patch)
tree	a70ac5b5551fd5f5a5c118f0462feeeb9fbd9dbb /contrib
parent	a5d98d69ffa6d622d40a40fa9ce882d30864470c (diff)
download	ansible-9dc36fcaf011a65a006fd887e99cd7bb55e3473a.tar.gz