Skip to content

Feature/Option: SecretsManager #12

Description

@ryan-roemer

Dependencies:

  • IAM
  • KMS
# TODO(IamPolicyDeveloper): SecretsManager: Read / write secrets
- Effect: Allow
  Action:
  - secretsmanager:PutSecretValue
  - secretsmanager:GetSecretValue
  Resource:
  - !Sub "arn:aws:secretsmanager:${AwsRegion}:${AWS::AccountId}:secret:${ServiceName}/${Stage}/*"
# TODO(IamPolicyAdmin): SecretsManager: Manage secrets
- Effect: Allow
  Action:
  - secretsmanager:DescribeSecret
  - secretsmanager:List*
  Resource:
  # Have to wildcard listing...
  # TODO: ... but could do conditions + tags to limit
  # https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_identity-based-policies.html
  - "*"
- Effect: Allow
  Action:
  - secretsmanager:CreateSecret
  - secretsmanager:DeleteSecret
  Resource:
  - !Sub "arn:aws:secretsmanager:${AwsRegion}:${AWS::AccountId}:secret:${ServiceName}/${Stage}/*"

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions