When you’re working a Fargate job and it’s not capable of learn secrets and techniques from AWS Secret Supervisor, there are some things you may verify:
-
Confirm that the Fargate job has the proper IAM permissions to entry the key. It is advisable to grant the duty the secretsmanager:GetSecretValue permission for the particular secret that it must entry. You are able to do this by including the mandatory permission to the duty execution function, or by making a separate IAM function and attaching it to the duty.
-
Test that the key title and ARN are right. You may verify this by checking the key title and ARN within the AWS Secret Supervisor console or through the use of the AWS CLI.
-
Make it possible for the key is in the identical area because the Fargate job. Secrets and techniques are regional sources and might solely be accessed from throughout the similar area.
-
Test the VPC configuration of your Fargate job. In case your job is working in a VPC with a non-public subnet, chances are you’ll have to configure VPC endpoints for Secrets and techniques Supervisor to permit the duty to entry the service.
-
Test the community configuration of your Fargate job. In case your job is working in a non-public subnet and must entry the web to achieve the Secrets and techniques Supervisor service, chances are you’ll have to configure NAT gateways or proxies.
-
Confirm that the setting variables or container definitions in your job definition are arrange appropriately. Be certain that the key is referenced utilizing the proper syntax, corresponding to
${secretsmanager:my-secret:secret-string:password}.
If none of those steps assist to resolve the difficulty, chances are you’ll have to allow further logging and debugging to establish the basis reason behind the issue.
