
aws ecs fargate can't fetch secret manager

I'm using AWS ECS service for orchestrate my docker container.

Also used Secret Manager for stored and retrieve personal information.

I apply SecretsManagerReadWrite policy to my ecsTaskExecutionRole and ecsServiceRole.

Before using Fargate, I just used ECS with EC2.

And it works fine.

But in fargate, it throw NoCredentialsError

I fetched to secret manager via python script that made with boto3. (

Is there any solution here?


CUSTOM Permission

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "*"


  • Be sure that the IAM policy you applied has the following permissions :

      "Version": "2012-10-17",
      "Statement": [
          "Effect": "Allow",
          "Action": [
          "Resource": [

    Also, be sure that you are using Fargate 1.3.0 (

    But I would try something else to reduce the amount of code. Since Nov 2018, it is not necessary to write your own code to fetch secrets from Secret Manager. ECS/Fargate can do it for you. Just give ECS the permission to access your secret and give the secret ARN in the task definition. ECS/Fargate will assign the secret to the environment variable. Your code just need to read the environment variable as usual.

    For example :

    "containerDefinitions": [
            "secrets": [
                    "name": "environment_variable_name",
                    "valueFrom": "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"

    Doc is here :