I have a Python program running on a linux EC2 instance, I am trying to get a value from secrets manager but I keep getting a permissions error
An error occurred (AccessDeniedException) when calling the GetSecretValue operation: User: arn:aws:sts::user_id_here:assumed-role/AmazonSSMRoleForInstancesQuickSetup/somestring is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:eu-west-2:xxx_my_secret
In my IAM settings the user is inside a group with Administrator access and then the user itself has the perimssion SecretsManagerReadWrite
What permissions do I need to change?
The user who accesses the EC2 has different role from the machine itself.
The role and access of the machine to secrets manager are defined by either
In my code, I used boto.utils.get_instance_identity() to get the region. Then get the access_key and secret_key from boto3.Session().get_credentials().get_frozen_credentials()
You may also want to use botocore.credentials.RefreshableCredentials since the token from get_frozen_credentials() expires.