Cannot get SecretsManger param using ssm:/aws/reference/secretsmanager

[tudor2004]

I am creating the ssm param before running "serverless deploy" using the following command docker run --rm -e AWS_ACCESS_KEY_ID=foobar -e AWS_SECRET_ACCESS_KEY=foobar --network=backend -it amazon/aws-cli secretsmanager --endpoint-url=http://localstack:4566 --region=us-east-1 create-secret --name lambda_secret --secret-string "mySecret"

The secret gets created successfully and I can also see it in the localstack dashboard.

After it is created, I am running the serverless deploy --stage=local command for the following template:

service: localstack-lambda
frameworkVersion: "2"
plugins:
  - serverless-localstack

custom:
  secret: ${ssm:/aws/reference/secretsmanager/lambda_secret}
  localstack:
    debug: true
    stages: [local]

provider:
  name: aws
  runtime: nodejs14.x
  lambdaHashingVersion: 20201221

package:
  individually: true

functions:
  my-lambda-fn:
    handler: index.handler
    description: Some lambda function
    package:
      patterns:
        - "!**"
        - index.js
        - package.json
        - node_modules/**

But when running serverless deploy --stage locale I get the following output:

 Serverless Warning --------------------------------------

  A valid SSM parameter to satisfy the declaration 'ssm:/aws/reference/secretsmanager/lambda_secret' could not be found.

[jeffgunderson]

Make sure the ssm service is running in localstack as well as secretsmanager.

In docker-compose:

environment:
      - SERVICES=secretsmanager,ssm

[henriqueleite42]

I'm also having the same issue, but my serverless.yml has some differences:

# Because of https://www.serverless.com/framework/docs/providers/aws/guide/variables/#reference-variables-using-the-ssm-parameter-store
variablesResolutionMode: "20210326"

custom:
  # I tried both ways, this way:
  secret: ${ssm:/aws/reference/secretsmanager/lambda_secret}
  # And this way:
  secret: ${ssm:lambda_secret}

And the error that I'm getting is:

Serverless: Using serverless-localstack

Serverless Error ----------------------------------------

 Cannot resolve serverless.ts: Variables resolution errored with:
   - Cannot resolve variable at "custom.secret": ,

 Get Support --------------------------------------------
    Docs:          docs.serverless.com
    Bugs:          github.com/serverless/serverless/issues
    Issues:        forum.serverless.com

 Your Environment Information ---------------------------
    Operating System:          linux
    Node Version:              14.18.1
    Framework Version:         2.68.0 (local)
    Plugin Version:            5.5.1
    SDK Version:               4.3.0
    Components Version:        3.18.1

Both ssm and secretsmanager are in the SERVICES config.

[mmdoug1n]

Same problem here :(

[evyros]

Same here :(

[way2datta]

Is there any update on this?

[whummer]

Thanks for reporting @tudor2004 @jeffgunderson @mmdoug1n @evyros @way2datta , and apologies for the long delay on this one. I don't seem to be able to replicate this with the latest version - can you please pull the latest Docker image and give it another try?

$ awslocal secretsmanager --region=us-east-1 create-secret --name lambda_secret --secret-string "mySecret"
{
    "ARN": "arn:aws:secretsmanager:us-east-1:000000000000:secret:lambda_secret-c4e082",
    "Name": "lambda_secret",
    "VersionId": "e786353b-bb36-43c6-b93c-7b36f7eda2e5"
}
$ serverless deploy --stage local
... 
✔ Service deployed to stack localstack-lambda-local (10s)

Please note that the region of the SecretsManager secret (us-east-1) needs to match the region of the Serverless stack. Hope that helps - please let us know if the problem persists.. Thanks!

[shadowhand]

I was having this issue too, until I explicitly did --stage=local and then everything worked as expected. I am pretty sure the default for serverless is prod.

[steffyP]

Closing the issue due to inactivity and it should have been resolved.