lookup environment variables aws_ec2.yml file

[chandrakanthkannam]

Summary

I'm trying to lookup environment variables in aws_ec2.yml file but the lookup seems to be not working as expected, is this something intentionally not allowed?

Issue Type

Bug Report

Component Name

ec2_instnace

Ansible Version

$ ansible --version
ansible [core 2.15.2]
  config file = /Users/<user>/.ansible.cfg
  configured module search path = ['/Users/<user>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/<user>/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.11.6 (main, Oct  2 2023, 20:46:14) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/opt/homebrew/opt/python@3.11/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /Users/<user>/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
amazon.aws            6.5.0  
ansible.windows       2.0.0  
awx.awx               21.0.0 
chocolatey.chocolatey 1.5.1  
community.mysql       3.7.2  
community.windows     2.0.0  
lowlydba.sqlserver    0.7.0  
microsoft.ad          1.4.1  ****

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto3
Version: 1.28.21
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /opt/homebrew/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.31.21
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /opt/homebrew/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: aws-secretsmanager-caching, boto3, **s3transfer**

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = /Users/<user>/.ansible.cfg
PAGER(env: PAGER) = less

OS / Environment

macOS Ventura Version 13.6.2 (22G320)

Steps to Reproduce

plugin: aws_ec2
assume_role_arn: "arn:aws:iam::{{ lookup('env', 'AWS_ACCOUNT_ID') | default('XXXXXXXXXXX', true) }}:role/ansible-manager"
regions:
  - "{{ lookup('env', 'AWS_REGION') | default('us-east-1', true) }}"

i have this yml file which is something i was expecting it would lookup the env variables and get the authorization

Expected Results

Expected result that lookup would happen and assume role/region would get set right, instead it is being parsed as plain text and lookup is not being recognized is what i understand looking at the result below

Actual Results

aws_ec2.yml with auto plugin: An error occurred (AccessDenied) when calling the AssumeRole operation: User:
<UserName> is not
authorized to perform: sts:AssumeRole on resource: arn:aws:iam::{{ lookup('ansible.builtin.env', 'AWS_ACCOUNT_ID') |
default('XXXXXXXXXXX', True) }}:role/ansible-manager

aws_ec2.yml with auto plugin: Couldn't connect to AWS: Provided region_name '{{ lookup('env', 'AWS_REGION') |
default('us-east-1', true) }}' doesn't match a supported format.

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[abikouo]

Hi @chandrakanthkannam, I have submitted a PR to fix that issue, could you please try to run with code from #1980 ? thanks