Question:
I use an example from here in order to retreive a secret from AWS SecretsManager in c# code.
I have set credentials locally via AWS CLI, and I am able to retreive secret list using AWS CLI command “aws secretsmanager list-secrets”.
But c# console app fails with an error:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
> Unhandled exception. System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.) ---> Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service. at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials() at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials() at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync() at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext) at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext) --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at System.Threading.Tasks.Task`1.get_Result() at AWSConsoleApp2.GetSecretValueFirst.GetSecret() in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\GetSecretValueFirst.cs:line 53 at AWSConsoleApp2.Program.Main(String[] args) in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\Program.cs:line 11 |
When I change original constructor call
IAmazonSecretsManager client = new AmazonSecretsManagerClient();
with adding inherited parameter of type AWSCredentials
IAmazonSecretsManager client = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());
it works fine.
Class StoredProfileAWSCredentials is obsolete but it works to use it. I use libraries that work without errors on the other machines and I cannot change them.
I use credentials for user that belongs to Administrators group and has full access to SecretsMnager. Region has set properly in c# code, profile is default.
Any ideas? Thanks for advance
Answer:
I had the same issue, here is how I fixed it on my development environment
- I created an AWS profile using the AWS extension for Visual studio
- Once the profile is set up the credentials are passed using the profile and it worked fine for me
Point to note here, the user profile accessing the key manager should have a valid security group assigned for the Secrets manager.
Try it out let me know, how it went.