search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
272 stars 151 forks source link

403:Permission denied when I’m connecting to AWS vault with IAM role #599

Closed jaganm2018 closed 3 years ago

jaganm2018 commented 3 years ago

Issue: 403 permission denied to connect to aws vault using IAM role.

versions: Spring boot : 2.5.0 Spring cloud : 3.0.2 Spring cloud vault : 3.0.2

bootstrap.yml high level config is Spring.cloud.vault: Host: Authentication: Aws-iam: 4 property details (role, endpoint url...) kv: Properties (Enabled, direct context, profile separator, path)

——————————-
When trying to connect to vault , I’m getting forbidden even it’s working for some other nodejs applications from lambda.

I found thing is they removed the spring.cloud.vault.generic properties. I removed and tried .. even though I got same exception.

after upgrade to spring cloud vault to 3.0.3 then its working fine.

Note: spring cloud vault 3.0.2 has some issue to connect to vault in aws with IAM role.

I struggled lot and don’t struggle other.

mp911de commented 3 years ago

The vault ACL policies cause the "permission denied" response. Please configure your Vault ACL policy correctly, see https://learn.hashicorp.com/tutorials/vault/policies for reference. The Vault reference documentation contains ACL methods and paths.