operation error Secrets Manager: GetSecretValue, https response error
StatusCode: 400, RequestID: 02b3dd88-013d-4e8c-b53c-94f5bba6c798,
api error AccessDeniedException: User: arn:aws:sts::362708816803:
assumed-role/eksctl-skills-eks-cluster-nodegrou-NodeInstanceRole-l7cHr1FkGb7N/i-032e33495774aafa4
is not authorized to perform: secretsmanager:GetSecretValue on resource:
mongodb/credentials because no identity-based
policy allows the secretsmanager:GetSecretValue action
YAML
복사
•
해당 오류는 노드그룹에 AccessDeniedException = 권한 부족으로 발생하는 문제이다.
•
할당 해야할 Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"*"
]
}
]
}
JSON
복사
•
권한 할당
aws iam attach-role-policy --role-name eksctl-skills-eks-cluster-nodegrou-NodeInstanceRole-l7cHr1FkGb7N --policy-arn arn:aws:iam::362708816803:policy/secretsmanager-policy
Shell
복사