aws_ssm malformed CURL URL for ansiballZ_setup.py

[ramvalleru]

SUMMARY

Malformed CURL URL to download the AnsiballZ_setup.py. Target server not able to download the file from the AWS S3 bucket.

ISSUE TYPE

• Bug Report

COMPONENT NAME

connection, aws_ssm.py

ANSIBLE VERSION

ansible --version

ansible-playbook 2.10.4
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.7.9 (default, Aug 27 2020, 21:59:41) [GCC 7.3.1 20180712 (Red Hat 7.3.1-9)]

CONFIGURATION

ansible-config dump

ACTION_WARNINGS(default) = True
AGNOSTIC_BECOME_PROMPT(default) = True
ALLOW_WORLD_READABLE_TMPFILES(default) = False
ANSIBLE_CONNECTION_PATH(default) = None
ANSIBLE_COW_PATH(default) = None
ANSIBLE_COW_SELECTION(default) = default
ANSIBLE_COW_WHITELIST(default) = ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep', 'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder', 'vader-koala', 'vader', 'www']
ANSIBLE_FORCE_COLOR(default) = False
ANSIBLE_NOCOLOR(default) = False
ANSIBLE_NOCOWS(default) = False
ANSIBLE_PIPELINING(default) = False
ANSIBLE_SSH_ARGS(default) = -C -o ControlMaster=auto -o ControlPersist=60s
ANSIBLE_SSH_CONTROL_PATH(default) = None
ANSIBLE_SSH_CONTROL_PATH_DIR(default) = ~/.ansible/cp
ANSIBLE_SSH_EXECUTABLE(default) = ssh
ANSIBLE_SSH_RETRIES(default) = 0
ANY_ERRORS_FATAL(default) = False
BECOME_ALLOW_SAME_USER(default) = False
BECOME_PLUGIN_PATH(default) = ['/root/.ansible/plugins/become', '/usr/share/ansible/plugins/become']
CACHE_PLUGIN(default) = memory
CACHE_PLUGIN_CONNECTION(default) = None
CACHE_PLUGIN_PREFIX(default) = ansible_facts
CACHE_PLUGIN_TIMEOUT(default) = 86400
COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH(default) = warning
COLLECTIONS_PATHS(default) = ['/root/.ansible/collections', '/usr/share/ansible/collections']
COLLECTIONS_SCAN_SYS_PATH(default) = True
COLOR_CHANGED(default) = yellow
COLOR_CONSOLE_PROMPT(default) = white
COLOR_DEBUG(default) = dark gray
COLOR_DEPRECATE(default) = purple
COLOR_DIFF_ADD(default) = green
COLOR_DIFF_LINES(default) = cyan
COLOR_DIFF_REMOVE(default) = red
COLOR_ERROR(default) = red
COLOR_HIGHLIGHT(default) = white
COLOR_OK(default) = green
COLOR_SKIP(default) = cyan
COLOR_UNREACHABLE(default) = bright red
COLOR_VERBOSE(default) = blue
COLOR_WARN(default) = bright purple
COMMAND_WARNINGS(default) = True
CONDITIONAL_BARE_VARS(default) = False
CONNECTION_FACTS_MODULES(default) = {'asa': 'ansible.legacy.asa_facts', 'cisco.asa.asa': 'cisco.asa.asa_facts', 'eos': 'ansible.legacy.eos_facts', 'arista.eos.eos': 'arista.eos.eos_facts', 'frr': 'ansible.legacy.frr_facts', 'frr.frr.frr': 'frr.frr.frr_facts', 'ios': 'ansible.legacy.ios_facts', 'cisco.ios.ios': 'cisco.ios.ios_facts', 'iosxr':'ansible.legacy.iosxr_facts', 'cisco.iosxr.iosxr': 'cisco.iosxr.iosxr_facts', 'junos': 'ansible.legacy.junos_facts', 'junipernetworks.junos.junos': 'junipernetworks.junos.junos_facts', 'nxos': 'ansible.legacy.nxos_facts', 'cisco.nxos.nxos': 'cisco.nxos.nxos_facts', 'vyos': 'ansible.legacy.vyos_facts', 'vyos.vyos.vyos': 'vyos.vyos.vyos_facts', 'exos': 'ansible.legacy.exos_facts', 'extreme.exos.exos': 'extreme.exos.exos_facts', 'slxos': 'ansible.legacy.slxos_facts', 'extreme.slxos.slxos': 'extreme.slxos.slxos_facts', 'voss': 'ansible.legacy.voss_facts', 'extreme.voss.voss': 'extreme.voss.voss_facts', 'ironware': 'ansible.legacy.ironware_facts', 'community.network.ironware': 'community.network.ironware_facts'}
COVERAGE_REMOTE_OUTPUT(default) = None
COVERAGE_REMOTE_WHITELIST(default) = *
DEFAULT_ACTION_PLUGIN_PATH(default) = ['/root/.ansible/plugins/action', '/usr/share/ansible/plugins/action']
DEFAULT_ALLOW_UNSAFE_LOOKUPS(default) = False
DEFAULT_ASK_PASS(default) = False
DEFAULT_ASK_VAULT_PASS(default) = False
DEFAULT_BECOME(default) = False
DEFAULT_BECOME_ASK_PASS(default) = False
DEFAULT_BECOME_EXE(default) = None
DEFAULT_BECOME_FLAGS(default) =
DEFAULT_BECOME_METHOD(default) = sudo
DEFAULT_BECOME_USER(default) = root
DEFAULT_CACHE_PLUGIN_PATH(default) = ['/root/.ansible/plugins/cache', '/usr/share/ansible/plugins/cache']
DEFAULT_CALLABLE_WHITELIST(default) = []
DEFAULT_CALLBACK_PLUGIN_PATH(default) = ['/root/.ansible/plugins/callback', '/usr/share/ansible/plugins/callback']
DEFAULT_CALLBACK_WHITELIST(default) = []
DEFAULT_CLICONF_PLUGIN_PATH(default) = ['/root/.ansible/plugins/cliconf', '/usr/share/ansible/plugins/cliconf']
DEFAULT_CONNECTION_PLUGIN_PATH(default) = ['/root/.ansible/plugins/connection', '/usr/share/ansible/plugins/connection']
DEFAULT_DEBUG(default) = False
DEFAULT_EXECUTABLE(default) = /bin/sh
DEFAULT_FACT_PATH(default) = None
DEFAULT_FILTER_PLUGIN_PATH(default) = ['/root/.ansible/plugins/filter', '/usr/share/ansible/plugins/filter']
DEFAULT_FORCE_HANDLERS(default) = False
DEFAULT_FORKS(default) = 5
DEFAULT_GATHERING(default) = implicit
DEFAULT_GATHER_SUBSET(default) = ['all']
DEFAULT_GATHER_TIMEOUT(default) = 10
DEFAULT_HANDLER_INCLUDES_STATIC(default) = False
DEFAULT_HASH_BEHAVIOUR(default) = replace
DEFAULT_HOST_LIST(default) = ['/etc/ansible/hosts']
DEFAULT_HTTPAPI_PLUGIN_PATH(default) = ['/root/.ansible/plugins/httpapi', '/usr/share/ansible/plugins/httpapi']
DEFAULT_INTERNAL_POLL_INTERVAL(default) = 0.001
DEFAULT_INVENTORY_PLUGIN_PATH(default) = ['/root/.ansible/plugins/inventory', '/usr/share/ansible/plugins/inventory']
DEFAULT_JINJA2_EXTENSIONS(default) = []
DEFAULT_JINJA2_NATIVE(default) = False
DEFAULT_KEEP_REMOTE_FILES(default) = False
DEFAULT_LIBVIRT_LXC_NOSECLABEL(default) = False
DEFAULT_LOAD_CALLBACK_PLUGINS(default) = False
DEFAULT_LOCAL_TMP(default) = /root/.ansible/tmp/ansible-local-6185rja5_dey
DEFAULT_LOG_FILTER(default) = []
DEFAULT_LOG_PATH(default) = None
DEFAULT_LOOKUP_PLUGIN_PATH(default) = ['/root/.ansible/plugins/lookup', '/usr/share/ansible/plugins/lookup']
DEFAULT_MANAGED_STR(default) = Ansible managed
DEFAULT_MODULE_ARGS(default) =
DEFAULT_MODULE_COMPRESSION(default) = ZIP_DEFLATED
DEFAULT_MODULE_NAME(default) = command
DEFAULT_MODULE_PATH(default) = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
DEFAULT_MODULE_UTILS_PATH(default) = ['/root/.ansible/plugins/module_utils', '/usr/share/ansible/plugins/module_utils']
DEFAULT_NETCONF_PLUGIN_PATH(default) = ['/root/.ansible/plugins/netconf', '/usr/share/ansible/plugins/netconf']
DEFAULT_NO_LOG(default) = False
DEFAULT_NO_TARGET_SYSLOG(default) = False
DEFAULT_NULL_REPRESENTATION(default) = None
DEFAULT_POLL_INTERVAL(default) = 15
DEFAULT_PRIVATE_KEY_FILE(default) = None
DEFAULT_PRIVATE_ROLE_VARS(default) = False
DEFAULT_REMOTE_PORT(default) = None
DEFAULT_REMOTE_USER(default) = None
DEFAULT_ROLES_PATH(default) = ['/root/.ansible/roles', '/usr/share/ansible/roles', '/etc/ansible/roles']
DEFAULT_SCP_IF_SSH(default) = smart
DEFAULT_SELINUX_SPECIAL_FS(default) = ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p', 'vfat']
DEFAULT_SFTP_BATCH_MODE(default) = True
DEFAULT_SQUASH_ACTIONS(default) = ['apk', 'apt', 'dnf', 'homebrew', 'openbsd_pkg', 'pacman', 'pip', 'pkgng', 'yum', 'zypper']
DEFAULT_SSH_TRANSFER_METHOD(default) = None
DEFAULT_STDOUT_CALLBACK(default) = default
DEFAULT_STRATEGY(default) = linear
DEFAULT_STRATEGY_PLUGIN_PATH(default) = ['/root/.ansible/plugins/strategy', '/usr/share/ansible/plugins/strategy']
DEFAULT_SU(default) = False
DEFAULT_SYSLOG_FACILITY(default) = LOG_USER
DEFAULT_TASK_INCLUDES_STATIC(default) = False
DEFAULT_TERMINAL_PLUGIN_PATH(default) = ['/root/.ansible/plugins/terminal', '/usr/share/ansible/plugins/terminal']
DEFAULT_TEST_PLUGIN_PATH(default) = ['/root/.ansible/plugins/test', '/usr/share/ansible/plugins/test']
DEFAULT_TIMEOUT(default) = 10
DEFAULT_TRANSPORT(default) = smart
DEFAULT_UNDEFINED_VAR_BEHAVIOR(default) = True
DEFAULT_VARS_PLUGIN_PATH(default) = ['/root/.ansible/plugins/vars', '/usr/share/ansible/plugins/vars']
DEFAULT_VAULT_ENCRYPT_IDENTITY(default) = None
DEFAULT_VAULT_IDENTITY(default) = default
DEFAULT_VAULT_IDENTITY_LIST(default) = []
DEFAULT_VAULT_ID_MATCH(default) = False
DEFAULT_VAULT_PASSWORD_FILE(default) = None
DEFAULT_VERBOSITY(default) = 0
DEPRECATION_WARNINGS(default) = True
DEVEL_WARNING(default) = True
DIFF_ALWAYS(default) = False
DIFF_CONTEXT(default) = 3
DISPLAY_ARGS_TO_STDOUT(default) = False
DISPLAY_SKIPPED_HOSTS(default) = True
DOCSITE_ROOT_URL(default) = https://docs.ansible.com/ansible/
DOC_FRAGMENT_PLUGIN_PATH(default) = ['/root/.ansible/plugins/doc_fragments', '/usr/share/ansible/plugins/doc_fragments']
DUPLICATE_YAML_DICT_KEY(default) = warn
ENABLE_TASK_DEBUGGER(default) = False
ERROR_ON_MISSING_HANDLER(default) = True
FACTS_MODULES(default) = ['smart']
GALAXY_DISPLAY_PROGRESS(default) = None
GALAXY_IGNORE_CERTS(default) = False
GALAXY_ROLE_SKELETON(default) = None
GALAXY_ROLE_SKELETON_IGNORE(default) = ['^.git$', '^.*/.git_keep$']
GALAXY_SERVER(default) = https://galaxy.ansible.com
GALAXY_SERVER_LIST(default) = None
GALAXY_TOKEN_PATH(default) = /root/.ansible/galaxy_token
HOST_KEY_CHECKING(default) = True
HOST_PATTERN_MISMATCH(default) = warning
INJECT_FACTS_AS_VARS(default) = True
INTERPRETER_PYTHON(default) = auto_legacy
INTERPRETER_PYTHON_DISTRO_MAP(default) = {'centos': {'6': '/usr/bin/python', '8': '/usr/libexec/platform-python'}, 'debian': {'10': '/usr/bin/python3'}, 'fedora': {'23': '/usr/bin/python3'}, 'redhat': {'6': '/usr/bin/python', '8': '/usr/libexec/platform-python'}, 'rhel': {'6': '/usr/bin/python', '8': '/usr/libexec/platform-python'}, 'ubuntu': {'14': '/usr/bin/python', '16': '/usr/bin/python3'}}
INTERPRETER_PYTHON_FALLBACK(default) = ['/usr/bin/python', 'python3.7', 'python3.6', 'python3.5', 'python2.7', 'python2.6', '/usr/libexec/platform-python', '/usr/bin/python3', 'python']
INVALID_TASK_ATTRIBUTE_FAILED(default) = True
INVENTORY_ANY_UNPARSED_IS_FAILED(default) = False
INVENTORY_CACHE_ENABLED(default) = False
INVENTORY_CACHE_PLUGIN(default) = None
INVENTORY_CACHE_PLUGIN_CONNECTION(default) = None
INVENTORY_CACHE_PLUGIN_PREFIX(default) = ansible_facts
INVENTORY_CACHE_TIMEOUT(default) = 3600
INVENTORY_ENABLED(default) = ['host_list', 'script', 'auto', 'yaml', 'ini', 'toml']
INVENTORY_EXPORT(default) = False
INVENTORY_IGNORE_EXTS(default) = {{(BLACKLIST_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}
INVENTORY_IGNORE_PATTERNS(default) = []
INVENTORY_UNPARSED_IS_FAILED(default) = False
LOCALHOST_WARNING(default) = True
MAX_FILE_SIZE_FOR_DIFF(default) = 104448
MODULE_IGNORE_EXTS(default) = {{(BLACKLIST_EXTS + ('.yaml', '.yml', '.ini'))}}
NETCONF_SSH_CONFIG(default) = None
NETWORK_GROUP_MODULES(default) = ['eos', 'nxos', 'ios', 'iosxr', 'junos', 'enos', 'ce', 'vyos', 'sros', 'dellos9', 'dellos10', 'dellos6', 'asa', 'aruba', 'aireos', 'bigip', 'ironware', 'onyx', 'netconf', 'exos', 'voss', 'slxos']
OLD_PLUGIN_CACHE_CLEARING(default) = False
PARAMIKO_HOST_KEY_AUTO_ADD(default) = False
PARAMIKO_LOOK_FOR_KEYS(default) = True
PERSISTENT_COMMAND_TIMEOUT(default) = 30
PERSISTENT_CONNECT_RETRY_TIMEOUT(default) = 15
PERSISTENT_CONNECT_TIMEOUT(default) = 30
PERSISTENT_CONTROL_PATH_DIR(default) = /root/.ansible/pc
PLAYBOOK_DIR(default) = None
PLAYBOOK_VARS_ROOT(default) = top
PLUGIN_FILTERS_CFG(default) = None
PYTHON_MODULE_RLIMIT_NOFILE(default) = 0
RETRY_FILES_ENABLED(default) = False
RETRY_FILES_SAVE_PATH(default) = None
RUN_VARS_PLUGINS(default) = demand
SHOW_CUSTOM_STATS(default) = False
STRING_CONVERSION_ACTION(default) = warn
STRING_TYPE_FILTERS(default) = ['string', 'to_json', 'to_nice_json', 'to_yaml', 'to_nice_yaml', 'ppretty', 'json']
SYSTEM_WARNINGS(default) = True
TAGS_RUN(default) = []
TAGS_SKIP(default) = []
TASK_DEBUGGER_IGNORE_ERRORS(default) = True
TASK_TIMEOUT(default) = 0
TRANSFORM_INVALID_GROUP_CHARS(default) = never
USE_PERSISTENT_CONNECTIONS(default) = False
VARIABLE_PLUGINS_ENABLED(default) = ['host_group_vars']
VARIABLE_PRECEDENCE(default) = ['all_inventory', 'groups_inventory', 'all_plugins_inventory', 'all_plugins_play', 'groups_plugins_inventory', 'groups_plugins_play']
VERBOSE_TO_STDERR(default) = False
WIN_ASYNC_STARTUP_TIMEOUT(default) = 5
WORKER_SHUTDOWN_POLL_COUNT(default) = 0
WORKER_SHUTDOWN_POLL_DELAY(default) = 0.1
YAML_FILENAME_EXTENSIONS(default) = ['.yml', '.yaml', '.json']

OS / ENVIRONMENT

Red Hat Enterprise Linux Server release 7.9 (Maipo)

STEPS TO REPRODUCE

- name: test ssm on an EC2 instance
  hosts: router
  vars:
    ansible_python_interpreter: /usr/bin/python3
    ansible_connection: aws_ssm
    ansible_aws_ssm_region: 'eu-central-1'
    ansible_aws_ssm_bucket_name: 628739140356-ansiblebucket
    ssm_timeout: 300
  tasks:
    - name: list files in opt folder
      shell: echo "running on $(curl -s http://169.254.169.254/latest/meta-data/instance-id)"

EXPECTED RESULTS

• AWS SSM session should be opened for target server
• Ansible python file should be uploaded to the AWS S3 bucket
• Plugin would form the CURL command to download the object from S3 bucket
• plugin would login to the target server and download the object from S3 bucket
• plugin would execute the ansiblexx.py file

ACTUAL RESULTS

• CURL command formed doesn't have the region even when the region is supplied and thus i

https://s3.amazonaws.com/628739140356-ansiblebucket/i-0b5e11951ab6b12cd//home/ssm-user/.ansible/tmp/ansible-tmp-1610085009.1424718-18492-226329047977161/AnsiballZ_setup.py
?AWSAccessKeyId=ASIAZEY6F5MCEEL6H74Y
&Signature=3Fm0jsrmtbPuF5jvY0E9fTwU2bY%3D
&x-amz-security-token=IQoJb3JpZ2luX2VjEJL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGV1LWNlbnRyYWwtMSJHMEUCIQDcYlxPbslmw%2BcOtUrv2XWJYDafNZ5ppqcUDlIkK4T0yAIgav8FO6zOLlaRZO4uI1Xnol7W4R8m2EVAh2b8g7WhjzEqugMIWxAAGgw2Mjg3MzkxNDAzNTYiDIxkau3%2BkZhaf7%2FXUyqXAx1ZKpJNGaG9JXCcDMKxW9tGzJ%2BAZUp2JpvpuTFSOldbAgYrRA7SfK5gIsHp8P0cf4f1rdNiDBwuWflD74sHnt74DFIhZw%2FzPcVfll5h6zs6OOSz0ztqnzla70yZNPSFay%2BqPPGQvVGLVMgLp5jyhKzSH1bPd33mS%2FDsonrq7rAf%2B6e9fwgRG9Dpt5CZG4fw63mnNrFc7w63LVb85U6DdTCihLMIaGKzcb4mRsZ2JfPOUMENgvRnUu%2BU%2FJvp5ZPm%2FQHEv4VfM1KD3t2vgLvh8huTKFsir8AJHICsicurIR%2FwFoxwkqQ6IqqEdqzpTTMrFxfzSfmEeO9Kz%2BnKWf946v%2B3HFMBIwN%2BCjUEbOGwPrGJx3lVMR5qEw6Jncz%2FKLUiqdgh7zouWtY7mKOOco9ZQNfspsbyaWcxV7Q82AsJ7rX9iL2e0oe2zdULdYRR1sFxdB%2Fh6Ralq0so7MQ%2BlcVh9cxul3RpP%2BO2Nd4ivZ9WrqcvglB99yV9nbt4Xvtj%2FGQd7qp5veTVQb%2BtNPpASpWkjyI%2BONHI5f0HMJ3Q4P8FOusBxforMOND%2Bmh6ZI6TE0KnoAXTJYPGdC3wM1xPo9LePmLvdXYX1zsTjkxRFf3%2Ba61kT1MJPy0VIdZ56BwsO8KepzTgIK4yFZ7s7zrOEnGlkcFo7ZIuECdLDrl7SpgkGnKy46wAHfAQKzbWlCg81IRKSvAzFGO3SyKhHpjuXASoKlgvG6abaVH%2FKzj%2BK4p9X%2FpZ8Ej75%2BiC%2BEUFSfc3xbpsnH5NGKR3aDy7shU1DDgef0PPMsctVJwehvdJyG8T6UJGyDaAWhDkAjQsp5CxhflSSztamGCwLDUwcOQOOpumD1I4sZRtt7Zvy3IJKA%3D%3D
&Expires=1610104309'

**This resulted in**

<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AuthorizationQueryParametersError</Code>
    <Message>Error parsing the X-Amz-Credential parameter; the region \'us-east-1\' is wrong; expecting \'eu-central-1\'
    </Message>
    <Region>eu-central-1</Region>
    <RequestId>5FF72DBE610F51A1</RequestId>
   <HostId>vEqV8fLW0awHmT6TAD+mmIpfWm2LPd5hJigpxfjnLMmayVVaYyFteowfYcfjDLTeE3/GeL6gxOA=</HostId>
</Error>'

https://tibco-integration-tf-state.s3.amazonaws.com/i-0809c4e9a07dad375//home/ssm-user/.ansible/tmp/ansible-tmp-1610040619.545786-18104-101440688927914/AnsiballZ_setup.py
?AWSAccessKeyId=ASIA4YNB22HRO6EGJUOX
&Signature=BAONXKg7XUaB7%2BNlbfKtq4AVpa0%3D
&x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGV1LWNlbnRyYWwtMSJHMEUCIBuaA6Z%2FN9zKb3BrWAeXhLSFeJxAhQb6SEuDCuEmwResAiEA8g8UmCYqSq0kuRkg15Yh4g68N38OfqrPE70Xk31vd00qugMIYRAAGgw4NzcwNDk1OTg0MzQiDI2AKmeRTYLOR15VCSqXA9pRSN5lNlM91WGjkepaintKvKDS47yFvKStTlYPceMlwbcxpl1punFYGnBaP73Hj9C4vv4uEYJt0g0UstKN6ah95t2gu9KJr2KHlfAJdQzYm3u6m5z26gS8rLUNeT%2BrmAeutvkbn5WgZCSOTzpiAHpRT0ogN4GCB8apHR0CDVvSB4wNl0DPlntsVjTnyVX%2F28IGOUo0AAtMQrYFJUhKDG6z8gNQP8%2F7TMvMUw7V%2F9x0YjLgAcZxYGMTjUfmikuTfbmyBlb2sXiMpcXe7rtXVr8zpE7GnOOuBdbjbE0TyyzS%2BlUGwkJSfOvJRB63rgj3uDmSb2qqL%2FiqMlE%2BlGkOCO%2BjYaEsycDhXzD0iTr%2F3tU3upi4Um%2F%2F83oPd3ycxUkMugN5A1lay4T0xCe7JmOa35TySNNS0uh4ghV0rHD%2B%2FtaLI0iVGlNkNha94I9xHvrQxY9URILaCu%2BeeOPdqfR6nNo4TnyC4nVQCpqPtOWHyf8HU5N8e%2Bs3botE9Q%2BJWmZYeOlVkLTdakEghP4R2JzY8aikA5LNyT%2FIML%2BG4v8FOusBENSEY7VQ%2F2g0ZMzpsqINUsv96clUF8c7g597le4BDQNKcSsgqqf52ZLSLb7g%2FOaI%2FKO4k1Zzi5h2WpYfMhTTdVeDT6OPJ6hTKtylk53fG1JtwKg5jIGnZN3Ca1hEm7MQ6OVL7G2y1fPk409QOH58Kwi8x%2F3UMQ3Apo7OIktdFKu3oZYJGMus6oFqFetOuAunifeU%2F3OiXlt%2FpzHbo34J3yHTIBsRmGcXUyIn%2FKdq4SCGYH5uI4Z9W%2B3bNQOECqC4sSVhL9OcQKmZTmeV8jxBdmIzHVF5rGRL3GBEh7HNEHCvP53S8GNFjPCDhg%3D%3D
&Expires=1610126472

Changes are marked in code between --------

Solution - modification to aws_ssm.py

**from botocore.client import Config**

def _get_url(self, client_method, bucket_name, out_path, http_method):
        ''' Generate URL for get_object / put_object '''
        client = self._get_boto_client('s3')
        return client.generate_presigned_url(client_method, Params={'Bucket': bucket_name, 'Key': out_path}, ExpiresIn=3600, HttpMethod=http_method)

    def _get_boto_client(self, service, region_name=None):
        ''' Gets a boto3 client based on the STS token '''

        aws_access_key_id = self.get_option('access_key_id')
        aws_secret_access_key = self.get_option('secret_access_key')
        aws_session_token = self.get_option('session_token')
        **region_name = self.get_option('region')**
        if aws_access_key_id is None or aws_secret_access_key is None or aws_session_token is None:
            aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None)
            aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None)
            aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None)
        client = boto3.client(
            service,
            aws_access_key_id=aws_access_key_id,
            aws_secret_access_key=aws_secret_access_key,
            aws_session_token=aws_session_token,
            region_name=region_name,
            **config=Config(signature_version="s3v4")**
            )
        return client

This solved the issue and formed the CURL command as below with all the signatures

XEC curl 'https://628739140356-ansiblebucket.s3.amazonaws.com/i-0b5e11951ab6b12cd//home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAZEY6F5MCGGCDZQGI%2F20210109%2F**eu-central-1**%2Fs3%2Faws4_request&X-Amz-Date=20210109T102300Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGV1LWNlbnRyYWwtMSJIMEYCIQDRoCbT6dS9geijC00Xhr4nKdDrfKSE0ULsEXNgjM3vUwIhAMoAiDJJSGehMKvcmUlZDHc17WcV3Wnw4lsCED4MH%2BkMKroDCHMQABoMNjI4NzM5MTQwMzU2IgylHaq9VXBqdPex8fsqlwMzbTC5nczwsbUzXkpdw1MWndywQnjxp%2BnZoYcHMba6TGM57osVwt6hQoYxKA04co63FOr%2FtvhmmLGdphxeEGBPRjyTCNB%2Bdtr%2BwfKmjyls7WmBQF4jRMm2xPMUSd3EBnitCOpRvHPtp4xsuIX59QKCZmUNKBYIn2USx18mcSrWpI1emQGkmgewn9EOxUT168X9unNnvmUerokKgD5f1dZvpnIEmUyPYhYFCkJAdmLa5E5CIWe4UFfULLwDwTqYe6akqSAhBUeMrzWvebp7oXkER%2BymsmdGdAl4nFKNDtJ5suSkcGooliKsFhrHKEb1gN4UH%2FldPSFZqCEOayiWByk6SK7yEkhqI7wbc5Ufwv68AimpRddA5dU95kXUL3tgBYq5QcSeXStdd%2B6nQ3vRDBJx%2BETvR2dGOeZv%2Bu6p1iLaT5wnMgMcSnPQWCTja%2Bnf7Lp%2Bkmd4pR9yfTYaPa%2FVdblsVAXtfDURQ7wHwV6DJJavt26oUXNOOjEXg4FDraLzGSNWGFjMkbxLSBFNEyKBB9g3Hk8hV4YOwjC4%2BeX%2FBTrqAfEXoF92NloBKePOvKXzFcp8YT8yC0p35rXYqa0GA5d9ZNaGewFw6ks9VMUTSht3SZ2ns2qCYF6p73ISe88pgrUWGwFaxZnbNxP1dvfpNH3X9zQ9oVyjKfD9dwPfnOYpx6j48dZZhdgZ6n2H13h3Ckf7hmebHo7po%2BWrXkc8K1Bo07YSFyFMffieXBk0NvrBPGNGtKTEJ3m%2FfF4vkM4lnEN2xWaS0umgwMQrCqfhKD3Gpf%2BdglVJ2oBRHb3ho7dfie48ohpAd%2B6j752PjR2SuaA3Gokns8scHLBB7dvkGlmqb3vrX8TYsc7CZg%3D%3D&X-Amz-Signature=a992947e6682f66239d42c08a6b8ba2da136a572bc15a2184763846fd5a39504' -o '/home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py'

[goneri]

Thank you for reporting this. Can you submit a pull request with your change and a changelog entry (https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs)?

[goneri]

Sorry, I just realized the PR is actually already opened #352

[ramvalleru]

Thank you for reporting this. Can you submit a pull request with your change and a changelog entry (https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs)?

did the change to the changelogs and updated the code.

[ansibullbot]

cc @jillr @mikedlr @nathanwebsterdotme @ozbillwang @s-hertel @tremble @wimnat
click here for bot help