I’m running into some AWS permissions issues. We get the following error in the console:
lookup update failed for xx: upload failed for lookup xx-xx-xx-xx-xx into : cannot open snowflake db: cannot read Snowflake
secret arn:aws:secretsmanager:xx:xx:secret:panther-admin-snowflake-secret-xx: failed to fetch AWS secret: operation error
Secrets Manager: GetSecretValue, https response error StatusCode: 400, RequestID: xx-xx-xx-xx-xx, api error
AccessDeniedException: User: arn:aws:sts::xx:assumed-role/xx/panther-lookup-tables-api is not authorized to perform:
secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:x:xx:x:xx because no resource-based policy allows the
secretsmanager:GetSecretValue action
This error indicates that you have a "legacy" Snowflake configuration where you manage the secrets. To resolve this issue, you need to grant permission to the lookup tables Lambda function to read the secret for Snowflake. You can follow the instructions described in our documentation page "Update Permissions for the Secrets" to successfully set up your permissions.