checklist.day

AWS Secrets Manager (IAM)

JSON →
aws security

AWS Secrets Manager is a service for securely storing, rotating, and managing access to secrets such as database credentials, API keys, and other sensitive information.

Common permissions

secretsmanager:ListSecretssecretsmanager:DescribeSecretsecretsmanager:GetSecretValuesecretsmanager:CreateSecretsecretsmanager:PutSecretValuesecretsmanager:TagResourcesecretsmanager:GetRandomPasswordsecretsmanager:GetResourcePolicy

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:ListSecrets",
        "secretsmanager:DescribeSecret",
        "secretsmanager:GetSecretValue",
        "secretsmanager:CreateSecret",
        "secretsmanager:PutSecretValue",
        "secretsmanager:TagResource",
        "secretsmanager:GetRandomPassword",
        "secretsmanager:GetResourcePolicy"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/secretsmanager/secretsmanager.json ↗

API

full doc /v1/iam/secretsmanager