Fix AWS STS session detection (#49536)

If CLI has already assumed a IAM Role, then the cli environment has an additional variable: AWS_SESSION_TOKEN This needs to be forwarded to boto to successfully reuse the AWS session in boto.
2018-12-06 00:53:53 +01:00 · 2018-12-06 00:53:53 +01:00 · 9dc36fcaf0
parent a5d98d69ff
commit 9dc36fcaf0
1 changed files with 2 additions and 0 deletions
--- a/contrib/inventory/ec2.py
+++ b/contrib/inventory/ec2.py
@ -576,6 +576,8 @@ class Ec2Inventory(object):
        if self.boto_profile:
            connect_args['profile_name'] = self.boto_profile
            self.boto_fix_security_token_in_profile(connect_args)
+        elif os.environ.get('AWS_SESSION_TOKEN'):
+            connect_args['security_token'] = os.environ.get('AWS_SESSION_TOKEN')

        if self.iam_role:
            sts_conn = sts.connect_to_region(region, **connect_args)