Skip to content

Comments

Fix: skip unopted-in AWS regions in aws_ec2 inventory plugin#2669

Open
armin-x86 wants to merge 3 commits intoansible-collections:mainfrom
armin-x86:fix-skip-disabled-regions
Open

Fix: skip unopted-in AWS regions in aws_ec2 inventory plugin#2669
armin-x86 wants to merge 3 commits intoansible-collections:mainfrom
armin-x86:fix-skip-disabled-regions

Conversation

@armin-x86
Copy link

@armin-x86 armin-x86 commented Jul 1, 2025
edited
Loading

Summary

This pull request improves the robustness of the amazon.aws.aws_ec2 dynamic inventory plugin by gracefully skipping AWS regions that are not opted-in or enabled in the account.

Currently, if a user includes disabled/not enabled regions on their aws account like ap-east-1 or me-south-1 in the regions: list of their inventory config, the plugin throws a misleading AuthFailure error, even though the credentials are valid.

This PR introduces a targeted ClientError handler that:

  • Checks if the error is an AuthFailure
  • Logs a clear warning
  • Skips the region instead of failing the entire inventory load

Before

[WARNING]: * Failed to parse inventory/aws_ec2.yml with auto plugin: Failed to describe instances: An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials

and no inventory was rendered because having not activated/disabled regions in the regions list.

After

[WARNING]: Region 'ap-east-1' is not enabled for this AWS account. Skipping.

Changelog

  • bugfixes:
    • gracefully skip AWS regions that are not opted-in (fix misleading AuthFailure) in aws_ec2 inventory plugin

⚠️ Heads up:

CI is failing due to unrelated warnings in docsite/CHANGELOG.rst (missing references to result and vpc_peering_connections). This appears unrelated to this PR, as it doesn't touch documentation or changelogs involving those terms.

armin-x86 added 3 commits July 2, 2025 01:02
@armin-x86
Fix: skip unopted-in AWS regions in aws_ec2 inventory plugin
29caa36
@armin-x86
renaming the changelog file
de9adf3 
Signed-off-by: armin-x86 <arminteymuri@gmail.com>
@armin-x86
removing old file
c511535 
Signed-off-by: armin-x86 <arminteymuri@gmail.com>
@softwarefactory-project-zuul
Copy link
Contributor

softwarefactory-project-zuul bot commented Jul 1, 2025

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/88e5559d62654a5aa42e164bae66ccb1

✔️ ansible-galaxy-importer SUCCESS in 5m 56s
✔️ build-ansible-collection SUCCESS in 11m 16s
✔️ ansible-test-splitter SUCCESS in 5m 09s
integration-amazon.aws-1 FAILURE in 19m 07s
Skipped 43 jobs

@armin-x86
Copy link
Author

armin-x86 commented Jul 2, 2025

Build failed. https://ansible.softwarefactory-project.io/zuul/buildset/88e5559d62654a5aa42e164bae66ccb1

✔️ ansible-galaxy-importer SUCCESS in 5m 56s ✔️ build-ansible-collection SUCCESS in 11m 16s ✔️ ansible-test-splitter SUCCESS in 5m 09s ❌ integration-amazon.aws-1 FAILURE in 19m 07s Skipped 43 jobs

my patch passes all linting and packaging tests. The integration-amazon.aws-1 job failed due to a symlink creation error (ln: failed to create symbolic link 'playbooks/roles/..': File exists), which seems unrelated to the plugin code change.

Could you please help re-run or advise if this is an infra issue?

@armin-x86
Copy link
Author

armin-x86 commented Nov 26, 2025

any chance to have it approved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@armin-x86