Unable to get secret for login to external private Container Registry

0

Hi.
I have to get an image from a private container registry with a login and password.
I have set the secret in the Secrets Manager, but when I run the task I get:

Asm fetching secret from the service for NXT/pwrdby_container_registry_login: AccessDeniedException: User: arn:aws:sts::<id>:assumed-role/ecsTaskExecutionRole/1a7f048f27274767bef37a1e4b97f458 is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-east-1:<id>:secret:<secrete name> status code: 400, request id: a2e1d440-6aee-486f-a5d1-ae47b847ed42

So, I went into the secrets manager and tried to edit the resource permissions to look like this:

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"AWS":"590516527801"
},
"Action":"secretsmanager:GetSecretValue",
"Resource":"arn:aws:secretsmanager:us-east-1:<id>:secret:NXT/pwrdby_container_registry_login-DD5HwH"
}
]
}

However, this comes back with the same issue.
What am i doing wrong?

asked 4 years ago351 views
1 Answer
0

It turns out that in addition to the Secrets Manager setup, we had to setup IAM policies SecretManagerREadWrite to the TaskExecution role

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions