doc: Updates README with details on AWS Secrets Manager profile naming for CloudFormation (#1307)

EspenAlbert · web-flow · commit edefb269a457 · 2025-03-18T07:01:14.000Z
diff --git a/README.md b/README.md
@@ -50,6 +50,7 @@ SecretValue: {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey"}
 ```
 
 To create a new secret for a default profile, use the [PROFILE SECRET TEMPLATE](/examples/profile-secret.yaml) file provided in this repository.
+The secret must exist in the same AWS account and AWS region where the Cloudformation stack is run.
 
 Here are some examples of how to use this template:
 
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
@@ -24,7 +24,6 @@ Resources:
               - Effect: Allow
                 Action:
                 - "secretsmanager:CreateSecret"
-                - "secretsmanager:CreateSecretInput"
                 - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
                 - "secretsmanager:PutSecretValue"
diff --git a/cfn-resources/custom-db-role/resource-role.yaml b/cfn-resources/custom-db-role/resource-role.yaml
@@ -30,11 +30,6 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                - "initech:CreateReport"
-                - "initech:DeleteReport"
-                - "initech:DescribeReport"
-                - "initech:ListReports"
-                - "initech:UpdateReport"
                 - "secretsmanager:GetSecretValue"
                 Resource: "*"
 Outputs:
diff --git a/cfn-resources/global-cluster-config/resource-role.yaml b/cfn-resources/global-cluster-config/resource-role.yaml
@@ -24,7 +24,6 @@ Resources:
               - Effect: Allow
                 Action:
                 - "secretsmanager:CreateSecret"
-                - "secretsmanager:CreateSecretInput"
                 - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
                 - "secretsmanager:PutSecretValue"
diff --git a/examples/README.md b/examples/README.md
@@ -13,6 +13,8 @@ You must [configure API keys](https://www.mongodb.com/docs/atlas/configure-api-a
 ### CloudFormation Profile
 You should create a profile in the AWS Secrets Manager that contains the MongoDB Atlas Programmatic API Key.
 
+The secret must be named `cfn/atlas/profile/{ProfileName}` and exist in the same AWS account and AWS region where the Cloudformation stack is run.
+
 Use [this template](profile-secret.yaml) to create a [new CloudFormation stack](https://console.aws.amazon.com/cloudformation/home#/stacks/create) for the default profile that all resources attempt to use unless you specify a different profile.
 
 ### Configure the IAM Execution Role
