You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regarding secrets, currently the module has the following input variables:
consul_bootstrap_token_secret_arn
consul_server_ca_cert_arn
The module then creates IAM permissions to the GetSecretValue action. Normally this works fine with secret ARNs that only contain a single value such as:
Unfortunately the IAM permission fails (does not apply) when this type of secret ARN is used and the acl-controller fails to start because its unable to retrieve the secret value.
I was able to confirm this by manually updating the IAM policy by removing the :json-key:version-stage:version-id suffix and the acl-controller was then able to start successfully.
How would it be possible to use secrets with ARNs that specify a JSON key?
The text was updated successfully, but these errors were encountered:
Module:
acl-controller
Regarding secrets, currently the module has the following input variables:
The module then creates IAM permissions to the GetSecretValue action. Normally this works fine with secret ARNs that only contain a single value such as:
But when a secret with a JSON structure is used, then the ARN in the ECS task definition becomes:
Unfortunately the IAM permission fails (does not apply) when this type of secret ARN is used and the
acl-controller
fails to start because its unable to retrieve the secret value.I was able to confirm this by manually updating the IAM policy by removing the
:json-key:version-stage:version-id
suffix and theacl-controller
was then able to start successfully.How would it be possible to use secrets with ARNs that specify a JSON key?
The text was updated successfully, but these errors were encountered: