What is the right syntax for an IAM policy to add to AWS Secret Manager to restrict access by IP
Question
I am creating a Secret in AWS secret manager and I try to put in a policy to restrict access by IP.
I do it under the Secret console in [Resource Permissions] section.
I keep getting syntax error, but not what is the error.
Here is the policy I am trying ( was create via the visual editor in AWS console).
{
"Version":"2012-10-17",
"Statement": [{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:*",
"Resource": "arn:aws:secretsmanager:us-east-2:722317156788:secret:dev/playAround/junju-MWTXvg",
"Condition": {
"IpAddress": {
"aws:SourceIp": "210.75.12.75/32"
}
}
}]
}
1 answers
solution1
1 ACCPTED 2021-05-07 15:51:52
It works after making two changes as below:
- remove leading space in front of opening brace "{" on the first line of policy
- for resource based policies, Principal is required (in certain circumstances)
Please refer to the attached picture of your updated policy to resolve the issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
AWS IAM Policy To Restrict S3 Access (Prefix) Based On IAM User's Tag
Access aws IAM Policy JSON file programmatically .Net SDK
AWS IAM Policy to Enforce Tagging
Bad String in AWS IAM policy
Azure Policy to restrict role based access control(IAM) to users at Resource group level in Azure
Why does this IAM policy have a syntax error?
Terraform AWS IAM Role “inline_policy.0.policy” contains an invalid JSON policy using ${file xyz} and jsonencode
Specifying multiple folders in AWS S3 IAM policy
How do you add a comment to a json IAM policy?
ec2 service policy to restrict the creation of inbound ssh public access
Related Tags