Closed stoddartjamie closed 5 years ago
Got this working after fighting with trust relationship, maybe need to mention it needs to be something like this for IAM based Auth:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", "AWS": "arn:aws:iam::xxxxxxxxx:role/<your role here>" }, "Action": "sts:AssumeRole" } ] }
Similar to issue #56 I am trying to use this plugin atm but its failing trying to get to AWS
Failed loading resource model source #3 in project Test, skipping: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: Access denied (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: f59577f9-c580-11e9-91c3-a504451753c2) com.dtolabs.rundeck.core.execution.service.ExecutionServiceException: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: Access denied (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: f59577f9-c580-11e9-91c3-a504451753c2)
I have installed the AWS client on the Rundeck EC2 host and the CLI fails in a similar way unless I set our default http_proxy to "", its resolving the incorrect IAM profile from the proxy host.
I cannot find a way to get around this in the plugin cfg and have tried adding no_proxy to /etc/environment also.
Is there a way to either debug this better or disable the default use of http_proxy?