Reputation: 11
How to retrieve a secret value accessible only from a role?
I need to access a secret coming from a different account from my user "X-app-pr-user", to the user is attached a role "cross-account-secret-read" that gives the permission to read the secret identified by ARN "arn:accountB-secretId", so I'm authorized to read the secret even though it's a cross-account request.
What I tried so far is to access the secret by doing the following while using the user "X-app-pr-user":
aws secretsmanager get-secret-value --secret-id arn:accountB-secretId
But I receive the following error:
An error occurred (AccessDeniedException) when calling the GetSecretValue operation: User: arn:X-app-pr-user is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:accountB-secretId because no resource-based policy allows the secretsmanager:GetSecretValue action
Is there something I should do to retrive the secret? Like assuming the role when calling the get-secret-value command?
Thank you in advance
Upvotes: 0
Views: 409
Answers (0)
Related Questions
- Role cannot access AWS Secrets Manager secret
- How to assume an AWS role from another AWS role?
- AWS SecretsManager GetSecretValue from EC2 standalone PHP program using AWS SDK results in AWS HTTP error: Client error: 400 Bad Request
- How enable access to AWS STS AssumeRole
- Allow a secret in secret manager for all lambda functions in a particular AWS account
- Official example on AWS documentation on how to add a service principal on a resource based policy does not work
- AWS secret manager access deny issue