.NET AWS SDK Secrets Manager Unauthorized

0

Hello,

I am using the .NET AWSSDK to build my app, and I'm trying to use Secrets Manager. I've configured a programatic access user for the SDK, created an IAM role that allows access to the secret in question on the "GetSecretValue" action and ran it in code, but it throws an unauthorized exception.

I've double-checked the SDK's region, it is set correctly to eu-central-1.

I've used IAM Simulator, and it shows up as "allowed".

The secret itself has no policies set on itself.

I've also looked at https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html, but found no good answer.

Amazon.SecretsManager.AmazonSecretsManagerException: User: arn:aws:iam::<ACCT_ID>:user/<USER> is not authorized to perform: secretsmanager:GetSecretValue on resource: <SECRET_NAME> because no identity-based policy allows the secretsmanager:GetSecretValue action

The IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:eu-central-1:<ACCT_ID>:secret:<SECRET_NAME>"
        }
    ]
}

Any help is appreciated.

Thank you, Andrei

1 Answer
2
Accepted Answer

Turns out it was a PEBCAK situation.

I was unaware that the ARN of the secret is different from it's name. Fixing that in the IAM policy fixed the issue.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions