AWS ECS provisioned with terraform fails with access to SecretsManager

Question

I've run the terraform example for deployment to AWS ECS Fargate and the provisioning went fine.

When the ECS service/task runs, it continually fails with: [redactions as appropriate]

ResourceInitializationError: 
unable to pull secrets or registry auth: 
execution resource retrieval failed: 
unable to retrieve secret from asm: 
service call has been retried 5 time(s): 
failed to fetch secret arn:aws:secretsmanager:us-east-1:00000000000:secret:op-scim-bridge000000000000000000-xxxxxx from secrets manager: 
RequestCanceled: request context canceled caused by: context deadline exceeded. 
Please check your task network configuration.

The IAM role is present and applied to the ECS deploy
Tried with both default secretsmanager endpoint and a VPC Endpoint attachment
Subnet is public with gateway, routing to internet or internal VPC Endpoint.
a linux host on same subnet can curl the sm endpoint just fine.
Secret is present in SM.
SCIM Bridge version is 2.8.1

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Answer

To close the loop for the community...

AWS support suggested setting the outbound SecurityGroup to an "any/any" instead of the provided limit of destination port 443 only. This allowed the task to start, which he agreed is an illogical set of conditions.

I may experiment further, but I need to get on with setting up SCIM.

Forum Discussion

AWS ECS provisioned with terraform fails with access to SecretsManager

Recent Discussions

Trouble getting document items in Kubernetes with 1P Connect Operator

Is it possible to select the SSH Client I want to use for ssh:// entries?

1Password Hosted SCIM Bridge

Can't connect to 1password from Raycast

Security concern with allowing Terminal complete access to my 1P account via op CLI