aws_rds "InvalidParameterValue", "message": "The parameter MasterUsername must be provided and must not be blank

[AdrianHammond]

Summary

Using the community.aws.rds_instance to create an RDS. I am running the playbook in GitHub action workflow.

All works when passing master_username and master_user_password as playbook variable (commented out in playbook that I provided in this issue).

I get following error when I try to pass as environment variable from a GitHub secret.

fatal: [localhost]: FAILED! => {"boto3_version": "1.28.56", "botocore_version": "1.31.56", "changed": false, "error": {"code": "InvalidParameterValue", "message": "The parameter MasterUsername must be provided and must not be blank.", "type": "Sender"}, "msg": "Unable to create DB instance: An error occurred (InvalidParameterValue) when calling the CreateDBInstance operation: The parameter MasterUsername must be provided and must not be blank.", "response_metadata": {"http_headers": {"connection": "close", "content-length": "320", "content-type": "text/xml", "date": "Thu, 28 Sep 2023 05:37:42 GMT", "strict-transport-security": "max-age=31536000", "x-amzn-requestid": "14a49b9e-6c27-4e97-89de-4e223b3b24ec"}, "http_status_code": 400, "request_id": "14a49b9e-6c27-4e97-89de-4e223b3b24ec", "retry_attempts": 0}}

Issue Type

Bug Report

Component Name

community.aws.rds_instance

Ansible Version

$ ansible --version

ansible [core 2.13.12]
config file = None
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/hostedtoolcache/Python/3.8.18/x64/bin/ansible
python version = 3.8.18 (default, Aug 28 2023, 08:27:22) [GCC 11.4.0]
jinja version = 3.1.2
libyaml = True

Collection Versions

$ ansible-galaxy collection list

AWS SDK versions

$ pip show boto boto3 botocore

WARNING: Package(s) not found: boto
Name: boto3
Version: 1.28.57
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:

Name: botocore
Version: 1.31.57
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

shell: /usr/bin/bash -e {0}
env:
pythonLocation: /opt/hostedtoolcache/Python/3.8.18/x64
LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.8.18/x64/lib

OS / Environment

GitHub Runner using Ubuntu

VERSION="22.04.3 LTS

Steps to Reproduce

create RDS playbook

---
- name: "Create RDS instance"
  hosts: localhost
  vars: 
# TODO: MOVE DB Master USERNAME and PASSWORD into GIT SECRET. Currently issue as blank variable being passed  
#    master_username: #####
#    master_user_password: ########
    allocated_storage: 10 
    DB_ENGINE: "mariadb"
    DB_ID: "CFI-validator-db"
    DB_AWS_REGION: "us-east-2"
  
    
  tasks:
  - name: Create a new DB instance in RDS/AWS in the default VPC
    community.aws.rds_instance:
      aws_region: "{{ DB_AWS_REGION }}"
      id: "{{ DB_ID }}"
      state: present
      engine: "{{ DB_ENGINE }}"
      storage_encrypted: True
      db_instance_class: db.t2.medium
      allocated_storage: "{{ allocated_storage }}"
# TODO: MOVE DB Master USERNAME and PASSWORD into GIT SECRET. Currently issue as blank variable being passed
#      master_username: "{{ master_username }}"
#      master_user_password: "{{ master_user_password }}"

    register: dbdetails

  - name: Print the details of the database
    debug:
      var: dbdetails

GitHub workflow

name: deploy_validate_destroy_rds

on:
  push:
    branches:
      - dev  # Adjust this to your main branch name

jobs:
  deploy:
    name: deploy
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: 3.8  # Use the desired Python version

    - name: Install Ansible and botocore
      run: |
        python -m pip install --upgrade pip
        pip install ansible
        pip install boto3 botocore



    - name: Run Ansible playbook
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        MASTER_USERNAME: ${{ secrets.MASTER_USERNAME}}
        MASTER_USER_PASSWORD: ${{ secrets.MASTER_USER_PASSWORD}}

      run: ansible-playbook -e "aws_access_key=$AWS_ACCESS_KEY_ID aws_secret_key=$AWS_SECRET_ACCESS_KEY master_username=$MASTER_USERNAME master_user_password=$MASTER_USER_PASSWORD" ansible/create-rds-db.yaml
      

Expected Results

I expected the gutHub Secret ro be passed to the playbook using the -e option when the playbook is run

Run ansible-playbook -e "aws_access_key=$AWS_ACCESS_KEY_ID aws_secret_key=$AWS_SECRET_ACCESS_KEY master_username=$MASTER_USERNAME" ansible/create-rds-db.yaml

Actual Results

Run ansible-playbook -e "aws_access_key=$AWS_ACCESS_KEY_ID aws_secret_key=$AWS_SECRET_ACCESS_KEY master_username=$MASTER_USERNAME master_user_password=$MASTER_USER_PASSWORD" ansible/create-rds-db.yaml
  
Warning: : No inventory was parsed, only implicit localhost is available
Warning: : provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'

PLAY [Create RDS instance] *****************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Create a new DB instance in RDS/AWS in the default VPC] ******************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the CreateDBInstance operation: Invalid master password
fatal: [localhost]: FAILED! => {"boto3_version": "1.28.57", "botocore_version": "1.31.57", "changed": false, "error": {"code": "InvalidParameterValue", "message": "Invalid master password", "type": "Sender"}, "msg": "Unable to create DB instance: An error occurred (InvalidParameterValue) when calling the CreateDBInstance operation: Invalid master password", "response_metadata": {"http_headers": {"connection": "close", "content-length": "275", "content-type": "text/xml", "date": "Mon, 02 Oct 2023 10:28:24 GMT", "strict-transport-security": "max-age=3[15](https://github.com/AdrianHammond/cfi-ccc-relational.db/actions/runs/6378936423/job/17310449970#step:5:16)36000", "x-amzn-requestid": "5948a705-ab3f-454b-a8cf-d57073f679b1"}, "http_status_code": 400, "request_id": "5948a705-ab3f-454b-a8cf-d57073f679b1", "retry_attempts": 0}}

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Error: Process completed with exit code 2.

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[AdrianHammond]

Closing as resolved issue, error in playbook.