AWS ECS Fargate Task cannot pull secrets from SSM
10,137
The fact you are getting an access denied may mean you don't have the proper permissions specified in the Task role. Check out the considerations listed here.
Related videos on Youtube
04 : 57
How can I pass secrets or sensitive information securely to containers in an Amazon ECS task?
27 : 34
How to Setup AWS ECS Fargate with a Load Balancer | Step by Step
04 : 19
AWS ECS Fargate tasks not running
11 : 34
AWS Systems Manager Parameter Store - Use Credentials with ECS Environment Variables (Hands-On)
27 : 39
Launch an Amazon ECS Fargate Task and Service | ECS Series Part 1
Author by
user15013406
Updated on September 18, 2022Comments
-
user15013406 over 1 year
I'm bootstrapping an ECS Cluster with AWS CDK. I created SecureStrings in SSM which I want to pass to the container secrets.
But when starting the service I get the following error message on the task:
"ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 1 time(s): AccessDeniedException: User: arn:aws:sts::<ACCOUNT_ID>:assumed-role..."The task runs in a private VPC, so I attached a VPC endpoint for service name com.amazonaws.eu-central-1.ssm to the VPC (both subnets). I also created a security group that allows TCP 443 INBOUND from 0.0.0.0/0 and attached that security group to the VPC endpoint.
I have no clue what I should do for troubleshooting.
-
user15013406 almost 3 yearsYes, I was referencing the wrong task execution role in my code -.-
-
MichaelG about 2 yearsThis is also the error you receive when referencing a non-existing ssm parameter.
