How to restrict federated user to see a secret from secrets manager?
Question
I want to restrict both iam users and federated users from being able to see a certain secret from the secrets manager. For iam user i created this policy:
policy={
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"NotPrincipal": {
"AWS": [
f"arn:aws:iam::123831926524:user/{username}",
"arn:aws:iam::123831926524:root"
]},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
}]}
But for federated users, I have no idea how to restrict them.
1 answers
solution1
0 2022-08-17 08:18:02
Just specify who is able to use the secret (separately) by specifying resource base policy . https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
how to update secrets manager secret value from lambda function?
get all secrets from AWS secret manager
How to access a key value pair secret from AWS Secrets Manager, in concourse?
How to get all secrets from a different AWS accounts secret manager with Boto3?
How to use new secret created by key rotation from AWS Secrets Manager
get secret from secrets manager returns none | elastic beanstalk | flask
spring boot + load secret manager secrets from different AWS account
Access AWS Secrets Manager secret from AWS Lambda with JS
How to disable automatic secret rotation of AWS Secrets Manager using Terraform?
How do retrieve the specific value of an AWS Secrets Manager secret?
Related Tags