AWS Code Sample
Catalog

asm-user-policy-grants-access-to-path-and-restricts-gsv-to-awscurrent-version.json

This IAM policy grants the attached principal read access to the secret and to the secret value of only the AWSCURRENT version of the secret.

{ "Version": "2012-10-17", "Statement": [ { "Sid" : "Stmt1DescribeSecret", "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret" ], "Resource": "arn:aws:secretsmanager:<region>:<account_id>:secret:TestEnv/*" }, { "Sid" : "Stmt2GetSecretValue", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:<region>:<account_id>:secret:TestEnv/*", "Condition" : { "ForAnyValue:StringLike" : { "secretsmanager:VersionStage" : "AWSCURRENT" } } } ] }

Sample Details

Service: secretsmanager

Author: AWS

Type: full-example

On this page: