By using AWS re:Post, you agree to the AWS re:Post Terms of Use

I'm executing the ECS task within the private subnets alongside the NAT gateway, but I'm encountering an error when attempting to retrieve values from the Secret Manager

0

I'm executing the ECS task within the private subnets alongside the NAT gateway. However, I encountered a 'Secret Manager retrieve value failed' error after creating the endpoint from ECS to Secret Manager, which resolved the issue. Surprisingly, when opting for the public subnet, the role alone suffices. My query pertains to why the ECS in the private subnet requires an endpoint connection to Secret Manager.

1 Answer
0

It sounds like your Private subnet does not have a route to a NAT Gateway in a public Subnet.

profile picture
EXPERT
answered 8 months ago
  • The private subnets also have a nat gateway

  • What Subnet is the Nat Gateway on?

  • Yes, If i using the custom policy in the ecs task-definition I getting the "ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 1 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-2:117416794335:secret:SubscriptionApp/Stage/ENV-Credentials-3sS4z9 from secrets manager: AccessDeniedException: User: arn:aws:sts::117234594535:assumed-role/ecsTaskExecutionRole/0fdf743dd51140d2ac90866333e52bdc is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-east-2:117416794335:secret:SubscriptionApp/1/env-Credentials-3sS4z9 because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400, request id: 1146aef6-1521-47a7-9644-0faabba028b1"

  • Thanks for your error message.. Looks like a Policy issue then?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions