AWS Secrets Manager
User Guide

Troubleshooting General Issues

Use the information here to help you diagnose and fix access-denied or other common issues that you might encounter when you're working with AWS Secrets Manager.

I get an "access denied" message when I make a request to AWS Secrets Manager.

  • Verify that you have permissions to call the operation and resource that you've requested. An administrator must grant permissions by attaching an IAM policy to your IAM user, or to a group that you're a member of. If the policy statements that grant those permissions include any conditions, such as time-of-day or IP address restrictions, you also must meet those requirements when you send the request. For information about viewing or modifying policies for an IAM user, group, or role, see Working with Policies in the IAM User Guide.

  • If you're signing API requests manually (without using the AWS SDKs), verify that you've correctly signed the request.

I get an "access denied" message when I make a request with temporary security credentials.

Changes that I make aren't always immediately visible.

As a service that's accessed through computers in data centers around the world, AWS Secrets Manager uses a distributed computing model called eventual consistency. Any change that you make in Secrets Manager (or other AWS services) takes time to become visible from all possible endpoints. Some of the delay results from the time it takes to send the data from server to server, from replication zone to replication zone, and from region to region around the world. Secrets Manager also uses caching to improve performance, but in some cases this can add time. The change might not be visible until the previously cached data times out.

Design your global applications to account for these potential delays. Also, ensure that they work as expected, even when a change made in one location isn't instantly visible at another.

For more information about how some other AWS services are affected by this, consult the following resources: