By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM Policy for aws secrets manager not working

0

We would like to restrict the via tags or any other way for our developers to access only limited secrets via aws secrets manager. { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Resource": "*", "Condition": { "StringEquals": { "secretsmanager:ResourceTag/ServerName": "ServerABC" } } } } The error is below: Failed to fetch a list of secrets.

Topics
Security, Identity, & Compliance
Tags
AWS Secrets ManagerIAM Policies
Language
English
Hamid
asked 9 months ago239 views
1 Answer
0

Hi,

Have a look at "Controlling access based on tag keys" on https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html

The proper syntax is to use aws:TagKeys :https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys

Your used "secretsmanager:ResourceTag/ServerName"

See their example:

{
        "Effect": "Allow",
        "Action": [
            "secretsmanager:CreateSecret",
            "secretsmanager:TagResource"
        ],
        "Resource": "*",
        "Condition": {
            "Null": {
                "aws:TagKeys": "false"
            },
            "ForAllValues:StringEquals": {
                "aws:TagKeys": [
                    "environment",
                    "cost-center"
                ]
            }
        }
}

Best, Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content