504 Deadline Exceeded Error While Connecting to GCP Secret Manager
Issue
When running a Connector SDK deployment in Fivetran, calls to GCP Secret Manager fail with:
504 Deadline Exceeded
The same error doesn't appear when debugging locally.
Environment
- Connector SDK
- Connection option: Google Cloud Private Service Connect
Resolution
To resolve this issue, do the following:
- Identify which Service Account the Cloud Function or backend integration uses at runtime.
- Compare that Service Account with the credentials used in your local environment.
- Ensure the correct Service Account is attached to the deployed Cloud Function or backend service.
- In the GCP project, grant the Secret Manager Secret Accessor role to that Service Account. For more information, see GCP Access control with IAM.
- Redeploy the updated configuration if you made any changes.
- In Fivetran, save and test the connection again.
Cause
This issue occurs when the Service Account used by the deployed cloud at runtime differs from the credentials used locally. If the runtime Service Account doesn't have permission to access GCP Secret Manager, API requests may fail due to an authentication or permission mismatch.
If you encounter GCP API errors during Fivetran cloud runs that don't occur locally, review the Service Account configuration used by the deployed runtime and confirm it has the required Secret Manager permissions.