QUESTION

I’m running into some AWS permissions issues. We get the following error in the console:

lookup update failed for xx: upload failed for lookup xx-xx-xx-xx-xx into : cannot open snowflake db: cannot read Snowflake 
secret arn:aws:secretsmanager:xx:xx:secret:panther-admin-snowflake-secret-xx: failed to fetch AWS secret: operation error 
Secrets Manager: GetSecretValue, https response error StatusCode: 400, RequestID: xx-xx-xx-xx-xx, api error 
AccessDeniedException: User: arn:aws:sts::xx:assumed-role/xx/panther-lookup-tables-api is not authorized to perform: 
secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:x:xx:x:xx because no resource-based policy allows the 
secretsmanager:GetSecretValue action

ANSWER

This error indicates that you have a "legacy" Snowflake configuration where you manage the secrets. To resolve this issue, you need to grant permission to the lookup tables Lambda function to read the secret for Snowflake. You can follow the instructions described in our documentation page "Update Permissions for the Secrets" to successfully set up your permissions.