Secrets Manager Secrets IAM Policy to Permit Multi-Account Access

Jan 21, 2022

0

Share this article

{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html

1{
2  "Version" : "2012-10-17",
3  "Statement" : [
4    {
5      "Sid" : "Secrets Manager Secrets Cross Account Policy",
6      "Effect" : "Allow",
7      "Action" : "secretsmanager:GetSecretValue",
8      "Resource" : "*",
9      "Principal" : {
10        "AWS" : [
11          "arn:aws:iam::{{account-id1}}:role/{{role-name1}}",
12          "arn:aws:iam::{{account-id2}}:role/{{role-name2}}"
13         ]
14      }
15    }
16  ]
17}
DOC

For each cross-account role you wish to enable access to Secrets Manager, replace {{account-id}} and {{role-name}} variables.

    img

    Related Policies

    POLICY

    SCP: Prevent users from deleting Amazon VPC flow logs

    This policy prevents principals from deleting EC2 flow logs or CloudWatch log gr...

    Amazon Web ServicesAmazon EC2

    Aug 09, 2022

    0
    POLICY

    SCP: Require a tag on specified created resources

    This policy prevents principals from creating certain resource types if the requ...

    Amazon Web ServicesAmazon EC2
    +1

    Aug 09, 2022

    0
    POLICY

    SCP: Prevent users from disabling Amazon GuardDuty

    This policy prevents principals from disabling GuardDuty or altering its configu...

    Amazon Web Services

    Aug 09, 2022

    0
    img

    Join the beta waitlist

    Enter your email to get notified when our product becomes available to try.

    Sign Up for the community

    Create your member profile to get involved with our content, programs, and events.