AWS Code Sample
Catalog

asm-role-policy-grants-single-user-lambda-access-to-asm-apis.json

This IAM role policy enables a Lambda rotation function to rotate the associated secret. It does not use a separate Master secret.

{ "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecretVersionStage" ], "Resource": "*", "Condition": { "StringEquals": { "secretsmanager:resource/AllowRotationLambdaArn": "<arn_of_lambda_rotation_function>" } } }, { "Effect": "Allow", "Action": [ "secretsmanager:GetRandomPassword" ], "Resource": "*" }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Resource": "*", "Effect": "Allow" } ] }

Sample Details

Service: secretsmanager

Author: AWS

Type: full-example

On this page: