get secret from secrets manager returns none | elastic beanstalk | flask

Issue

Problem: get_secret() returns none.

Landscape:

AWS provides a template function which works fine locally when I try it out in the terminal.

What I have done:

I added return json.loads(get_secret_value_response["SecretString"]) so get_secret() returns a value if successful.

I have attached a policy to the secret in secrets manager.

{
  "Version" : "2012-10-17",
  "Statement" : [ {
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::__owner_id__:role/aws-elasticbeanstalk-service-role"
    },
    "Action" : "secretsmanager:GetSecretValue",
    "Resource" : "*"
  } ]
}

and I have attached a policy to the role aws-elasticbeanstalk-service-role.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:eu-west-1:__owner_id__:secret:route/to/scret-123"
        }
    ]
}

Solution

aws-elasticbeanstalk-service-role is for EB service itself. You should be using role associated with your EB instance profile. The default role is aws-elasticbeanstalk-ec2-role, but you may have used different role in your setup, so you have to double check that.

Answered By – Marcin

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published