pulumi-aws-kotlin/com.pulumi.aws.secretsmanager.kotlin/SecretPolicyArgs

SecretPolicyArgs

data class SecretPolicyArgs(val blockPublicPolicy: Output<Boolean>? = null, val policy: Output<String>? = null, val secretArn: Output<String>? = null) : ConvertibleToJava<SecretPolicyArgs>

Provides a resource to manage AWS Secrets Manager secret policy.

Example Usage

Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.Secret;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.secretsmanager.SecretPolicy;
import com.pulumi.aws.secretsmanager.SecretPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleSecret = new Secret("exampleSecret");
        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .sid("EnableAnotherAWSAccountToReadTheSecret")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("arn:aws:iam::123456789012:root")
                    .build())
                .actions("secretsmanager:GetSecretValue")
                .resources("*")
                .build())
            .build());
        var exampleSecretPolicy = new SecretPolicy("exampleSecretPolicy", SecretPolicyArgs.builder()
            .secretArn(exampleSecret.arn())
            .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
    }
}
Content copied to clipboard

Import

aws_secretsmanager_secret_policy can be imported by using the secret Amazon Resource Name (ARN), e.g.,

$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(blockPublicPolicy: Output<Boolean>? = null, policy: Output<String>? = null, secretArn: Output<String>? = null)

Properties

Link copied to clipboard
val blockPublicPolicy: Output<Boolean>? = null

Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.

Link copied to clipboard
val policy: Output<String>? = null

Valid JSON document representing a resource policy. Unlike aws.secretsmanager.Secret, where policy can be set to "{}" to delete the policy, "{}" is not a valid policy since policy is required.

Link copied to clipboard
val secretArn: Output<String>? = null

Secret ARN. The following arguments are optional:

Functions

Link copied to clipboard
open override fun toJava(): SecretPolicyArgs