19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Is there a way to disable fetching secrets when us...
# deployment-ecsj
Josh Hallinan
02/08/2022, 10:20 PMIs there a way to disable fetching secrets when using the ECSRunLauncher? We do not use AWS secretsmanager, and I am having IAM permission denied error when starting launching a new run despite having the proper policies:
Copy code
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets",
"secretsmanager:GetSecretValue"d
daniel
02/08/2022, 10:25 PMHi Josh - this isn't currently possible, but it would be just a small change on our side to support this (you would just need to set the secrets_tag field to empty or None)
j
Josh Hallinan
02/08/2022, 10:31 PMOk, great 👍 I think our corporate account has secret manager completely disabled since we use vault, thus any boto3 calls give permission denied.
d
daniel
02/11/2022, 4:02 AMThe latest dagster release has this fix (if you set secrets_tag to None, it won't try to hit secretsmanager)
daniel
02/11/2022, 4:02 AMthe default tag values is still "dagster" though
j
Josh Hallinan
02/11/2022, 4:02 AMWow that was a quick turnaround! Thanks for the update 😀
Josh Hallinan
02/11/2022, 4:05 AMWhat we ended up doing was to create a task definition and specifying this in the config via Environment Variable. By having a task definition, dagster would not try to get secrets
3 Views