Unable to get secret for login to external private Container Registry

Question

Hi.  
I have to get an image from a private container registry with a login and password.  
I have set the secret in the Secrets Manager, but when I run the task I get:  
  
Asm fetching secret from the service for NXT/pwrdby_container_registry_login: AccessDeniedException: User: arn:aws:sts:::assumed-role/ecsTaskExecutionRole/1a7f048f27274767bef37a1e4b97f458 is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-east-1::secret: status code: 400, request id: a2e1d440-6aee-486f-a5d1-ae47b847ed42  
  
So, I went into the secrets manager and tried to edit the resource permissions to look like this:  
  
{  
   "Version":"2012-10-17",  
   "Statement":\[  
      {  
         "Effect":"Allow",  
         "Principal":{  
            "AWS":"590516527801"  
         },  
         "Action":"secretsmanager:GetSecretValue",  
         "Resource":"arn:aws:secretsmanager:us-east-1::secret:NXT/pwrdby_container_registry_login-DD5HwH"  
      }  
   ]  
}  
  
However, this comes back with the same issue.   
What am i doing wrong?

Answer

It turns out that in addition to the Secrets Manager setup, we had to setup IAM policies SecretManagerREadWrite to the TaskExecution role

Unable to get secret for login to external private Container Registry

Relevanter Inhalt