Add a hack to make AWS Roles usable

Enable using a manually-generated session token for AWS Roles.

A better solution would be to use
https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html,
but I'm not sure how to add the conditional logic required to add that
to the Streisand setup workflow.

Author: MikaelSmith

playbooks/amazon.yml

@@ -91,6 +91,16 @@
       prompt: "\nWhat is your AWS Secret Access Key?\n"
       private: no
 
+    - name: "aws_session_token"
+      prompt: |
+        If you use AWS Roles, see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
+        then get a session token by running 'aws sts get-caller-identity --profile <profile>' and finding
+        it in ~/.aws/cli/cache/*.json.
+
+        What is your AWS Session Token? Press enter for default (no token).
+      default: ""
+      private: no
+
     - name: "confirmation"
       prompt: "\nStreisand will now set up your server. This process usually takes around ten minutes. Press Enter to begin setup...\n"
 

playbooks/roles/ec2-security-group/tasks/main.yml

@@ -7,6 +7,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
 
 - name: Pause for fifteen seconds to ensure the EC2 security group has been created
   pause:
@@ -20,6 +21,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     rules:
       # Nginx
       # ---
@@ -55,6 +57,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -82,6 +85,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -109,6 +113,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -130,6 +135,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -157,6 +163,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -184,6 +191,7 @@
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     purge_rules: no
     purge_rules_egress: no
     rules:

playbooks/roles/genesis-amazon/tasks/main.yml

@@ -13,6 +13,7 @@
     state: absent
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     region: "{{ aws_region }}"
     wait: yes
 
@@ -22,13 +23,15 @@
     key_material: "{{ ssh_key.stdout }}"
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     region: "{{ aws_region }}"
     wait: yes
 
 - name: Determine which AMI to use
   ec2_ami_facts:
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     owners: "{{ aws_ami_owner }}"
     region: "{{ aws_region }}"
     filters:
@@ -39,6 +42,7 @@
   ec2:
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     instance_type: "{{ aws_instance_type }}"
     image: "{{ ami.images|sort(reverse=True,attribute='name')|map(attribute='image_id')|first }}"
     region: "{{ aws_region }}"
@@ -58,6 +62,7 @@
     state: present
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     region: "{{ aws_region }}"
     namespace: "AWS/EC2"
     metric: StatusCheckFailed_System
@@ -83,6 +88,7 @@
   ec2_eip:
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
+    security_token: "{{ aws_session_token }}"
     region: "{{ aws_region }}"
     device_id: "{{ streisand_server.instances[0].id }}"
     in_vpc: "{{ aws_vpc_id is defined and aws_vpc_id != '' }}"