I am trying to build a simple workflow in ISC using the Active Directory privileged task automation action to execute commands in Active Directory. One prerequisite for using the privileged task automation action is to configure a credential provider and provide a secret path URL that points to the username and password. I am using AWS Secrets Manager as the credential provider.
Both the EC2 instance configured as the VA and the privilege gateway VA used for Active Directory action in the workflow have roles assigned with necessary permissions for AWS Secrets Manager.
When I specify the Secret Path expression in the following format: secrets://{vault_name}/{URI_Path_to_secret}/{secretKey}, with each part within the curly braces URI-encoded separately, I receive a validation error in the Workflow that the secret path is invalid. I have tried assigning this path to a variable and retrieving it through the variable selection, but the workflow execution still fails.
I noticed the following error in the VA logs:
{“exception”:{“stacktrace”:"software.amazon.awssdk.core.exception.SdkClientException: Failed to load credentials from IMDS.\n\tat software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)
The EC2 instance used for the standard VA mapped to the credential provider, as well as the VA added to the privilege gateway virtual appliance cluster, both have IMDSv2 set to required.
Has anyone else encountered a similar issue when trying to use AWS Secrets Manager as a credential provider? Any inputs would be appreciated.