1

I write a policy that allows specific actions on secrets starts with the word project1. How can I add another condition for example project2to this policy?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "secretsmanager:*"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "secretsmanager:Name": "project1-*"
                }
            }
        },
        {
            "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret",
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:DeleteSecret",
                "secretsmanager:PutSecretValue"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "secretsmanager:SecretId": "arn:aws:secretsmanager:${aws_region}:${aws_account_id}:secret:project1-*"
                }
            }
        }
    ]
}
Kingindanord
  • 1,754
  • 2
  • 19
  • 48

1 Answers1

0

You don't have to write 2 different policy statement for this, instead you can use something like this.

Hope this will help.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "secretsmanager:*",
      "Effect": "Allow",
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "secretsmanager:SecretId": [
            "arn:aws:secretsmanager:${aws_region}:${aws_account_id}:secret:project1-*",
            "arn:aws:secretsmanager:${aws_region}:${aws_account_id}:secret:project2-*"
          ]
        }
      }
    }
  ]
}
Nitesh kumar Jangde
  • 1