Reputation: 39
Error Accessing Secrets from Secrets Manager via Amplify: [CredentialsProviderError]: Could not load credentials from any providers
I have a NextJS 14.2.4 app deployed via the Amplify Console (Gen 2). I am not using Amplify CLI. I created the app with create-next-app. I am leveraging Simple Email Service to send an email with info provided through a contact form within the NextJS app. My logic for accessing the secrets necessary for SES is included in a server action within the NextJS app--so it is not client-side code but instead code that runs on the server. I had tried to store my secrets within Secrets Management, located under Hosting >> Secrets in the Amplify Console. However, I have been unsuccessful accessing the secrets this way during runtime to use for SES. So I am currently attempting to access the secrets after storing them within Secrets Manager. In general, storing these values in environment variables is not advised.
I stored the secrets in Secrets Manager. I am using the Javascript AWS SDK v3 to retrieve the secrets. Following the AWS SecretsManagerClient Docs, I am using SecretsManagerClient and GetSecretValueCommand in my code as follows:
const SEND_EMAIL_SECRET_NAME = "my-secret";
const configureSes = async() => {
const secretsManagerClient = new SecretsManagerClient({
region: process.env.SES_REGION,
});
let secret;
try {
const getSecretValueCommand = new GetSecretValueCommand({
SecretId: SEND_EMAIL_SECRET_NAME,
VersionStage: "AWSCURRENT"
});
const secretResponse = await secretsManagerClient.send(getSecretValueCommand);
console.log(secretResponse);
}
catch(error:any) {
console.error('Error retrieving secret: ', error);
}
}
** My Amplify App Service Role has these policies attached:**
- SecretsManagerReadWrite
- AmplifyBackendDeployFullAccess
- Logging policy - for Cloudwatch Logs
In the server action code, at the point where I call the send() method, I get the below error. There are no extra details provided in the Cloudwatch logs.
Error retrieving secret: i [CredentialsProviderError]: Could not load credentials from any providers
After hours of research, I have not found anything conclusive on any extra permissions needed for the Amplify app in order to access the secrets located in Secrets Manager. The javascript example in the link above is repeated in several online resources, so I imagine that this is a viable approach to retrieving the secrets. Can someone please tell me what I am missing?
Upvotes: 1
Views: 422
Answers (0)
Related Questions
- Accessing Parameter store secret with amplify.yml
- How to Seamlessly Integrate AWS Amplify with AWS CDK for Resource Sharing?
- How to access API secrets from Next.js in AWS Amplify
- AWS Secrets Manager can’t find the specified secret
- How to use AWS System Manger with Amplify
- AWS .NET SDK throws "An existing connection was forcibly closed by the remote host" when trying to get secret from AWS Secrets Manager
- AWS Secrets Manager call from Lambda returning null/none
- Express/AwsServerlessExpress/lambda/Secrets Manager - Exporting a Variable from a function -
- Unknown service: 'secretsmanager' or AWS Secrets Manager service is not in the list of AWS CLI