obtain_session_token.yaml

- hosts: "all:&{{ limit_hosts|default('all') }}"
  gather_facts: False
  tasks:
    - name: Check existing token age
      find:
        age: -1h
        paths: "{{ inventory_dir }}/group_vars/all"
        pattern: "aws_sts_token.yaml"
      run_once: True
      delegate_to: localhost
      delegate_facts: True
      register: sts_token_file_info
    - block:
        - name: "Get mfa_code"
          block:
            - pause:
                prompt: mfa_code
              register: mfa_code_prompt
              run_once: True
            - set_fact:
                mfa_code: "{{ mfa_code_prompt.user_input }}"
              run_once: True
          when: mfa_code is not defined
        - name: Load static access keys
          include_vars: "{{ static_aws_key_vault }}"
          no_log: True
          run_once: True
        - sts_session_token:
            duration_seconds: 4500
            region: "{{ aws_region }}"
            mfa_serial_number: "{{ mfa_token_arn }}"
            mfa_token: "{{ mfa_code }}"
            aws_access_key: "{{ static_aws_access_key }}"
            aws_secret_key: "{{ static_aws_secret_key }}"
          register: session_creds
          changed_when: False
          no_log: True
          run_once: True
        - name: aws_sts_token.yaml
          template:
            src: templates/aws_sts_token.yaml.j2
            dest: "{{ inventory_dir }}/group_vars/all/aws_sts_token.yaml"
            mode: 0600
          no_log: True
          run_once: True
        - name: "Load New STS Token Facts"
          include_vars:
            file: "{{ inventory_dir }}/group_vars/all/aws_sts_token.yaml"
          no_log: True
      when: "not hostvars['localhost'].sts_token_file_info.files|length|bool"
    - name: "Load STS Token Facts"
      include_vars:
        file: "{{ inventory_dir }}/group_vars/all/aws_sts_token.yaml"
      no_log: True
      when: "secure_token is not defined"