Get not authorized to perform GetSecretValue, even though I set AWS_ACCESS_KEY_ID
RiddlerKnight opened this issue · 1 comments
RiddlerKnight commented
I use helm chart to deploy with this values.
env:
AWS_REGION: ap-southeast-1
AWS_DEFAULT_REGION: ap-southeast-1
POLLER_INTERVAL_MILLISECONDS: 8.64e+7
envVarsFromSecret:
AWS_ACCESS_KEY_ID:
secretKeyRef: iam-user-secret
key: id
AWS_SECRET_ACCESS_KEY:
secretKeyRef: iam-user-secret
key: access-key
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: db-connection-secret
spec:
backendType: secretsManager
data:
- key: db-connection
name: username
property: username
- key: db-connection
name: password
This is error that I got.
{"message":"User: arn:aws:iam::<xxxxxxxxxx>:user/<iam user name> is not authorized to perform: secretsmanager:GetSecretValue on resource: db-connection"
I have checked the secrets in controller pod is correct as I set in the chart values, but the user that controller use to perform GetSecretValue is incorrect. It use the iam user that I use to execute install the controller which is no permission to get the secret instead.
RiddlerKnight commented
Sorry, I found the problem is that I put the wrong access_key.