- Newest
- Most votes
- Most comments
I have to agree with you.. Reading the SDK, it seems the GetSecretValue only supports the current region where the call is made from. As with the CLi, you have to specify the region even if the full ARN is supplied.
I believe you would need to connect to the endpoint in the region where the secret is located.
This is very similar to how the console works when you switch regions.
Hi,
the best practice is rather to replicate your secret to all relevant regions as per: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
If you later need to, you can promote a replica secret to a standalone and then set it up for replication independently.
It is better than switching endpoint to another region if you need to ensure regional data locality for your compliance.
Best,
Didier
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 19 days ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
Even with replicated secrets, we need to create corresponding region SecretsManagerClient to access the secret. This is no global SecretsManagerClient. That would have been a useful feature. Any idea if such a feature is in development ?
Yeah that seems to be how it is. Most services are regional apart from say IAM which is global. I cant comment if its in feature development, I dont work for AWS or have the ability to find this out im afraid.