pulumi-aws-kotlin/com.pulumi.aws.secretsmanager.kotlin/SecretPolicy

SecretPolicy

class SecretPolicy : KotlinCustomResource

Provides a resource to manage AWS Secrets Manager secret policy.

Example Usage

Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.Secret;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.secretsmanager.SecretPolicy;
import com.pulumi.aws.secretsmanager.SecretPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleSecret = new Secret("exampleSecret");
        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .sid("EnableAnotherAWSAccountToReadTheSecret")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("arn:aws:iam::123456789012:root")
                    .build())
                .actions("secretsmanager:GetSecretValue")
                .resources("*")
                .build())
            .build());
        var exampleSecretPolicy = new SecretPolicy("exampleSecretPolicy", SecretPolicyArgs.builder()
            .secretArn(exampleSecret.arn())
            .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
    }
}
Content copied to clipboard

Import

aws_secretsmanager_secret_policy can be imported by using the secret Amazon Resource Name (ARN), e.g.,

$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456
Content copied to clipboard

Properties

Link copied to clipboard
val blockPublicPolicy: Output<Boolean>?

Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val policy: Output<String>

Valid JSON document representing a resource policy. Unlike aws.secretsmanager.Secret, where policy can be set to "{}" to delete the policy, "{}" is not a valid policy since policy is required.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val secretArn: Output<String>

Secret ARN. The following arguments are optional:

Link copied to clipboard
val urn: Output<String>