diff --git a/changelogs/fragments/535-aws-ssm-session-token-missing.yml b/changelogs/fragments/535-aws-ssm-session-token-missing.yml new file mode 100644 index 00000000000..2627a07dc15 --- /dev/null +++ b/changelogs/fragments/535-aws-ssm-session-token-missing.yml @@ -0,0 +1,2 @@ +bugfixes: +- aws_ssm - enable aws ssm connections if **AWS_SESSION_TOKEN** is missing (https://github.com/ansible-collections/community.aws/pull/535). diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py index 994eb55f278..1d96cc5a223 100644 --- a/plugins/connection/aws_ssm.py +++ b/plugins/connection/aws_ssm.py @@ -510,10 +510,14 @@ def _get_boto_client(self, service, region_name=None): aws_access_key_id = self.get_option('access_key_id') aws_secret_access_key = self.get_option('secret_access_key') aws_session_token = self.get_option('session_token') - if aws_access_key_id is None or aws_secret_access_key is None or aws_session_token is None: + + if aws_access_key_id is None: aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None) + if aws_secret_access_key is None: aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None) + if aws_session_token is None: aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None) + client = boto3.client( service, aws_access_key_id=aws_access_key_id,