AWS Secrets Manager Secret Policy

This page shows how to write Terraform and CloudFormation for Secrets Manager Secret Policy and write them securely.

aws_secretsmanager_secret_policy (Terraform)

The Secret Policy in Secrets Manager can be configured in Terraform with the resource name aws_secretsmanager_secret_policy. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

secrets-iam.tf#L1
resource "aws_secretsmanager_secret_policy" "station_sm_policy" {
  secret_arn = aws_secretsmanager_secret.station_secretmanager.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",
secrets.tf#L11
resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.token.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",
secrets_manager_secret.tf#L11
resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.example.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",
main.tf#L9
resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.not_secure_policy.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",
main.tf#L9
resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.secure_policy.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a resource to manage AWS Secrets Manager secret policy.

AWS::SecretsManager::ResourcePolicy (CloudFormation)

The ResourcePolicy in SecretsManager can be configured in CloudFormation with the resource name AWS::SecretsManager::ResourcePolicy. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Explanation in CloudFormation Registry

Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more information, see Authentication and access control for Secrets Manager For information about attaching a policy in the console, see Attach a permissions policy to a secret.

Frequently asked questions

What is AWS Secrets Manager Secret Policy?

AWS Secrets Manager Secret Policy is a resource for Secrets Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Secrets Manager Secret Policy?

For Terraform, the kagzouli/StationDemoProject, viralpatel94/cloud9 and kmcquade/terraform-aws-resource-exposure source code examples are useful. See the Terraform Example section for further details.