I have a few versions of a SecureString value in AWS Parameter Store. When the following command is invoked locally:
aws ssm get-parameter --with-decryption --name "/my/secret/path" --output text --query Parameter.Value
I get the latest version of the parameter. However, when this is enacted via a GitHub runner, it is only ever getting version 1 of the parameter. When I attempt to specify the version:
aws ssm get-parameter --with-decryption --name "/my/secret/path:4" --output text --query Parameter.Value
I get a message back saying that version 4 of the parameter doesn't exist, although the query does execute when run locally.
I have tried running it with Parameter.Version without the version number specified to confirm and have confirmed when I run it locally, version 4 comes back, but when the runner executes it, version 1 comes back.
AWS CLI 2.8.6 is being used both locally and on the Runner. The documentation says that this should be returning the latest version when no version is specified
Has anyone experienced this before and are there any tricks to getting this to work?
Much appreciation to Marcin above who very quickly pointed out that there may be a difference in accounts coming into effect. The secret had been updated in one but not the other, and the identical naming was throwing the investigation off. I was able to resolve this by updating the secret in both the account that the local environment and the GitHub environment were using.