- Newest
- Most votes
- Most comments
Hello.
Is it possible for you to share the exact IAM policy you are using?
Is SecretsManager accessed from ECS by setting environment variables?
In that case, such an error may occur if the secret setting in the task definition is incorrect.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html
Hi,
I'd suggest that you decode the secret from your machine via CLI command get-secret-value. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/secretsmanager/get-secret-value.html
From the error message, it seems that you secret is badly formatted (one of the field has an incorrect value). You will see which ones when you decrypt your secret with the command above.
Best,
Didier
I followed the instructions you shared and could successfully decrypt the secret. It was properly formatted.
Relevant content
- asked 4 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 16 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
Im using a custom IAM policy which has the "secretsmanager:GetSecretValue", "kms:GenerateDataKey" and "kms:decrypt" actions allowed on the secret and encryption key resources. Yes, the SecretsManager secret value is accessed from ECS by setting environment variables during task creation. The json block is:
"containerDefinitions": [ { "name": "acme-container-prod-use2-ecs", "image": "730335305079.dkr.ecr.us-east-2.amazonaws.com/acme:2024", "cpu": 0, "portMappings": [ { "name": "443", "containerPort": 443, "hostPort": 443, "protocol": "tcp", "appProtocol": "http" } ], "essential": true, "environment": [ { "name": "AWS_REGION", "value": "us-east-2" }, { "name": "DB_SECRET_NAME", "value": "acme-db-prod-use2-secret" } }]
As per logs, the AWS_REGION value was successfully retrieved from the env variables but not the DB_SECRET_NAME.
The logs show this: Region: us-east-2, DBSecretName: Secret name Description Last retrieved (UTC) acme-db-prod-use2-secret.
So, its clear that the env var value is not getting fetched properly