No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

It looks like perhaps your params/secrets references might not be quite right — can you share that section? Perhaps the correct SSM param ARN string isn’t what’s being stored in the container def block.

e.g.
```secrets: [
  { name: 'ENV_VAR_NAME', valueFrom: 'arn:aws:ssm:&lt;region&gt;:&lt;account&gt;:parameter/parampath/paramname' }
]```

<@U04MR3V5F3N> do i have to pass an ssm arn ? i wanted to pass my secrets manager full arn

here is one of the secret i pass:
```	{
		name: 'MONGODB_URI',
		valueFrom: 'arn:aws:secretsmanager:eu-west-3:ACCOUNT_ID:secret:MONGODB_URI-ftkHYT',
	},```

Looks ok to me, based on <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html> — I’ve not used Secrets Manager, but it seems you can get away without the “default colons” at the end of the ARN, based on that. It does seem like somewhere it’s trying to interpret that as SSM though. Perhaps 1. try to call each of your secrets using the CLI and those ARNs, to ensure they aren’t malformed, and 2. build up your `secrets` block one by one until you hit the one that’s failing?

You can also eyeball the actual ENV var `valueFrom`s using the console or CLI and describing the container.

I’ve sometimes found that I interpolated incorrectly, and that’s been helpful.