I want to restrict both iam users and federated users from being able to see a certain secret from the secrets manager. For iam user i created this policy:
policy={
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"NotPrincipal": {
"AWS": [
f"arn:aws:iam::123831926524:user/{username}",
"arn:aws:iam::123831926524:root"
]},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
}]}
But for federated users, I have no idea how to restrict them.
Just specify who is able to use the secret (separately) by specifying resource base policy
. https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.