- Newest
- Most votes
- Most comments
Hi, is your CLI profile properly authorized to access the KMS key (you do not mention it but I guess that you have one) protecting your secret and to access the secret itself? That may be the cause of the issue. So, try to grant wide authorizations Action:* and Resource:* for both KMS and SM to you CLI profile to see if issue disappear. And then, tighten Action and Resource back to least privilege.
Hope it helps!
Didier
Ok, I tried adding the policies
SecretsManagerReadWrite
andAWSKeyManagementServicePowerUser
to the role associated with the credentials, but it returns the same error. It is worth mentioning, that I have another set of credentials that return the secret just fine AND a third set that is not authorized and thus returns an apporiate "not authorized" error. It seems to be specific for the auto generated credentials (generated by installing the Systems Manager Green Grass component on the edge device). The only difference (beside roles and access level) seems to be that the ssm-iot-gg AWS credential set has aaws_session_token
in addition toaws_access_key_id
andaws_secret_access_key
.I managed to succeed. The trick was to manually add the ssm-iot-gg profile in the .aws/config file (this is not done by default by installing the green grass component for some reason).
Relevant content
- asked 4 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 11 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi Lasse, glad to see you resolved your issue. Just curious - could you describe the general use case here? Also, why can't you use Secrets Manager directly?