infrastrucure-live-acme I have everything deployed but the
sample-app-backend-acme docker container keeps failing to start. A check of the logs reveals:
AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
I’m presuming that the key required is
cmk-stage - which I can see has been created in the correct region
Using the arn for
cmk-stage I can sucessfully encrypt a
db_password, but when I immediatly try to decrypt the ciphertext, I get the same
AccessDeniedException so this looks like an authorisation issue.
Things I’ve checked:
- [my machine] my AWS logged in user has
KMSfull access in
IAMand is the key administrator for
- [on stage
ecsinstance] user is the principle for
Am I missing an
iam role, even though I’m the key administrator?
Any help on debugging this is appreciated.