I have the following code as part of AWS Synthetics Canaries, where I am trying to fetch a secret from AWS Secrets Manager. The code is in NodeJS and is pretty much the standard code and as provided in the AWS documentation.
const { SecretsManagerClient, GetSecretValueCommand } = require("@aws-sdk/client-secrets-manager");
input = {
SecretId: 'the-name-of-my-secret'
}
client = new SecretsManagerClient({
region: 'us-west-2'
});
command = new GetSecretValueCommand(input);
secretResponse = await client.send(command);
The package.json has dependency - "@aws-sdk/client-secrets-manager": "3.408.0",
The Synthetics Lambda has the proper execution role attached with policies AWSLambdaBasicExecutionRole and AWSLambdaVPCAccessExecutionRole.
When I run this code, I keep on getting the below error -
INFO Request: http://169.254.169.254/latest/api/token
ERROR Request failed. Request: http://169.254.169.254/latest/api/token
ERROR Failure reason: Error: connect ECONNREFUSED 169.254.169.254:80 Stack: Error: connect ECONNREFUSED 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1555:16)
at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:128:17)
INFO Request: http://169.254.169.254/latest/meta-data/iam/security-credentials/
ERROR Request failed. Request: http://169.254.169.254/latest/meta-data/iam/security-credentials/
ERROR Failure reason: Error: connect ECONNREFUSED 169.254.169.254:80 Stack: Error: connect ECONNREFUSED 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1555:16)
at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:128:17)
I understand the IP - 169.254.169.254 - is for AWS Metadata service. But Synthetics being a Lambda, does not have this service. Then why is it always making a call to this service? Also, since the execution role is already attached to this Lambda, still why is it trying to fetch a credential? Can someone please advise what I am doing incorrect here? Thanks much in advance.