1

I am using SecretsManager to store my Access & Secret Key. Below is the code I am using to fetch the secrets from AWS SecretsManager.

Constants constants = new Constants();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(constants.Region);

GetSecretValueRequest request = new GetSecretValueRequest
{
    SecretId = Constants.secretName, VersionStage = Constants.VersionStage, // VersionStage defaults to AWSCURRENT if unspecified.
};

GetSecretValueResponse response;

response = await client.GetSecretValueAsync(request);

NOTE :-

  • My code is working perfectly fine when I am running my code on local machine.
  • I am using same code in console application it works fine there as well. I am not sure why I am getting error while I host my application to IIS
  • I have properly configure the AWS Creds using aws configure command. I dont think this would be the issue.

The moment I host my code to IIS server (In AWS EC2 machine).

It started giving me error on 
this line -- response = await client.GetSecretValueAsync(request);

Error :-

Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync()
at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
at UtilityProject.RetrieveSecretAndAccessKeys.GetSecret()

Application I am using is :- DotNet Core 5.0

Sibtain
  • 1,436
  • 21
  • 39
Hardik Parmar
  • 1,053
  • 3
  • 15
  • 39
  • 1
    you have to set the aws credentials as environment variables..did you do that? – Kaneki21 Feb 12 '23 at 12:55
  • @Kaneki21- I have just set the secretKey AccessKey values in the EC2 machine at this folder "C:\Users\Administrator\.aws". I have NOT set any values in the environment variables in the WebAPI application. – Hardik Parmar Feb 12 '23 at 12:58
  • adding the credentials to `.aws` folder should work...otherwise you can attach an `IAM role` to the EC2 with the correct set of permissions to access secrets manager – Kaneki21 Feb 12 '23 at 13:00
  • [1](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-assign.html#net-dg-config-creds-assign-role) and [2](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-file.html#creds-file-examples) should help – Kaneki21 Feb 12 '23 at 13:03
  • @Kaneki21 - I am wondering that if I am run console application from EC2 machine then that works with the same code & if same code I am trying to access by DotNet core WebAPI then it is NOT working. I am checking the link provided by you. – Hardik Parmar Feb 12 '23 at 13:12
  • I'm not a dotnet expert, but from the aws sdk point, it tries to look for credentials in the places defined in the docs, so you'll have to ensure that they are present. Also assigning IAM role to EC2 is the recommended way as its more secure – Kaneki21 Feb 12 '23 at 13:18
  • @Kaneki21 - I have provided role to EC2 for full access of SecretsManager then also it did not work – Hardik Parmar Feb 12 '23 at 13:23
  • try [this](https://stackoverflow.com/a/75127096/19514458), if it helps, although I guess you probably have gone through them. – Kaneki21 Feb 12 '23 at 13:31
  • Just assign a role to your ec2 with permission to access system manager – Jatin Mehrotra Feb 13 '23 at 04:18
  • @JatinMehrotra - I have given EC2 role for a Systems Manager but it didnt work. – Hardik Parmar Feb 13 '23 at 13:40
  • I'm experiencing the same issue, did you figure it out? – marcos.borunda Mar 07 '23 at 23:10

0 Answers0