Problem: get_secret() returns none.
Landscape:
AWS provides a template function which works fine locally when I try it out in the terminal.
What I have done:
I added return json.loads(get_secret_value_response["SecretString"]) so get_secret() returns a value if successful.
I have attached a policy to the secret in secrets manager.
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::__owner_id__:role/aws-elasticbeanstalk-service-role"
},
"Action" : "secretsmanager:GetSecretValue",
"Resource" : "*"
} ]
}
and I have attached a policy to the role aws-elasticbeanstalk-service-role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:eu-west-1:__owner_id__:secret:route/to/scret-123"
}
]
}
>Solution :
aws-elasticbeanstalk-service-role is for EB service itself. You should be using role associated with your EB instance profile. The default role is aws-elasticbeanstalk-ec2-role, but you may have used different role in your setup, so you have to double check that.