AWS Code Sample
Catalog

asm-resource-policy-xacct-access-gsv-restrict-to-awscurrent.json

This resource-based policy shows how delegate access to another AWS account to retrieve only the AWSCURRENT version of the attached secret.

{ "Version" : "2012-10-17", "Statement" : [ { "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:root" }, "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:<region>:<account_id>:secret:prod/ServerA-a1b2c3", "Condition": { "ForAnyValue:StringEquals": { "secretsmanager:VersionStage" : "AWSCURRENT" } } } ] }

Sample Details

Service: secretsmanager

Author: AWS

Type: full-example

On this page: