I want to have a lambda accessing secret manager.
For reasons beyond the scope of this question, I want to go with a resource based policy.
So I am considering allowing principal lambda-my-lambda in the specific SM secret.
Will I also need to add a specific IAM policy to the lambda's executor role?
Or will just the resource based policy allow lambda-my-lambda to access the secrets' manager secret?
Either is sufficient on its own.
Identity-based policy = "Entry Pass"
Resource-based policy = "Guest List"
"Principal": <Lambda Role ARN>