CODEWITHSUNDEEP
amazon-ecsaws-secrets-manageraws-fargate
A. Hafid
A. Hafid

Reputation: 489

unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm

My configuration :

When I use Fargate 1.3, It's OK.

But for 1.4 for same configuration (private subnet, nat gateway, policies, Security groups, ...) I have this error : ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:region-x:xxxxxxx...

I must use 1.4 version of Fargate because I need use EFS.

Thank you

Upvotes: 2

Views: 10825

Answers (2)

A. Hafid
A. Hafid

Reputation: 489

The support response working for me:

Check the VPC endpoints for secret manager. It is having the security group: "sg-xxxxxxx" and this Security Group is not having inbound port 443 allowed. So create a inbound rule to allow port 443 for x.x.x.x/xx (CIDR of VPC).

Upvotes: 3

Phyxx
Phyxx

Reputation: 16085

I had exactly this error (pasted in again with some additional text to catch more Google searches):

Resourceinitializationerror: unable to pull secrets or registry auth: execution resource retrieval failed: unable to get registry auth from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:us-west-2:#########:secret:secret/name from secrets manager: RequestCanceled: request context canceled caused by: context deadline exceeded

I had messed up the security group by mixing up inbound and outbound rules; I had no inbound rules, and only 1 outbound rule on port 8080.

Once I fixed up the security group to allow all outbound traffic, the task was successfully started.

Upvotes: 2

Related Questions