AWS ECS provisioned with terraform fails with access to SecretsManager
Options
mwarren9
Community Member
in SCIM Bridge
I've run the terraform example for deployment to AWS ECS Fargate and the provisioning went fine.
When the ECS service/task runs, it continually fails with: [redactions as appropriate]
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-1:00000000000:secret:op-scim-bridge000000000000000000-xxxxxx from secrets manager: RequestCanceled: request context canceled caused by: context deadline exceeded. Please check your task network configuration.
- The IAM role is present and applied to the ECS deploy
- Tried with both default secretsmanager endpoint and a VPC Endpoint attachment
- Subnet is public with gateway, routing to internet or internal VPC Endpoint.
- a linux host on same subnet can curl the sm endpoint just fine.
- Secret is present in SM.
- SCIM Bridge version is 2.8.1
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
0
Comments
-
To close the loop for the community...
AWS support suggested setting the outbound SecurityGroup to an "any/any" instead of the provided limit of destination port 443 only. This allowed the task to start, which he agreed is an illogical set of conditions.
I may experiment further, but I need to get on with setting up SCIM.
0
This discussion has been closed.