Created
March 2, 2021 18:31
-
-
Save camilosantana/1d5dacd6a11580c1e7aec684e8a5e205 to your computer and use it in GitHub Desktop.
copilot addon for access to an aws secret
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: "IAM policy allows access to an AWS secret" | |
| Parameters: | |
| App: | |
| Type: String | |
| Description: Your application's name. | |
| Env: | |
| Type: String | |
| Description: The environment name your service, job, or workflow is being deployed to. | |
| Name: | |
| Type: String | |
| Description: The name of the service, job, or workflow being deployed. | |
| Resources: | |
| IAMpolicyAllowSecrets: | |
| Type: AWS::IAM::ManagedPolicy | |
| Properties: | |
| PolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - secretsmanager:GetResourcePolicy | |
| - secretsmanager:GetSecretValue | |
| - secretsmanager:DescribeSecret | |
| - secretsmanager:ListSecretVersionIds | |
| Resource: | |
| - "arn:aws:secretsmanager:<region>:<accountId>:secret:<secretName>" | |
| Outputs: | |
| IAMpolicyAllowSecretsARN: | |
| Description: "The ARN of the ManagedPolicy to that allows secrets access." | |
| Value: !Ref IAMpolicyAllowSecrets | |
| NullResource: | |
| Description: "slurp default params to prevent linting warnings for unused vars" | |
| Value: | |
| Fn::Join: | |
| - "" | |
| - - "Ref": "App" | |
| - "Ref": "Env" | |
| - "Ref": "Name" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment