AWS ECS provisioned with terraform fails with access to SecretsManager

Question

I've run the https://github.com/1Password/scim-examples for deployment to AWS ECS Fargate and the provisioning went fine.

When the ECS service/task runs, it continually fails with: [redactions as appropriate]

ResourceInitializationError: 
unable to pull secrets or registry auth: 
execution resource retrieval failed: 
unable to retrieve secret from asm: 
service call has been retried 5 time(s): 
failed to fetch secret arn:aws:secretsmanager:us-east-1:00000000000:secret:op-scim-bridge000000000000000000-xxxxxx from secrets manager: 
RequestCanceled: request context canceled caused by: context deadline exceeded. 
Please check your task network configuration.

The IAM role is present and applied to the ECS deploy
Tried with both default secretsmanager endpoint and a VPC Endpoint attachment
Subnet is public with gateway, routing to internet or internal VPC Endpoint.
a linux host on same subnet can curl the sm endpoint just fine.
Secret is present in SM.
SCIM Bridge version is 2.8.1

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Answer

To close the loop for the community...

AWS support suggested setting the outbound SecurityGroup to an "any/any" instead of the provided limit of destination port 443 only. This allowed the task to start, which he agreed is an illogical set of conditions.

I may experiment further, but I need to get on with setting up SCIM.

Forum Discussion

AWS ECS provisioned with terraform fails with access to SecretsManager

1 Reply

Recent Discussions

macOS 26 beta browser extension very slow to open

`op account add` with `Integrate with 1Password CLI`

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate