AWS Secrets Manager
User Guide

AWS Managed Policies Available for Use with AWS Secrets Manager

This section identifies the AWS managed policies that you can use to help manage access to your secrets. You can't modify or delete an AWS managed policy, but you can attach or detach them to entities in your account as needed.

Policy Name Description ARN
SecretsManagerReadWrite Provides access to most Secrets Manager operations. By itself, it doesn't enable configuring rotation because that also requires IAM permissions to create roles. For someone who must configure Lambda rotation functions and enable rotation, you should also assign the IAMFullAccess managed policy. arn:aws:iam::aws:policy/SecretsManagerReadWrite