Allow access to secretsmanager

kostz · web-flow · commit 0ee8b8db65ae · 2025-02-19T15:54:21.000+01:00
diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml
@@ -1938,6 +1938,9 @@ Resources:
               - Action: 'states:ListExecutions'
                 Effect: Allow
                 Resource: '*'
+              - Action: 'secretsmanager:GetSecretValue'
+                Effect: Allow
+                Resource: "arn:aws:secretsmanager:{{.Cluster.Region}}:{{.Cluster.InfrastructureAccount | getAWSAccountID}}:secret:*.zmon-db-user.credentials*"
             Version: 2012-10-17
           PolicyName: root
       RoleName: "{{.Cluster.LocalID}}-app-zmon"
