search

FormidableLabs / terraform-aws-serverless

Infrastructure support for Serverless framework apps, done the right way
https://registry.terraform.io/modules/FormidableLabs/serverless/aws
MIT License
144 stars 19 forks source link

Feature/Option: SecretsManager #12

Open ryan-roemer opened 5 years ago

ryan-roemer commented 5 years ago

Dependencies:

# TODO(IamPolicyDeveloper): SecretsManager: Read / write secrets
- Effect: Allow
  Action:
  - secretsmanager:PutSecretValue
  - secretsmanager:GetSecretValue
  Resource:
  - !Sub "arn:aws:secretsmanager:${AwsRegion}:${AWS::AccountId}:secret:${ServiceName}/${Stage}/*"
# TODO(IamPolicyAdmin): SecretsManager: Manage secrets
- Effect: Allow
  Action:
  - secretsmanager:DescribeSecret
  - secretsmanager:List*
  Resource:
  # Have to wildcard listing...
  # TODO: ... but could do conditions + tags to limit
  # https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_identity-based-policies.html
  - "*"
- Effect: Allow
  Action:
  - secretsmanager:CreateSecret
  - secretsmanager:DeleteSecret
  Resource:
  - !Sub "arn:aws:secretsmanager:${AwsRegion}:${AWS::AccountId}:secret:${ServiceName}/${Stage}/*"