[Bug]: Newly created ECS task unable to perform secretsmanager:GetSecretValue action due to IAM Eventual Consistency #5984
Labels
type/bug
Issues that are bugs.
Comments
rickychew77
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
Raised AWS Support ticket on this manner and they reverted this is due to Eventual Consistency for IAM policy. I have been using AWS Copilot for quite some times and haven't gotten this issue only during recent deployment of new stack.
Details:
AccessDeniedException because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400. The secrets manager had the resource tagging that complies with the IAM policy from AWS Copilot. It was also tested with IAM simulator that the execution role of the task was able to perform the
GetSecretValueaction on the said secrets manager.Observed result:
AccessDeniedException because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400 when running copilot svc deploy
Expected result:
Able to retrieve the secrets for deployments
The text was updated successfully, but these errors were encountered: