Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add ssm:GetParameters permission to external-secrets policy #316

Merged
merged 2 commits into from
Dec 7, 2022
Merged

fix: Add ssm:GetParameters permission to external-secrets policy #316

merged 2 commits into from
Dec 7, 2022

Conversation

amarkevich
Copy link
Contributor

https://docs.aws.amazon.com/systems-manager/latest/userguide/integrating_csi_driver.html#integrating_csi_driver_access

Description

according to documentation ssm:GetParameters permission is required

Motivation and Context

atm AWS CSI Secret Store Driver failed to get parameter with error
MountVolume.SetUp failed for volume "volume_name" : rpc error: code = Unknown desc = failed to mount secrets store objects for pod namespace/pod-647dbc98b4-h8kl4, err: rpc error: code = Unknown desc = Failed fetching parameters: WebIdentityErr: failed to retrieve credentials caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity status code: 403, request id: request-uuid

Breaking Changes

How Has This Been Tested?

    annotations = {
      "eks.amazonaws.com/role-arn" = module.secrets-store-csi-irsa-role.iam_role_arn
    }
  • mount SecretProviderClass with provider: aws

@bryantbiggs bryantbiggs changed the title External Secrets Policy: add ssm:GetParameters permission fix: Add ssm:GetParameters permission to external-secrets policy Dec 5, 2022
@bryantbiggs bryantbiggs merged commit 0e77849 into terraform-aws-modules:master Dec 7, 2022
antonbabenko pushed a commit that referenced this pull request Dec 7, 2022
@semantic-release-bot
chore(release): version 5.9.1 [skip ci]
72ca18a 
### [5.9.1](v5.9.0...v5.9.1) (2022-12-07)

### Bug Fixes

* Add `ssm:GetParameters` permission to `external-secrets` policy ([#316](#316)) ([0e77849](0e77849))
@antonbabenko
Copy link
Member

This PR is included in version 5.9.1 🎉

@github-actions
Copy link

github-actions bot commented Jan 7, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 7, 2023
@amarkevich amarkevich deleted the iam-role-for-service-accounts-eks branch January 8, 2023 09:22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amarkevich @antonbabenko @bryantbiggs