{"id":9957,"date":"2023-03-17T11:06:33","date_gmt":"2023-03-17T03:06:33","guid":{"rendered":"http:\/\/123.57.164.21\/?p=9957"},"modified":"2023-03-17T11:06:33","modified_gmt":"2023-03-17T03:06:33","slug":"grant-aws-lambda-access-to-secrets-manager","status":"publish","type":"post","link":"https:\/\/92it.top\/?p=9957","title":{"rendered":"Grant AWS Lambda Access to Secrets Manager"},"content":{"rendered":"\n

In order to grant a Lambda function access to Secrets Manager, we have to attach an IAM policy to the function’s execution role. The policy should grant permissions for all the Actions<\/code> the function needs to perform on the secrets.<\/strong><\/p>\n\n\n\n

For example, the following policy grants permissions for the most commonly used secrets manager actions on a specific secret.<\/p>\n\n\n\n

The policy applies to a specific secret, therefore make sure to replace the YOUR_SECRET_ARN placeholder in the Resource element with the secret's ARN.\nYou can specify multiple values if the lambda function needs access to multiple secrets.\n<\/pre>\n\n\n\n
\"\"<\/figure><\/div>\n\n\n\n
If your lambda function only needs to read a secret, you only need the secretsmanager:GetSecretValue<\/code> action.<\/p>\n\n\n\n
The actions your lambda function needs to perform on the secrets are use case specific.<\/p>\n\n\n\n
You could set \"secretsmanager:*\" for the Action element in the policy to grant full secrets manager access to the lambda function. However, it's best practice to grant an entity the least permissions that get the job done.<\/pre>\n\n\n\n
You can view a full list of the secrets manager Actions<\/code> in the Secrets Manager Actions table<\/a>.<\/p>\n\n\n\n
There is a Description<\/code> column that explains what each action does.<\/p>\n\n\n\n
To attach a policy to the lambda function’s execution role:<\/p>\n\n\n\n