Give secrets access to iam policy

ooni · Feb 23, 2024 · d86fc55 · d86fc55
1 parent dc59121
commit d86fc55
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
@@ -454,6 +454,25 @@ resource "aws_iam_role_policy" "ecs_service" {
         "elasticloadbalancing:RegisterTargets"
       ],
       "Resource": "*"
+    },
+    {
+        "Effect": "Allow",
+        "Action": [
+            "secretsmanager:GetResourcePolicy",
+            "secretsmanager:GetSecretValue",
+            "secretsmanager:DescribeSecret",
+            "secretsmanager:ListSecretVersionIds"
+        ],
+        "Resource": [
+            "arn:aws:secretsmanager:us-west-2:111122223333:secret:aes128-1a2b3c",
+            "arn:aws:secretsmanager:us-west-2:111122223333:secret:aes192-4D5e6F",
+            "arn:aws:secretsmanager:us-west-2:111122223333:secret:aes256-7g8H9i"
+        ]
+    },
+    {
+        "Effect": "Allow",
+        "Action": "secretsmanager:ListSecrets",
+        "Resource": "*"
     }
   ]
 }