From 9dc36fcaf011a65a006fd887e99cd7bb55e3473a Mon Sep 17 00:00:00 2001 From: Stef Fen Date: Thu, 6 Dec 2018 00:53:53 +0100 Subject: [PATCH] Fix AWS STS session detection (#49536) If CLI has already assumed a IAM Role, then the cli environment has an additional variable: AWS_SESSION_TOKEN This needs to be forwarded to boto to successfully reuse the AWS session in boto. --- contrib/inventory/ec2.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/inventory/ec2.py b/contrib/inventory/ec2.py index 7ba6142dfe8..1e9487d9bbb 100755 --- a/contrib/inventory/ec2.py +++ b/contrib/inventory/ec2.py @@ -576,6 +576,8 @@ class Ec2Inventory(object): if self.boto_profile: connect_args['profile_name'] = self.boto_profile self.boto_fix_security_token_in_profile(connect_args) + elif os.environ.get('AWS_SESSION_TOKEN'): + connect_args['security_token'] = os.environ.get('AWS_SESSION_TOKEN') if self.iam_role: sts_conn = sts.connect_to_region(region, **connect_args)