Resource: aws_secretsmanager_secret_policy

Provides a resource to manage AWS Secrets Manager secret policy.

Example Usage

Basic

resource "aws_secretsmanager_secret" "example" {
  name = "example"
}

data "aws_iam_policy_document" "example" {
  statement {
    sid    = "EnableAnotherAWSAccountToReadTheSecret"
    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::123456789012:root"]
    }

    actions   = ["secretsmanager:GetSecretValue"]
    resources = ["*"]
  }
}

resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.example.arn
  policy     = data.aws_iam_policy_document.example.json
}

Argument Reference

The following arguments are required:

The following arguments are optional:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import aws_secretsmanager_secret_policy using the secret Amazon Resource Name (ARN). For example:

import {
  to = aws_secretsmanager_secret_policy.example
  id = "arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"
}

Using terraform import, import aws_secretsmanager_secret_policy using the secret Amazon Resource Name (ARN). For example:

% terraform import aws_secretsmanager_secret_policy.example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456