Created
June 20, 2021 19:05
-
-
Save KyMidd/b8b68c2c8aebdc754073377147295479 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role_policy" "SpokeABuilderExecutionRoleSsmRead" { | |
| name = "SpokeABuilderExecutionRoleSsmRead" | |
| role = aws_iam_role.SpokeABuilderExecutionRole.id | |
| policy = jsonencode( | |
| { | |
| "Version" : "2012-10-17", | |
| "Statement" : [ | |
| { | |
| "Effect" : "Allow", | |
| "Action" : [ | |
| "secretsmanager:GetSecretValue" | |
| ], | |
| "Resource" : [ | |
| "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaa:secret:SecretName*" <-- Note the "*" at the end, this is required, the ARN in the Hub account | |
| ] | |
| }, | |
| { | |
| "Effect" : "Allow", | |
| "Action" : [ | |
| "kms:Decrypt" | |
| ], | |
| "Resource" : [ | |
| "arn:aws:kms:us-east-1:aaaaaaaa:key/1111111-22222-33333-444444444444" <-- The ARN of the key in the Hub account | |
| ] | |
| } | |
| ] | |
| } | |
| ) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment