Skip to content
This repository was archived by the owner on Jan 12, 2024. It is now read-only.

Commit 4ddd793

Browse files
author
Rebecca Dong
authored
chore: add secrets manager policy to cms role (#149)
1 parent ca24bec commit 4ddd793

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

src/main/resources/cloudformation/iam-roles.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,17 @@ Resources:
3333
- cloudformation:SignalResource
3434
Effect: Allow
3535
Resource: '*'
36+
- PolicyName: "cms-allow-sm-read"
37+
PolicyDocument:
38+
Statement:
39+
- Action:
40+
- secretsmanager:GetResourcePolicy
41+
- secretsmanager:GetSecretValue
42+
- secretsmanager:DescribeSecret
43+
- secretsmanager:ListSecretVersionIds
44+
Effect: Allow
45+
Resource:
46+
- '*'
3647
- PolicyName: "cms-kms-policy"
3748
PolicyDocument:
3849
Statement:

0 commit comments

Comments
 (0)