I've set up an EC2 instance running PHP. For testing only, the instance is in a public subnet with a Security Group that allows All Traffic to 0.0.0.0/0. The Route Table has the default local route to 10.0.0.0/16 (the VPC's CIDR block) and a route to the Internet Gateway at 0.0.0.0/0. The NACL associated with the subnet allows All Traffic in and out at 0.0.0.0/0. I know this is wide open but I wanted to ensure that the problem I'm encountering isn't related to Security Groups and NACLs.
I created a Secrets Manager secret MySecret-xxxxx and have attached an IAM role to the instance with the following policy to allow the instance to access the secret:
{"Version": "2012-10-17","Statement": [ {"Sid": "VisualEditor0","Effect": "Allow","Action": ["secretsmanager:GetResourcePolicy","secretsmanager:GetSecretValue","secretsmanager:DescribeSecret","secretsmanager:ListSecretVersionIds" ],"Resource": "arn:aws:secretsmanager:eu-west-2:xxxxxxxxx:secret:MySecret-xxxxx" } ]}I've installed the AWS SDK for PHP on the instance in a subfolder called sdks, and lastly created a "Hello World" index.php file that works perfectly well until I try to run getSecretValue in a simplified version of the setup information that AWS provides . This is the PHP code:
<?php require 'sdks/aws/aws-autoloader.php'; use Aws\SecretsManager\SecretsManagerClient; use Aws\Exception\AwsException; $client = new SecretsManagerClient( ['profile' => 'default','version' => 'latest','region' => 'eu-west-2' ] ); $secretName = 'MySecret-xxxxx'; echo '<h1>Hello World</h1>'; $result = $client->getSecretValue(['SecretId' => $secretName, ]);?>As soon as I include the $result = $client->getSecretValue([... block of code, I get an HTTP ERROR 500 error message, although it works perfectly well without it. I ran aws secretsmanager get-secret-value --secret-id MySecret-xxxxx --region eu-west-2 on the CLI and that returned the secret details properly.