0

I'm trying to create a vpc using Saltstack and boto_vpc module. This is my state:

vpc_create:
  module.run:
    - name: boto_vpc.create
    - cidr_block: '10.0.0.0/24'
    - vpc_name: 'myVpc'
    - region: 'us-east-1'
    - key: 'ADJJDNEJFJGNFKFKFKIW'
    - keyid: 'SJDJNFNEJUWLLLCLCLENNRBFLGSLSLKEMFUHE'

The keys that I'm using are correct but I got this error:

[INFO    ] Running state [boto_vpc.create] at time 14:25:35.839797
[INFO    ] Executing state module.run for boto_vpc.create
[ERROR   ] EC2ResponseError: 401 Unauthorized
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>7cb74939-afda-4722-a31e-2855c5cbe16b</RequestID></Response>
[ERROR   ] {'ret': False}
[INFO    ] Completed state [boto_vpc.create] at time 14:25:35.882840
[DEBUG   ] File /var/cache/salt/minion/accumulator/49944656 does not exist, no need to cleanup.
[DEBUG   ] LazyLoaded highstate.output
[DEBUG   ] LazyLoaded nested.output
local:
----------
          ID: vpc_create
    Function: module.run
        Name: boto_vpc.create
      Result: False
     Comment: Module function boto_vpc.create executed
     Started: 14:25:35.839797
    Duration: 43.043 ms
     Changes:
              ----------
              ret:
                  False

Saltstack version:

Salt: 2015.5.0
         Python: 2.6.9 (unknown, Apr  1 2015, 18:16:00)
         Jinja2: 2.7.2
       M2Crypto: 0.21.1
 msgpack-python: 0.4.6
   msgpack-pure: Not Installed
       pycrypto: 2.6.1
        libnacl: Not Installed
         PyYAML: 3.10
          ioflo: Not Installed
          PyZMQ: 14.3.1
           RAET: Not Installed
            ZMQ: 3.2.5
           Mako: Not Installed

I tried with aws ec2 create-vpc --cidr-block 10.0.0.0/16 and works fine!

relopezz
  • 1
  • 3
  • I suggest removing/masking the actual AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID from the question – Ittiel Sep 07 '17 at 05:37
  • @Ittiel Those values were not real – relopezz Sep 11 '17 at 20:01
  • Check the System time as well, if the system time is not set we will get 401 unauthorized in Ansible while connecting to AWS with boto. -It worked for me as my system time is out of sync – Sarath Jan 24 '19 at 09:28

3 Answers3

0

The error says you have an auth failure:

AWS was not able to validate the provided access credentials

Double-check your credentials (access key / secret access key)

Vasili Syrakis
  • 4,435
  • 3
  • 21
  • 29
0

A few things here:

  1. You should use the vpc state module, as it'll do actions idempotently: http://docs.saltstack.com/en/develop/ref/states/all/salt.states.boto_vpc.html#module-salt.states.boto_vpc
  2. There's likely some bug with using key/keyid. You don't need to use it. You can use boto's environment variables, or boto's config file when calling salt. Please open a bug about the key/keyid issue.

Update: Seems 2015.5 doesn't have the state module, which is unfortunate. You can backport the state module and updated execution module to 2015.5, though: http://ryandlane.com/blog/2015/06/03/using-development-branch-saltstack-python-modules-in-the-stable-release/

Ryan Lane
  • 1
0

The problem was related to the keys. (my error, so silly) In this case key is referring to the AWS_SECRET_ACCESS_KEY and keyid to AWS_ACCESS_KEY_ID

relopezz
  • 1
  • 3