Set secret policy

[lgallard]

Module should be able to set secret policy. Example;

resource "aws_secretsmanager_secret" "example" {
  name = "example"
}

resource "aws_secretsmanager_secret_policy" "example" {
  secret_arn = aws_secretsmanager_secret.example.arn

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "EnableAllPermissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "*"
    }
  ]
}
POLICY
}

Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy

[lgallard]

There’s no need to include a policy resource because the current implementation support policies as follow:

secrets = {
    "${local.secret_prefix}/myPrefixedSecret" = {
      description             = "My secret x"
      recovery_window_in_days = 7
      secret_string           = "This is an example"
      policy                  = <<POLICY
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "EnableAllPermissions",
              "Effect": "Allow",
              "Principal": {
                "AWS": "*"
              },
              "Action": "secretsmanager:GetSecretValue",
              "Resource": "*"
            }
          ]
        }
        POLICY
    },
    "${local.secret_prefix}/myPrefixedSecret-2" = {
      description             = "My secret y"
      recovery_window_in_days = 7
      secret_string           = "This is another example"
      policy                  = null
    }

I will include this example in the documentation.

[lgallard]

 Examples added in releases 0.5.2