copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

[Bug]: Newly created ECS task unable to perform secretsmanager:GetSecretValue action due to IAM Eventual Consistency

Open rickychew77 opened this issue 1 year ago • 0 comments

Description:

Raised AWS Support ticket on this manner and they reverted this is due to Eventual Consistency for IAM policy. I have been using AWS Copilot for quite some times and haven't gotten this issue only during recent deployment of new stack.

Details:

AccessDeniedException because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400. The secrets manager had the resource tagging that complies with the IAM policy from AWS Copilot. It was also tested with IAM simulator that the execution role of the task was able to perform the GetSecretValue action on the said secrets manager.

Observed result:

AccessDeniedException because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400 when running copilot svc deploy

Expected result:

Able to retrieve the secrets for deployments

rickychew77 avatar Nov 18 '24 02:11 rickychew77