Doubled ARN when using secretmanager

iann0036 / iamlive

Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy

MIT License

3.11k stars 107 forks source link

Doubled ARN when using secretmanager #30

Open itd-seb opened 3 years ago

itd-seb commented 3 years ago

When retrieving a secret value the output for the resource ARN will be doubled like so: { "Effect": "Allow", "Action": [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Resource": "arn:aws:secretsmanager:eu-central-1:XXX:secret:arn:aws:secretsmanager:eu-central-1:XXX:secret:*" } Used command: iamlive --set-ini --account-id "XXX" --mode proxy --output-file cicd-policy.json --sort-alphabetical

iann0036 commented 3 years ago

Hey @seb-itd,

Thanks heaps for raising!

Looks like the SecretId property could be a variety of different formats for this case (despite the name 👎). I've done some regex magic to hopefully resolve the issue. The fix will be available in v0.28.0.

Let me know if you experience any issues.