2

I want to add Resource Permissions on my Secrets Manager secret and I have this syntax error:

This resource policy contains a syntax error

Can anyone help me? This is the policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "secretsmanager.amazonaws.com"
            },
            "Action": "lambda:InvokeFunction",
            "Resource": "..."
        }
    ]
}
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
learn.amzn21
  • 43
  • 1
  • 7
  • this is what i did: { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "secretsmanager.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "" }] } – learn.amzn21 May 18 '21 at 20:28
  • 1
    Resource can't be `"..."`. What do you want to achieve? – Marcin May 18 '21 at 23:01
  • I presume you are wanting to enable automatic rotation of a Secrets Manager key? It appears that your policy is coming from [Permissions Required to Automatically Rotate Secrets - AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html). The wording on this page is not great -- this policy should actually be assigned to the IAM Role that will be used by the AWS Lambda function, whereas you are attempting to use it as a Resource Policy on the Secret itself. That's why it isn't working. – John Rotenstein May 18 '21 at 23:07
  • 1
    yes i use the arn of my resource i didn't put "..." – learn.amzn21 May 19 '21 at 20:50
  • actually yes i want to enable automatic rotation of my secret in Secrets Manager, via lambda function. It's my first time and i have the python code that generate secret and modify secret value in secrets manager but i don't know haw to transform it to lambda function. please can you give me syntax of lambda function and the role i need to use to be able to do what i want, thank you for your help – learn.amzn21 May 19 '21 at 20:56

0 Answers0