- Newest
- Most votes
- Most comments
Hi Chris,
A probable reason is that you have not deployed the secret manager component to your device https://docs.aws.amazon.com/greengrass/v2/developerguide/secret-manager-component.html . If you're seeing this issue despite including this component in your deployment, could you share more details on if you see it started up properly or if there are any errors in greengrass.log / aws.greengrass.SecretManager.log ?
Thanks,
Shagupta
Hey Shagupta,
the secret manager is included and "running" in version 2.0.5 according to the console.
It however does not produce a log in /logs/
however in the log of my function i see this:
Failed due to: UnauthorizedError(message='Principal datashipper-DatashipperFunction-T4JRBU21QPQC is not authorized to perform aws.greengrass.SecretManager:aws.greengrass#GetSecretValue on resource arn:aws:secretsmanager:eu-west-1:111934086604:secret:greengrass-dil-psn-sc-lev-opcua-client-cert-664OZO').
however i have granted that specifically:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:eu-west-1:111934086604:secret:greengrass-dil-psn-sc-lev-opcua-client-cert-664OZO"
}
]
}
what am i missing?
-Chris
Hi Chris,
The IAM policy looks correct, however Greengrass IPC also requires authorization, you would need to configure the appropriate IPC authorization policy for your component.
Details on IPC authorization policy - https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-authorization-policies
Details on Secret Manager IPC operation to include in the authorization policy https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-secret-manager.html#ipc-secret-manager-authorization
If you've already done this, could you post the auth policy config and the content of your config.tlog/effectiveConfig.yaml file ?
Thanks,
Shagupta
Relevant content
- asked 2 years ago
- asked 2 years ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago