Get not authorized to perform GetSecretValue, even though I set AWS_ACCESS_KEY_ID

Question

Get not authorized to perform GetSecretValue, even though I set AWS_ACCESS_KEY_ID

RiddlerKnight opened this issue 3 years ago · 1 comments

I use helm chart to deploy with this values.

env:
  AWS_REGION: ap-southeast-1
  AWS_DEFAULT_REGION: ap-southeast-1
  POLLER_INTERVAL_MILLISECONDS: 8.64e+7
envVarsFromSecret:
  AWS_ACCESS_KEY_ID:
    secretKeyRef: iam-user-secret
    key: id
  AWS_SECRET_ACCESS_KEY:
    secretKeyRef: iam-user-secret
    key: access-key

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: db-connection-secret
spec:
  backendType: secretsManager
  data:
    - key: db-connection
      name: username
      property: username
    - key: db-connection
      name: password

This is error that I got.

{"message":"User: arn:aws:iam::<xxxxxxxxxx>:user/<iam user name> is not authorized to perform: secretsmanager:GetSecretValue on resource: db-connection"

I have checked the secrets in controller pod is correct as I set in the chart values, but the user that controller use to perform GetSecretValue is incorrect. It use the iam user that I use to execute install the controller which is no permission to get the secret instead.

Answer 1 · 2021-07-29T09:37:57.000Z

Sorry, I found the problem is that I put the wrong access_key.