DEVHIDE
Login Or Sign up

secretsmanager:ResourceTag/environment doesn't work with *(star)

619 Views Asked by At

I am trying to narrow down access to secrets which has an "environment" key. But it doesn't allow me to do so. When using specific environment name like "secretsmanager:ResourceTag/environment": "development" it works. But a wildcard value isn't working.

{
  "Sid": "VisualEditor0",
  "Effect": "Allow",
  "Action": [
    "secretsmanager:GetRandomPassword",
    "secretsmanager:GetResourcePolicy",
    "secretsmanager:GetSecretValue",
    "secretsmanager:DescribeSecret",
    "secretsmanager:ListSecretVersionIds",
    "secretsmanager:ListSecrets"
  ],
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "secretsmanager:ResourceTag/environment": "*"
    }
  }
}
amazon-web-services resource-based-authorization
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

StringEquals does case sensitive exact matching. Try StringLike instead, e.g:

{
  "Sid": "VisualEditor0",
  "Effect": "Allow",
  "Action": [
    "secretsmanager:GetRandomPassword",
    "secretsmanager:GetResourcePolicy",
    "secretsmanager:GetSecretValue",
    "secretsmanager:DescribeSecret",
    "secretsmanager:ListSecretVersionIds",
    "secretsmanager:ListSecrets"
  ],
  "Resource": "*",
  "Condition": {
    "StringLike": {
      "secretsmanager:ResourceTag/environment": "*"
    }
  }
}

Related Questions in AMAZON-WEB-SERVICES

Related Questions in RESOURCE-BASED-AUTHORIZATION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.