Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

resource access to secrets manager for bitbucket sourceaction

See original GitHub issue
    // SourceAction
    const sourceAction = new BitBucketSourceAction({
        actionName: 'BitbucketSource',
        owner: 'ownername',
        repo: repoName,
        output: sourceOutputArtifact,
        connectionArn: SecretValue.secretsManager('BBCloudConnection').toString(),

This is what the source action looks like. I need it to be able to access connectionArn from SecretValue. It fails due to lack of permissions at the moment. Where should the resource permission be added? I am using the pipeline from

Action in deploymentPolicy looks as follows:

            - 'cloudformation:*'
            - 'iam:*'
            - 'lambda:*'
            - 'ecs:*'
            - 'ecr:*'
            - 'logs:*'
            - 'ec2:*'
            - 'ssm:*'
            - 'secretsmanager:*'

i.e have added ‘secretsmanager:*’ at the bottom

As of now, I get the following error if I use secretsManager:

17/49 | 2:14:10 a.m. | CREATE_FAILED | AWS::IAM::Policy | backend--854-pipeline-backend-setup-pipeline/Source/BitbucketSource/CodePipelineActionRole/DefaultPolicy (backendVLNCC854pipelinebackendsetuppipelineSourceBitbucketSourceCodePipelineActionRoleDefaultPolicy41F7C61D) Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 62b6fb1c-77b0-432c-b907-2e409ff7c538; Proxy: null)

The secret was created manually on console and has the following resource permissions:

{ “Version” : “2012-10-17”, “Statement” : [ { “Effect” : “Allow”, “Principal” : { “AWS” : “arn:aws:iam::1111111111:role/deployment-role” }, “Action” : “secretsmanager:GetSecretValue”, “Resource” : “*” } ] }

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (6 by maintainers)

github_iconTop GitHub Comments

skinny85commented, Dec 4, 2020

@s1mrankaur you can create your own Role, and pass it when creating the BitBucketSourceAction. For that Role, you can add any permissions you need.

Hope that helps!

Thanks, Adam

github-actions[bot]commented, Jan 20, 2021

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

Read more comments on GitHub >

github_iconTop Results From Across the Web

AWS::CodeBuild::SourceCredential - AWS CloudFormation
Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use AWS Secrets Manager to store ......
Read more >
allow read access to secretsmanagr in cdk pipeline
SourceAction const sourceAction = new BitBucketSourceAction({ actionName: ... As of now, I get the following error if I use secretsManager:.
Read more >
Use Amazon Secrets Manager to track database passwords or ...
The following related resources can help you as you work with managing secrets. Secrets Manager can rotate database credentials automatically, such as for ......
Read more >
Example Usage. resource "aws_codestarconnections_connection" "example" { name = "example-connection" provider_type = "Bitbucket" } resource ...
Read more >
Create a secret | Secret Manager Documentation | Google Cloud
Add a secret version. Secret Manager automatically versions secret data using secret versions, and most operations like access, destroy, disable, and enable ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found