s

    Sam Maradwi

    2 months ago
    Hi Prefect community, I am facing issue while registering flows in prefect and getting below error, Can anyone please help me with this.:
    botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetSecretValue operation: User: arn:aws:sts::xxx:assumed-role/code_deployments-role/iddoc- is not authorized to perform: secretsmanager:GetSecretValue on resource: 4i-adl-config because no identity-based policy allows the secretsmanager:GetSecretValue action
    Chris White

    Chris White

    2 months ago
    Hey Sam! Could you provide a code example or larger traceback for where this error comes from? I'm wondering if it's being caused by a push to S3, Docker, etc.
    s

    Sam Maradwi

    2 months ago
    Hi Chris, please find the larger traceback of this error:
    Logged in to Prefect Cloud tenant 'Default' (default)
    Collecting flows...
    Error loading '4i_ffs_vtapm_prvdr_rsp_process/4i_ffs_vtapm_prvdr_rsp_process.py':
      Traceback (most recent call last):
        File "/home/ec2-user/.local/lib/python3.7/site-packages/prefect/cli/build_register.py", line 134, in load_flows_from_script
        namespace = runpy.run_path(abs_path, run_name="<flow>")
        File "/usr/lib64/python3.7/runpy.py", line 263, in run_path
        pkg_name=pkg_name, script_name=fname)
        File "/usr/lib64/python3.7/runpy.py", line 96, in _run_module_code
        mod_name, mod_spec, pkg_name, script_name)
        File "/usr/lib64/python3.7/runpy.py", line 85, in _run_code
        exec(code, run_globals)
        File "/tmp/4i-prefect-flows/src/flows/4i_ffs_vtapm_prvdr_rsp_process/4i_ffs_vtapm_prvdr_rsp_process.py", line 62, in <module>
        adl_secrets = adl_config.envConfig('4i-adl-config')
        File "/tmp/4i-prefect-flows/src/flows/4i_ffs_vtapm_prvdr_rsp_process/4i_ffs_vtapm_prvdr_rsp_process.py", line 37, in envConfig
        get_4i_adl_secret_value = client.get_secret_value(SecretId=secret_name)
        File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/client.py", line 508, in _api_call
        return self._make_api_call(operation_name, kwargs)
        File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/client.py", line 915, in _make_api_call
        raise error_class(parsed_response, operation_name)
      botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetSecretValue operation: User: arn:aws:sts::xxx:assumed-role/code_deployments-role/iddoc-test is not authorized to perform: secretsmanager:GetSecretValue on resource: 4i-adl-config because no identity-based policy allows the secretsmanager:GetSecretValue action
    Kevin Kho

    Kevin Kho

    2 months ago
    I can’t tell what you are trying to do from the traceback. Do you have a code sample?
    s

    Sam Maradwi

    2 months ago
    I am getting this error while registering prefect, below is the sample example:
    prefect register --project EDL --path "**/*" --force
    Kevin Kho

    Kevin Kho

    2 months ago
    Yes but these aren’t Prefect logs so I need to see if you are using S3Storage or if you’re doing something else with boto3 outside of Prefect
    s

    Sam Maradwi

    2 months ago
    1) Python script in flows directory, need to register using python prefect tool ( we have steps in this repo - https://github.cms.gov/iddoc/prefect-examples ) 2) Anything in sync directory, need to sync to s3 bucket ( 4i-prefect-flows-env )4i-prefect-flows-test/scripts/
    Kevin Kho

    Kevin Kho

    2 months ago
    I can’t sign in the thing. The error says it comes from this line:
    get_4i_adl_secret_value = client.get_secret_value(SecretId=secret_name)
    which is not a Prefect line. Do you have this line in your code?
    s

    Sam Maradwi

    2 months ago
    no we dont have this line in our code.
    Kevin Kho

    Kevin Kho

    2 months ago
    The traceback shows your file though I think:
    flows/src/flows/4i_ffs_vtapm_prvdr_rsp_process/4i_ffs_vtapm_prvdr_rsp_process.py", line 37, in envConfig
        get_4i_adl_secret_value = client.get_secret_value(SecretId=secret_name)
    or are you importing in this line from somewhere?
    s

    Sam Maradwi

    2 months ago
    yes we are exporting secret keys
    Kevin Kho

    Kevin Kho

    2 months ago
    This is the line throwing an error. Looks like you don’t have permissions to?
    s

    Sam Maradwi

    2 months ago
    @Deepak Pilligundla