AccessDeniedException when access secretsmanager:GetSecretValue

Hi @alatech,

Thanks for the response.

Yes, I did. here my detail confirguration.

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "secretsmanager:", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys", "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "redshift:DescribeClusters", "tag:GetResources" ], "Effect": "Allow", "Resource": "" }, } ]

could you please give me correction, if i'm wrong?

Thank you.

Fyi, I can access secrets manager after build with above configuration, but I cannot access it in pre build.

Can you elaborate what you meant by pre build? At least I m glad the above suggested policy works

we are using apprunner.yaml. inside of it we have this configuration:

version: 1.0 runtime: nodejs14 build:

commands: pre-build: - n 14.18.3 // for update node version - yarn env // execute code to get SecretValue from secrets manager. .........

while we are doing 'yarn env'. the error appear as below: AccessDeniedException: User: arn:aws:sts::397674710086:assumed-role/bullet-system-build-role-5c8717b2af5c41ad8edf3268812503f0/AWSCodeBuild-1a0e8fed-51e8-4abc-b034-658a5af6cc6c is not authorized to perform: secretsmanager:GetSecretValue on resource:.....

Have you followed this? https://aws.amazon.com/about-aws/whats-new/2023/01/aws-app-runner-secrets-configuration-aws-secrets-systems-manager/ Your issue seems related to app rubber not being able to get the secret then. In particular, are you using environment variables to integrate with secret manager?

Also does the bullet-system-build-role has secret manager permission?