https://github.com/ansible-collections/amazon.aws/issues/1606

1. 1. 1. Summary

When I try to execute a Playbook on my EC2 instance, I get the following error

```
Failed to describe instances: Error
loading SSO Token: Token for https://test.awsapps.com/start does not exist
```

1. 1. 1. Issue Type

Bug Report

1. 1. 1. Component Name

Plugin : amazon.aws.aws_ec2

1. 1. 1. Ansible Version

```console (paste below)
$ ansible --version
ansible [core 2.14.6]
config file = /home/user/Documents/company/gitlab/devops/ansible/ansible.cfg
configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/user/.local/lib/python3.10/site-packages/ansible
ansible collection location = /home/user/Documents/company/gitlab/devops/ansible/.ansible/collections:/home/user/.ansible/collections:/usr/share/ansible/collections
executable location = /home/user/.local/bin//ansible
python version = 3.10.6 (main, May 29 2023, 11:10:38) [GCC 11.3.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
```

1. 1. 1. Collection Versions

```console (paste below)
$ ansible-galaxy collection list

Collection Version
-------------------- -------
amazon.aws 6.1.0
ansible.posix 1.5.4
community.docker 3.4.6
community.general 7.0.1
community.postgresql 2.4.1
```

1. 1. 1. AWS SDK versions

```console (paste below)
$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.24.90
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/user/.local/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
—
Name: botocore
Version: 1.27.90
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/user/.local/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
```

1. 1. 1. Configuration

```console (paste below)
$ ansible-config dump --only-changed
ANSIBLE_FORCE_COLOR(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = True
ANSIBLE_PIPELINING(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = True
CALLBACKS_ENABLED(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = ['timer', 'profile_roles']
COLLECTIONS_PATHS(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = ['/home/user/Documents/company/gitlab/devops/ansible/.ansible/collections', '/home/user/.ansible/collections', '/usr/share/ansible/collections']
CONFIG_FILE() = /home/user/Documents/company/gitlab/devops/ansible/ansible.cfg
DEFAULT_FORKS(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = 50
DEFAULT_HOST_LIST(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = ['/home/user/Documents/company/gitlab/devops/ansible/inventories/company']
DEFAULT_ROLES_PATH(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = ['/home/user/Documents/company/gitlab/devops/ansible/roles/common', '/home/user/Documents/company/gitlab/devops/ansible/roles/specific', '/usr/share/ansible/roles', '/home/user/.ansible/roles', '/etc/ansible/roles']
DEFAULT_VAULT_PASSWORD_FILE(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = /home/user/.ansible/ansible-vault-pass-client
DIFF_ALWAYS(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = True
HOST_KEY_CHECKING(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = /usr/bin/python3
RETRY_FILES_ENABLED(/home/user/Documents/company/gitlab/devops/ansible/ansible.cfg) = False
```

1. 1. 1. OS / Environment

Ubuntu 22.04

1. 1. 1. Steps to Reproduce

*inventories/company-interne.aws_ec2.yml*
```yaml
plugin: amazon.aws.aws_ec2
aws_profile: company-interne
regions:

• eu-west-3
  keyed_groups:
• key: tags['Ansible_group'].split(':')
  separator: ""
  filters:
  instance-state-name: running
  ip-address: "*" # Get only instances with public IP
  exclude_filters:
• tag:Name:
• agent-*
  hostnames:
• tag:Name
  compose:
  ansible_host: public_ip_address
  ```

*~/.aws/config*
```yaml
[profile company-interne]
sso_account_id = 12345678912
region = eu-west-3
sso_start_url = https://test.awsapps.com/start
sso_role_name = AWSReadOnly
sso_region = eu-west-3

```

Command to run :

```console
ansible all --list-hosts
```

1. 1. 1. Expected Results

I expected to get my dynamic inventory using an AWS Identity Center account

1. 1. 1. Actual Results

```console (paste below)
[WARNING]: * Failed to parse /home/user/Documents/company/gitlab/devops/ansible/inventories/company/company-interne.aws_ec2.yml with auto plugin: Failed to describe instances: Error
loading SSO Token: Token for https://test.awsapps.com/start does not exist
[WARNING]: * Failed to parse /home/gregorylecomte/Documents/company/gitlab/devops/ansible/inventories/company/company-interne.aws_ec2.yml with yaml plugin: Plugin configuration YAML file, not
YAML inventory
[WARNING]: * Failed to parse /home/user/Documents/company/gitlab/devops/ansible/inventories/company/company-interne.aws_ec2.yml with ini plugin: Invalid host pattern 'plugin:'
supplied, ending in ':' is not allowed, this character is reserved to provide a port.
[WARNING]: Unable to parse /home/user/Documents/company/gitlab/devops/ansible/inventories/company/company-interne.aws_ec2.yml as an inventory source
hosts (0):
```

1. 1. 1. Code of Conduct

• [X] I agree to follow the Ansible Code of Conduct