Hello,
I am using the .NET AWSSDK to build my app, and I'm trying to use Secrets Manager. I've configured a programatic access user for the SDK, created an IAM role that allows access to the secret in question on the "GetSecretValue" action and ran it in code, but it throws an unauthorized exception.
I've double-checked the SDK's region, it is set correctly to eu-central-1
.
I've used IAM Simulator, and it shows up as "allowed".
The secret itself has no policies set on itself.
I've also looked at https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html, but found no good answer.
Amazon.SecretsManager.AmazonSecretsManagerException: User: arn:aws:iam::<ACCT_ID>:user/<USER> is not authorized to perform: secretsmanager:GetSecretValue on resource: <SECRET_NAME> because no identity-based policy allows the secretsmanager:GetSecretValue action
The IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:eu-central-1:<ACCT_ID>:secret:<SECRET_NAME>"
}
]
}
Any help is appreciated.
Thank you,
Andrei