I've setup the following policy on the my role.
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": "arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ",
"Effect": "Allow"
}
But I keep getting this error when my lamba website tries to startup. It's using .NET Core 2.1.
User: arn:aws:sts::354135999999:assumed-role/Dragnet-Beta-LambdaRole-1O22YYYYYYYYY/Dragnet-Beta-WebsiteLambda-11AZX4HXXXXXX is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ
I've used the policy simulator and when I paste in the ARN in the error message it says "Allowed". So I'm really confused as to why my Lambda can't get the secret.
I have triple checked the role and policy it's using are what are showing up in the error message and that the lambda is configured with the matching role.