I have followed the instructions to setup and configure the aws-secrets-bundle: ^1 package.
--composer.json
"aws/aws-sdk-php": "^3.306", "constup/aws-secrets-bundle": "^1",
-- ENV
infrauser@55e9c58d6eca:/var/www/html/router$ env | grep AWS AWS_DEFAULT_REGION=eu-west-1 AWS_SECRET_ACCESS_KEY=***** AWS_ACCESS_KEY_ID=????? AWS_SECRET=docs-router-app-dev-mariadb
-- config/packages/aws_secrets.yaml
aws_secrets: client_config: region: "eu-west-1" # Required if "ignore" is false. version: "latest" # Defaults to "latest". endpoint: "https://secretsmanager.eu-west-1.amazonaws.com" credentials: key: "??????????" secret: "*****" cache: "array" # Can be one of the following: apcu, array, filesystem. Default is array. delimiter: "," # Delimiter to separate key from secret name. ignore: false # Pass through AWS (for local dev environments set to "true").
-- config/services.yaml
parameters: aws_secret: '%env(aws:AWS_SECRET)%' database_root_password: '%env(aws:DATABASE_ROOT_PASSWORD)%' database_url: '%env(aws:DATABASE_URL)%' database_host: '%env(aws:DATABASE_HOST)%' database_name: '%env(aws:DATABASE_NAME)%' database_user: '%env(aws:DATABASE_USER)%' database_password: '%env(aws:DATABASE_PASSWORD)%' database_port: '%env(aws:DATABASE_PORT)%' database_charset: '%env(aws:DATABASE_CHARSET)%'
Both the AWS CLI and curl request work fine.
--AWS CLI
infrauser@55e9c58d6eca:/var/www/html/router$ aws secretsmanager get-secret-value --secret-id docs-router-app-dev-mariadb { "ARN": "arn:aws:secretsmanager:eu-west-1:186886293338:secret:docs-router-app-dev-mariadb-d5k1yb", "Name": "docs-router-app-dev-mariadb", "VersionId": "b5a05b5f-5a08-40e7-bfbe-dbb5a03a8c8c", "SecretString": "{\"aws_database_root_password\":\"c1rata2024\",\"aws_database_user\":\"docs_router\",\"aws_database_password\":\"me8ungeevei3Rael\",\"aws_database_engine\":\"mariadb\",\"aws_database_host\":\"infradocsrouterdbdev.ceesba7or1rg.eu-west-1.rds.amazonaws.com\",\"aws_database_port\":3306,\"aws_database_name\":\"docs_router\",\"aws_database_url\":\"mysql://docs_router:me8ungeevei3Rael@infradocsrouterdbdev.ceesba7or1rg.eu-west-1.rds.amazonaws.com:3306/docs_router?serverVersion=mariadb-10.6.16\",\"aws_database_charset\":\"utf8mb4\",\"aws_dbInstanceIdentifier\":\"infradocsrouterdbdev\"}", "VersionStages": [ "AWSCURRENT" ], "CreatedDate": "2024-05-20T11:25:55.974000+00:00" }
-- CURL
`infrauser@55e9c58d6eca:/var/www/html/router$ curl -sX POST "https://secretsmanager.eu-west-1.amazonaws.com" \
--user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}"
--aws-sigv4 "aws:amz:eu-west-1:secretsmanager"
--header "X-Amz-Target: secretsmanager.GetSecretValue"
--header "Content-Type: application/x-amz-json-1.1"
--data '{
"SecretId": "docs-router-app-dev-mariadb"
}'
{"ARN":"arn:aws:secretsmanager:eu-west-1:186886293338:secret:docs-router-app-dev-mariadb-d5k1yb","CreatedDate":1.716204355974E9,"Name":"docs-router-app-dev-mariadb","SecretString":"{"aws_database_root_password":"c1rata2024","aws_database_user":"docs_router","aws_database_password":"me8ungeevei3Rael","aws_database_engine":"mariadb","aws_database_host":"infradocsrouterdbdev.ceesba7or1rg.eu-west-1.rds.amazonaws.com","aws_database_port":3306,"aws_database_name":"docs_router","aws_database_url":"mysql://docs_router:me8ungeevei3Rael@infradocsrouterdbdev.ceesba7or1rg.eu-west-1.rds.amazonaws.com:3306/docs_router?serverVersion=mariadb-10.6.16","aws_database_charset":"utf8mb4","aws_dbInstanceIdentifier":"infradocsrouterdbdev"}","VersionId":"b5a05b5f-5a08-40e7-bfbe-dbb5a03a8c8c","VersionStages":["AWSCURRENT"]}`
However; When cache-clear is called or browsing to page I get the following error:
Error executing "GetSecretValue" on "https://secretsmanager.eu-west-1.amazonaws.com"; AWS HTTP error: Client error:
POST https://secretsmanager.eu-west-1.amazonaws.com` resulted in a 400 Bad Request
response:
{"__type":"InvalidSignatureException","message":"The request signature we calculated does not match the signature you pr (truncated...)
InvalidSignatureException (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - {"__type":"InvalidSignatureException","message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}`
I can see the request object has no SecretId in payyload. Is there anything I am missing here. I would be grateful for any help:
GuzzleHttp\Psr7\Request::__set_state(array( 'method' => 'POST', 'requestTarget' => NULL, 'uri' => GuzzleHttp\Psr7\Uri::__set_state(array( 'scheme' => 'https', 'userInfo' => '', 'host' => 'secretsmanager.eu-west-1.amazonaws.com', 'port' => NULL, 'path' => '', 'query' => '', 'fragment' => '', 'composedComponents' => 'https://secretsmanager.eu-west-1.amazonaws.com', )), 'headers' => array ( 'Host' => array ( 0 => 'secretsmanager.eu-west-1.amazonaws.com', ), 'X-Amz-Target' => array ( 0 => 'secretsmanager.GetSecretValue', ), 'Content-Type' => array ( 0 => 'application/x-amz-json-1.1', ), 'X-Amz-User-Agent' => array ( 0 => 'aws-sdk-php/3.306.6 OS/Linux#5.15.146.1-microsoft-standard-WSL2 lang/php#8.1.28', ), 'User-Agent' => array ( 0 => 'aws-sdk-php/3.306.6 OS/Linux#5.15.146.1-microsoft-standard-WSL2 lang/php#8.1.28', ), 'aws-sdk-invocation-id' => array ( 0 => 'e4b72c94fe4703e18d326d8502aa46cd', ), 'aws-sdk-retry' => array ( 0 => '0/0', ), 'X-Amz-Date' => array ( 0 => '20240522T082110Z', ), 'Authorization' => array ( 0 => 'AWS4-HMAC-SHA256 Credential=AKIASXA2KQ5NBXYBUQKU/20240522/eu-west-1/secretsmanager/aws4_request, SignedHeaders=host;x-amz-date;x-amz-target;x-amz-user-agent, Signature=ab84639fe27050eabfd9a0085a4512c6456ebb5db76b9323afccf4ea19501feb', ), ), 'headerNames' => array ( 'host' => 'Host', 'x-amz-target' => 'X-Amz-Target', 'content-type' => 'Content-Type', 'x-amz-user-agent' => 'X-Amz-User-Agent', 'user-agent' => 'User-Agent', 'aws-sdk-invocation-id' => 'aws-sdk-invocation-id', 'aws-sdk-retry' => 'aws-sdk-retry', 'x-amz-date' => 'X-Amz-Date', 'authorization' => 'Authorization', ), 'protocol' => '1.1', 'stream' => GuzzleHttp\Psr7\Stream::__set_state(array( 'stream' => NULL, 'size' => 29, 'seekable' => true, 'readable' => true, 'writable' => true, 'uri' => 'php://temp', 'customMetadata' => array ( ), )) , ))