1 回答
- 最新
- 投票最多
- 评论最多
0
Hello.
What IAM policy is set for the IAM role configured on Lambda?
If you are using rotation to update secrets, you will need a policy called "secretsmanager:RotateSecret".
If you want to update as is, the policy "secretsmanager:UpdateSecret" is required.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html
So this script will eventually become the update script called by the rotation process, however, for testing I gave it full write permissions: Allow: secretsmanager:GetSecretValue Allow: secretsmanager:StopReplicationToReplica Allow: secretsmanager:ListSecretVersionIds Allow: secretsmanager:DeleteSecret Allow: secretsmanager:ReplicateSecretToRegions Allow: secretsmanager:RemoveRegionsFromReplication Allow: secretsmanager:DescribeSecret Allow: secretsmanager:PutSecretValue Allow: secretsmanager:UpdateSecretVersionStage Allow: secretsmanager:RestoreSecret Allow: secretsmanager:CreateSecret Allow: secretsmanager:UpdateSecret Allow: secretsmanager:CancelRotateSecret Allow: secretsmanager:GetResourcePolicy Allow: secretsmanager:RotateSecret