From 2c9dc83e39e9cef986c3ff99da5e2378fadf4f98 Mon Sep 17 00:00:00 2001
From: Ste Murray <31927466+stemurray@users.noreply.github.com>
Date: Sat, 27 Nov 2021 03:03:24 +0000
Subject: [PATCH] fix: create statement for listsecrets in secrets manager iam
 policy (#328)

---
 modules/cluster/irsa.tf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/cluster/irsa.tf b/modules/cluster/irsa.tf
index 1c7d514..8d23cb4 100644
--- a/modules/cluster/irsa.tf
+++ b/modules/cluster/irsa.tf
@@ -392,7 +392,6 @@ data "aws_iam_policy_document" "secrets-manager-policy" {
       "secretsmanager:GetResourcePolicy",
       "secretsmanager:GetSecretValue",
       "secretsmanager:ListSecretVersionIds",
-      "secretsmanager:ListSecrets",
       "secretsmanager:PutSecretValue",
       "secretsmanager:UpdateSecret",
     ]
@@ -402,6 +401,15 @@ data "aws_iam_policy_document" "secrets-manager-policy" {
       "arn:${data.aws_partition.current.partition}:secretsmanager:${var.region}:${local.project}:secret:secret/data/nexus/*"
     ]
   }
+  statement {
+    effect = "Allow"
+    actions = [
+      "secretsmanager:ListSecrets",
+    ]
+    resources = [
+      "*",
+    ]
+  }
 }
 resource "aws_iam_policy" "secrets-manager" {
   count       = var.create_asm_role ? 1 : 0