I am trying to narrow down access to secrets which has an "environment" key. But it doesn't allow me to do so. When using specific environment name like "secretsmanager:ResourceTag/environment": "development" it works. But a wildcard value isn't working.
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}
StringEquals does case sensitive exact matching. Try StringLike instead, e.g:
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringLike": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}