3

created a secret manager key (non-rotational)with plain text option and encrypted. When i tried to get the value in lambda function , I am getting the error as permission denied. Could you please help how to resolve the issue

Improve this question

1 Answer 1

Reset to default
4

You need to assign the role to lambda function to read from the secret manager.

AWS role The following IAM policy allows read access to all resources that you create in AWS Secrets Manager. This policy applies to resources that you have created already and all resources that you create in the future.

{
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "secretsmanager:GetResourcePolicy",
                    "secretsmanager:GetSecretValue",
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:ListSecretVersionIds"
                  ],
                  "Resource": ["*"]
                }
              ]
            }

enter image description here You can find more specific example below iam-policy-examples-asm-secrets

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks or the help.. I have added the policy in the SAM template
Note that this policy grants access to all secrets. It's a better practice to only grant access to the secrets your application actually needs.
@Blueriver yes and normally we do like api-* or prod-* if there is prefix per env or per application

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.