Just simple troubleshooting questions to ask myself whenever connectivity fails.
- Does the ECS task have network access to SecretsManager? e.g.:
- from a private subnet via a NAT Gateway or VPC Endpoint
- from a public subnet via a public IP address
- Does the TaskExecutionRole have sufficient IAM rights to read the secret?
- Does the VPC Link have a security group that's allowed to access the ECS tasks on the given port?
- Are the Cloud Map DNS records of type
- Does the accessor have a security group that's allowed to access the DB?
- Does the accessor have the right network access?
- Is the accessor using the right port? (Aurora may set unexpected ports when using CloudFormation)
- Have you double checked spelling?