Error "cannot open snowflake db: cannot read Snowflake secret" when trying to update my lookup tables in Panther
QUESTION
I’m running into some AWS permissions issues. We get the following error in the console:
lookup update failed for xx: upload failed for lookup xx-xx-xx-xx-xx into : cannot open snowflake db: cannot read Snowflake secret arn:aws:secretsmanager:xx:xx:secret:panther-admin-snowflake-secret-xx: failed to fetch AWS secret: operation error Secrets Manager: GetSecretValue, https response error StatusCode: 400, RequestID: xx-xx-xx-xx-xx, api error AccessDeniedException: User: arn:aws:sts::xx:assumed-role/xx/panther-lookup-tables-api is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:x:xx:x:xx because no resource-based policy allows the secretsmanager:GetSecretValue action
ANSWER
This error indicates that you have a "legacy" Snowflake configuration where you manage the secrets. To resolve this issue, you need to grant permission to the lookup tables Lambda function to read the secret for Snowflake. You can follow the instructions described in our documentation page "Update Permissions for the Secrets" to successfully set up your permissions.