Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(aws-secretsmanager): grant read fails when secret is fetched using fromSecretNamev2
See original GitHub issueWhat is the problem?
I have manually created a secret named “SECRET-NAME” in SecretsManager and need to request it in one of my stacks, I’m doing it like so:
secret = SMSecret.from_secret_name_v2(
self, "Secret", "SECRET-NAME"
)
When I grant read access to a role like so:
secret.grant_read(role)
It generates the wrong access:
[ ] {
[ ] "Action": [
[+] "secretsmanager:GetSecretValue",
[+] "secretsmanager:DescribeSecret"
[+] ],
[+] "Effect": "Allow",
[+] "Resource": {
[+] "Fn::Join": [
[+] "",
[+] [
[+] "arn:",
[+] {
[+] "Ref": "AWS::Partition"
[+] },
[+] ":secretsmanager:eu-central-1:726654634199:secret:SECRET-NAME-??????"
[+] ]
[+] ]
[+] }
[+] },
Reproduction Steps
Create a manual secret without the secretsmanager added suffix and request it from within your code.
What did you expect to happen?
I would have expected my role to have read access to the role
What actually happened?
A non-existing ARN was used as the secret ARN in the policy
CDK CLI Version
2.0.0-rc.33
Framework Version
No response
Node.js Version
14.16.0
OS
Arch Linux
Language
Python
Language Version
Python 3.9.9
Other information
No response
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:19 (11 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’ll try to reproduce this next week at some point. Thanks for the find @CarsonF
Here’s the doc that explains it