GetResourcePolicy
Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about permissions policies attached to a secret, see Permissions policies attached to a secret.
Required permissions:
secretsmanager:GetResourcePolicy
.
For more information, see
IAM policy actions for Secrets Manager and Authentication
and access control in Secrets Manager.
Request Syntax
{
"SecretId": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- SecretId
-
The ARN or name of the secret to retrieve the attached resource-based policy for.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: Yes
Response Syntax
{
"ARN": "string",
"Name": "string",
"ResourcePolicy": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ARN
-
The ARN of the secret that the resource-based policy was retrieved for.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
- Name
-
The name of the secret that the resource-based policy was retrieved for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 512.
- ResourcePolicy
-
A JSON-formatted string that contains the permissions policy attached to the secret. For more information about permissions policies, see Authentication and access control for Secrets Manager.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20480.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalServiceError
-
An error occurred on the server side.
HTTP Status Code: 500
- InvalidParameterException
-
The parameter name or value is invalid.
HTTP Status Code: 400
- InvalidRequestException
-
A parameter value is not valid for the current state of the resource.
Possible causes:
-
The secret is scheduled for deletion.
-
You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.
HTTP Status Code: 400
-
- ResourceNotFoundException
-
Secrets Manager can't find the resource that you asked for.
HTTP Status Code: 400
Examples
Example
The following example shows how to retrieve the resource-based policy attached to a secret. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.
Sample Request
POST / HTTP/1.1
Host: secretsmanager.region.domain
Accept-Encoding: identity
X-Amz-Target: secretsmanager.GetResourcePolicy
Content-Type: application/x-amz-json-1.1
User-Agent: <user-agent-string>
X-Amz-Date: <date>
Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature>
Content-Length: <payload-size-bytes>
{
"SecretId": "MyTestDatabaseSecret"
}
Sample Response
HTTP/1.1 200 OK
Date: <date>
Content-Type: application/x-amz-json-1.1
Content-Length: <response-size-bytes>
Connection: keep-alive
x-amzn-RequestId: <request-id-guid>
{
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"ResourcePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::111122223333:root\",\"arn:aws:iam::444455556666:root\"]},\"Action\":[\"secretsmanager:GetSecretValue\"],\"Resource\":\"*\"}}"
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: