- Newest
- Most votes
- Most comments
HI
You create your inline policy according to your need for the user or role and attach it if the required access is not present in the default aws roles / policies.
Hi,
Thank you for your answer.
It is important to notice that the error message: "An error occurred (AccessDeniedException) when calling the GetSecretValue operation: Access to KMS is not allowed" appears when trying to access to the secret from elastic beanstalk machine.
I gave aws-elasticbeanstalk-ec2-role IAMFullAccess permission and removed it from my user permissions and the same error appears.
What I want to achieve is the secret to be accessible from an elastic beanstalk machine but not from my user in the aws console.
any ideas?
An error occurred (AccessDeniedException) when calling the GetSecretValue operation: Access to KMS is not allowed
The same error i'm getting when calling secretsmanager form python sdk, while in CLI working fine.
Hello,
It appears that you have chosen to encrypt secrets with a AWS KMS customer master key (CMK). In such scenarios, you must provide permissions to decrypt using the CMK. This is in addition to the Secrets Manager permissions required to retrieve the secret. See KMS documentation on authorizing use of CMK with Secrets Manager for details: https://docs.aws.amazon.com/kms/latest/developerguide/services-secrets-manager.html
--Apurv
Relevant content
- asked a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago