AWS Code Sample
Catalog

asm-resource-policy-grant-gsv-on-only-awscurrent-to-role.json

This resource-based policy demonstrates how to grant access to only the AWSCURRENT version of the attached secret. Permissions are granted to an IAM role.

{ "Version" : "2012-10-17", "Statement" : [ { "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:role/EC2RoleToAccessSecrets"}, "Action": "secretsmanager:GetSecretValue", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "secretsmanager:VersionStage" : "AWSCURRENT" } } } ] }

Sample Details

Service: secretsmanager

Author: AWS

Type: full-example

On this page: