What is the right syntax for an IAM policy to add to AWS Secret Manager to restrict access by IP

Question

I am creating a Secret in AWS secret manager and I try to put in a policy to restrict access by IP.
I do it under the Secret console in [Resource Permissions] section.
I keep getting syntax error, but not what is the error.
Here is the policy I am trying ( was create via the visual editor in AWS console).

 {
    "Version":"2012-10-17",
    "Statement": [{
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "secretsmanager:*",
            "Resource": "arn:aws:secretsmanager:us-east-2:722317156788:secret:dev/playAround/junju-MWTXvg",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "210.75.12.75/32"
                }
            }
        }]
}

dossani · Accepted Answer · 2021-05-07T16:50:41.723

1

It works after making two changes as below:

remove leading space in front of opening brace "{" on the first line of policy
for resource based policies, Principal is required (in certain circumstances)

Please refer to the attached picture of your updated policy to resolve the issue.

edited May 07 '21 at 16:50

answered May 07 '21 at 15:51

dossani

1,892
3
14
23

What is the right syntax for an IAM policy to add to AWS Secret Manager to restrict access by IP

1 Answers1