{"id":20790550,"url":"https://github.com/docker-production-aws/aws-sts","last_synced_at":"2025-05-05T20:49:47.432Z","repository":{"id":176607453,"uuid":"83680284","full_name":"docker-production-aws/aws-sts","owner":"docker-production-aws","description":"Ansible role for assuming roles using the AWS STS service","archived":false,"fork":false,"pushed_at":"2017-11-22T17:34:14.000Z","size":9,"stargazers_count":2,"open_issues_count":0,"forks_count":22,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-30T23:31:35.348Z","etag":null,"topics":["ansible","ansible-role","assume-role","aws","aws-sts","mfa","multi-factor-authentication","playbook","pluralsight","security-token-service","sts"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/docker-production-aws.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-02T13:23:21.000Z","updated_at":"2018-02-26T11:25:32.000Z","dependencies_parsed_at":"2024-02-06T01:33:01.633Z","dependency_job_id":null,"html_url":"https://github.com/docker-production-aws/aws-sts","commit_stats":null,"previous_names":["docker-production-aws/aws-sts"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-production-aws%2Faws-sts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-production-aws%2Faws-sts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-production-aws%2Faws-sts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker-production-aws%2Faws-sts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/docker-production-aws","download_url":"https://codeload.github.com/docker-production-aws/aws-sts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252575797,"owners_count":21770627,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","assume-role","aws","aws-sts","mfa","multi-factor-authentication","playbook","pluralsight","security-token-service","sts"],"created_at":"2024-11-17T15:35:50.092Z","updated_at":"2025-05-05T20:49:47.425Z","avatar_url":"https://github.com/docker-production-aws.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS STS Role\n\nThis Ansible role allows a user to assume a given role, generating temporary security credentials that can be used to assume the role.\n\n## Requirements\n\n- Python 2.7\n- PIP package manager (**easy_install pip**)\n- Ansible 2.4 or greater (**pip install ansible**)\n- AWS CLI (**pip install awscli**)\n\n## Setup\n\nThe recommended approach to use this role is an Ansible Galaxy requirement to your Ansible playbook project.\n\n### Installing using Ansible Galaxy\n\nTo set this role up as an Ansible Galaxy requirement, first create a `requirements.yml` file in a subfolder called `roles` and add an entry for this role.  See the [Ansible Galaxy documentation](http://docs.ansible.com/ansible/galaxy.html#installing-multiple-roles-from-a-file) for more details.\n\n```\n# Example requirements.yml file\n- src: https://github.com/docker-production-aws/aws-sts.git\n  scm: git\n  version: v1.0\n  name: aws-sts\n```\n\nOnce you have created `roles/requirements.yml`, you can install the role using the `ansible-galaxy` command line tool.\n\n```\n$ ansible-galaxy install --role-file=roles/requirements.yml --roles-path=./roles/ --force\n$ git commit -a -m \"Added aws-sts 1.0.0 role\"\n```\n\nTo update the role version, simply update the `requirements.yml` file and re-install the role as demonstrated above.\n\n## Usage\n\n### Inputs\n\nThe STS role relies on the following inputs:\n\n- `Sts.Role` (Mandatory) - this variable must be provided by the calling playbook, representing the ARN of the role to assume\n\n- `Sts.SessionName` (Optional) - a name for the temporary session token that is generated\n\n- `Sts.Disabled` (Optional) - disables all actions of this role.  Useful for long running playbooks that would be affected by the duration (maximum 60 minutes) of using STS token.\n\n- `Sts.Region` (Optional) - the target AWS regions.  Alternatively you can set the AWS region using the `AWS_DEFAULT_REGION` environment variable.  If this is not in your environment, the playbook defaults to `ap-southeast-2`.\n\n- AWS credentials - you must configure the environment such that your credentials are available to assume the role.  For example, you can set an access key and secret key via environment variables, or configure a profile via environment variables, or rely on an EC2 instance profile if running in AWS.  A dictionary called `Sts.Credentials` is output by this module, which sets up the appropriate configuration with AWS STS token settings.\n\n### Outputs\n\nIf the assume role operation is successful, the temporary credentials issued by AWS are registered to a variable called `Sts.Credentials`:\n\n- `Sts.Credentials.AWS_DEFAULT_REGION`\n- `Sts.Credentials.ACCESS_KEY`\n- `Sts.Credentials.ACCESS_KEY_ID`\n- `Sts.Credentials.AWS_SECRET_KEY`\n- `Sts.Credentials.AWS_SECRET_ACCESS_KEY`\n- `Sts.Credentials.AWS_SECURITY_TOKEN`\n\nYou should call this role from a dedicated play, and then define your subsequent playbook tasks in separate plays.  This allows the `Sts.Credentials`variable to be used to configure the environment of your remaining tasks.\n\n\n## Examples\n\nThe following demonstrates how to call this role from a playbook:\n\n\u003e You cannot use the dot notation syntax `Sts.Role` with the `vars` syntax as demonstrated in the example below.\n\n```yaml\n- name: Assume Role Play\n  hosts: localhost\n  connection: local\n  gather_facts: no\n  vars:\n    Sts:\n      Role: \"arn:aws:iam::123456789:role/admin\"\n      SessionName: testAssumeRole\n      Region: us-west-2\n  roles:\n    - aws-sts\n```\n\nThe following shows the recommended play configuration to use the temporary credentials issued:\n\n```yaml\n...\n...\n- name: My Playbook\n  hosts: localhost\n  connection: local\n  environment: \"{{ Sts.Credentials }}\"\n  tasks:\n   - ...\n   - ...\n...\n...\n```\n\n## Release Notes\n\n### Version v1.0\n\n- First Release","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker-production-aws%2Faws-sts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdocker-production-aws%2Faws-sts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker-production-aws%2Faws-sts/lists"}