Fetch Secrets Manager secret cross account

Hi,
I’m having two accounts, let’s call them A and B.
In account A I have a secret in Secrets Manager. I would like to read this secret in account B’s serverless’ file.

If only one account I’m populating environment variables in my serverless.yml file in this way:
custom: secrets: ${ssm:/aws/reference/secretsmanager/test-secret-in-account-A}
I then populate an environment variable using:
provider: environment: AUTH_TOKEN: ${self:custom.secrets.token}
This works perfectly if all within one account. But how can I read a Secrets Manager secret hosted in account A in account B?
Thank you!

Hey ddss,

This functionality of fetching secrets manager data via SSM is an AWS feature, not a Serverless feature. See docs here: Referencing AWS Secrets Manager secrets from Parameter Store parameters - AWS Systems Manager

So the question is, will AWS let you reference a cross account parameter, probably by full arn, using the /aws/reference/ syntax… when I try, it doesn’t work. I wish I could! Let me know if you got around this

This is related to the ongoing discussion here that looks like it’s leading to the introduction of a new serverless keyword secretsmanager:/ to handle cross account secrets manager access. AWS: Get secrets manager output from another account · Issue #8771 · serverless/serverless · GitHub