bug: allow external secrets to get secrets from AWS Secrets Manager (#241)

mglotov · web-flow · commit b0b65c6de3bc · 2022-01-06T17:09:53.000+06:00
diff --git a/terraform/layer2-k8s/eks-external-secrets.tf b/terraform/layer2-k8s/eks-external-secrets.tf
@@ -90,7 +90,13 @@ module "aws_iam_external_secrets" {
     "Statement" : [
       {
         "Effect" : "Allow",
-        "Action" : "ssm:GetParameter",
+        "Action" : [
+          "ssm:GetParameter",
+          "secretsmanager:GetResourcePolicy",
+          "secretsmanager:GetSecretValue",
+          "secretsmanager:DescribeSecret",
+          "secretsmanager:ListSecretVersionIds"
+        ],
         "Resource" : "*"
       }
     ]

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,13 @@ module "aws_iam_external_secrets" {`
`90`	`90`	`"Statement" : [`
`91`	`91`	`{`
`92`	`92`	`"Effect" : "Allow",`
`93`		`- "Action" : "ssm:GetParameter",`
	`93`	`+ "Action" : [`
	`94`	`+ "ssm:GetParameter",`
	`95`	`+ "secretsmanager:GetResourcePolicy",`
	`96`	`+ "secretsmanager:GetSecretValue",`
	`97`	`+ "secretsmanager:DescribeSecret",`
	`98`	`+ "secretsmanager:ListSecretVersionIds"`
	`99`	`+ ],`
`94`	`100`	`"Resource" : "*"`
`95`	`101`	`}`
`96`	`102`	`]`