Open jordanjthomas opened 4 months ago
@psharkey Sorry for tagging, but is this a known issue with the connection plugin?
I am seeing this as well when running in AWX with Ansible core 2.15.12 or 2.16.8 with the community.aws collections in 7.x and 8.x.
interestingly, the same exact playbook works with the same credentials when running on my laptop with ansible 2.16.8 and collection 7.2.0 or 8.0.0
is there work around for this. Or can someone pls pick this up and fix this i see that this has been changed in the latest version https://github.com/ansible-collections/community.aws/blob/5.5.1/plugins/connection/aws_ssm.py#L674-L675
I don't know if this helps people, but in my case I'm using AWX and found a workaround.
I needed to create a machine credential for the job template with the username of 'admin' and no password required. This then allowed 'become' to work. Without that, become would not cause any changes to user after SSM connection. Quite annoying..
Summary
Cannot get the 'community.aws.aws_ssm' connection to 'become' any other user when connecting to an EC2 via SSM. In this scenario user will not become 'root'. I can connect to the target host fine, but any attempt to become root fails. Example tests:
The results of these and other tests all come back the same: user being 'ssm_user'. The 'ssm_user' definitely does have the permission to elevate to root and can do so manually on the instance fine.
Issue Type
Bug Report
Component Name
community.aws.aws_ssm
Ansible Version
Collection Versions
AWS SDK versions
OS / Environment
No response
Steps to Reproduce
Expected Results
I expected the tasks to show the user as 'root'
Actual Results
Code of Conduct