How do I fix 'ResourceInitializationError: unable to pull secrets or registry auth' for my container service?
If you are deploying or have an existing container service with an authenticated container that is unable to launch, it may be failing to pull repository credentials from our secrets manager. In this case, authentication to the repository will not even be attempted and the task will fail with the error:
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to get registry auth from asm: service call has been retried 1 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-1:xxxxxxxx...
This may happen for a few reasons, but the most likely reason is your container service was deployed initially with an earlier version of the Spinup Container Service. Newer versions have further locked down access to repository credentials and require a minor update and redeployment of your container service to be compliant.
Instructions
The fix for this error is usually simple. Create a minor update to any of your containers in the service and redeploy. The backend will handle the migration and apply the correct permissions from there!
Login to Spinup and navigate to your container service
Select one of the containers in the definition tab
Edit any field in the container definition, save and Redeploy
Doing a redeploy without changing anything in a container definition with not fix the issue as it doesn’t update the secrets management permissions. Scaling your container up or down will also not fix the issue for the same reason.