0

I'm getting the follow error when I try to deploy my Load Balanced Web Service with Copilot into a new environment. I have everything running in test, created a new prod environment and tried to deploy the service into it, but the task details show a stopped reason of:

ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 1 time(s): AccessDeniedException: User: arn:aws:sts::xxx:assumed-role...

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
drquinn
  • 467
  • 4
  • 16

1 Answers1

1

SSM parameters were added specifically for the test env, which I thought would apply by default to all environments, but apparently not. Had to add again for prod environment, with the tag copilot-environment.

aws ssm put-parameter \
    --name /copilot/applications/core/environments/test/port \
    --value '8000' \
    --type SecureString \
    --tags Key=copilot-environment,Value=test Key=copilot-application,Value=core

aws ssm put-parameter \
    --name /copilot/applications/core/environments/prod/port \
    --value '8000' \
    --type SecureString \
    --tags Key=copilot-environment,Value=prod Key=copilot-application,Value=core

And updated my manifest.yml:

secrets:                      # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
  PORT: /copilot/applications/core/environments/test/port

# You can override any of the values defined above by environment.
environments:
  prod:
    secrets:
      PORT: /copilot/applications/core/environments/prod/port
drquinn
  • 467
  • 4
  • 16