Provisioned IAM policy for Secrets Manager does not include ListSecrets action

Question

Provisioned IAM policy for Secrets Manager does not include ListSecrets action

stemurray opened this issue 3 years ago · 1 comments

Summary

When using AWS Secrets Manager, the "data.aws_iam_policy_document.secrets-manager-policy" block in ./modules/cluster.irsa.tf includes the "secretsmanager:ListSecrets" action in a group of actions that have resource constraints. But "secretsmanager:ListSecrets" cannot have resource constraints, so it is not included in the policy.

Steps to reproduce the behaviour

set use_vault variable to false
sert use_asm variable to true
set create_asm_role variable to true
terraform apply

Expected behavior

Policy created which includes "secretsmanager:ListSecrets" action

Actual behavior

Policy created does not include "secretsmanager:ListSecrets" action

Terraform version

The output of terraform version is:

Terraform v1.0.11
on linux_amd64

Module version

1.18.1

Operating system

Linux (Ubuntu 20.04)

Answer 1 · 2021-11-26T21:13:32.000Z

I have a fix for this and will open a pull request