By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lambda is not authorized to perform: secretsmanager:GetSecretValue

0

I've setup the following policy on the my role.

{
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ",
            "Effect": "Allow"
        }

But I keep getting this error when my lamba website tries to startup. It's using .NET Core 2.1.

User: arn:aws:sts::354135999999:assumed-role/Dragnet-Beta-LambdaRole-1O22YYYYYYYYY/Dragnet-Beta-WebsiteLambda-11AZX4HXXXXXX is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ

I've used the policy simulator and when I paste in the ARN in the error message it says "Allowed". So I'm really confused as to why my Lambda can't get the secret.

I have triple checked the role and policy it's using are what are showing up in the error message and that the lambda is configured with the matching role.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
PaulMendoza
asked 5 years ago3806 views
1 Answer
0

Fixed it.

I just changed the memory size of the Lambda a little bit and Saved the change to force it to reload from cache. It then picked up the correct permissions and everything worked.

Thanks

PaulMendoza
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content