Fix/ssm bucket auth

changelogs/fragments/ssm-bucket.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - aws_ssm connection plugin - added support for an independent bucket region (https://github.com/ansible-collections/community.aws/pull/854).

plugins/connection/aws_ssm.py

@@ -48,6 +48,10 @@
     description: The name of the S3 bucket used for file transfers.
     vars:
     - name: ansible_aws_ssm_bucket_name
+  bucket_region:
+    description: The region of the S3 bucket used for file transfers.
+    vars:
+    - name: ansible_aws_ssm_bucket_region
   plugin:
     description: This defines the location of the session-manager-plugin binary.
     vars:
@@ -534,7 +538,11 @@ def _flush_stderr(self, subprocess):
 
     def _get_url(self, client_method, bucket_name, out_path, http_method, profile_name, extra_args=None):
         ''' Generate URL for get_object / put_object '''
-        region_name = self.get_option('region') or 'us-east-1'
+        region_name = self.get_option('bucket_region')
+        if region_name is None:
+            region_name = self.get_option('region')
+        if region_name is None:
+            region_name = 'us-east-1'
         client = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name)
         params = {'Bucket': bucket_name, 'Key': out_path}
         if extra_args is not None:

tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml

@@ -7,4 +7,5 @@ windows_ami_name: Windows_Server-2019-English-Full-Base-*
 # see:
 # - https://github.com/mattclay/aws-terminator/pull/181
 # - https://github.com/ansible-collections/community.aws/pull/763
-s3_bucket_name: ssm-encrypted-test-bucket
+s3_bucket_name: "{{ resource_prefix }}-ssm-encrypted-test-bucket"
+s3_bucket_region: us-west-2

tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml

@@ -109,10 +109,11 @@
         tags:
           ansible-test: '{{ resource_prefix }}'
 
-    # - name: Create S3 bucket
-    #   s3_bucket:
-    #     name: "{{resource_prefix}}-aws-ssm-s3"
-    #   register: s3_output
+    - name: Create S3 bucket
+      s3_bucket:
+        name: "{{ s3_bucket_name }}"
+        region: "{{ s3_bucket_region }}"
+      register: s3_output
 
     - name: Create Inventory file
       template:
@@ -138,11 +139,11 @@
         src: ec2_windows_vars_to_delete.yml.j2
       ignore_errors: yes
 
-    # - name: Create S3 vars_to_delete.yml
-    #   template:
-    #     dest: "{{playbook_dir}}/s3_vars_to_delete.yml"
-    #     src: s3_vars_to_delete.yml.j2
-    #   ignore_errors: yes
+    - name: Create S3 vars_to_delete.yml
+      template:
+        dest: "{{playbook_dir}}/s3_vars_to_delete.yml"
+        src: s3_vars_to_delete.yml.j2
+      ignore_errors: yes
 
     - name: Create IAM Role vars_to_delete.yml
       template:

tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2

@@ -21,6 +21,7 @@ aws_ssm_linux
 [aws_ssm:vars]
 ansible_connection=community.aws.aws_ssm
 ansible_aws_ssm_bucket_name={{s3_bucket_name}}
+ansible_aws_ssm_bucket_region={{s3_bucket_region}}
 ansible_aws_ssm_plugin=/usr/local/sessionmanagerplugin/bin/session-manager-plugin
 ansible_python_interpreter=/usr/bin/env python
 local_tmp=/tmp/ansible-local-

tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/s3_vars_to_delete.yml.j2

@@ -1,2 +1,2 @@
 ---
-#bucket_name: {{s3_output.name}}
+bucket_name: {{s3_output.name}}