1 Answer
- Newest
- Most votes
- Most comments
0
Thank you for the detailed description.
resolving SecretsManager's IP to an IP that is internal to our VPC
is an indication that you might have deployed Secrets Manager VPC endpoint [1] in your VPC. If this is the case, you might want to review the security group [2], as well as the endpoint policy, associated with this endpoint to make sure that they both allow your container's IP to connect through.
[1] https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html
answered 2 years ago
Relevant content
- asked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hello - I'm a colleague of @mressler - we are utilizing a VPC endpoint for secrets manager. We believe that our instances should have access both via manual checking, and by using AWS's Reachability Analyzer to ensure that there is a successful path from EB instance to Secrets Manager VPC Endpoint. Are there any other suggestions for troubleshooting this issue? Edit: I just tried using port 443 on the analyzer and it is now saying Not reachable - I will investigate this further. Edit2: I've added a rule to allow that traffic through for port 443 over IPV4 and we're now seeing that connection work properly. Though, now I'm confused why the IPV6 rule didn't catch this.