Provisioned IAM policy for Secrets Manager does not include ListSecrets action #327
Comments
|
I have a fix for this and will open a pull request |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When using AWS Secrets Manager, the "data.aws_iam_policy_document.secrets-manager-policy" block in ./modules/cluster.irsa.tf includes the "secretsmanager:ListSecrets" action in a group of actions that have resource constraints. But "secretsmanager:ListSecrets" cannot have resource constraints, so it is not included in the policy.
Steps to reproduce the behaviour
set use_vault variable to false
sert use_asm variable to true
set create_asm_role variable to true
terraform apply
Expected behavior
Policy created which includes "secretsmanager:ListSecrets" action
Actual behavior
Policy created does not include "secretsmanager:ListSecrets" action
Terraform version
The output of
terraform versionis:Module version
Operating system
The text was updated successfully, but these errors were encountered: