I need to write policy to allow see all Secrets with some tag. But when I use condition, user with this policy loses all access. What am I doing wrong?
Here is my policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/ProjectName": "Test"
}
}
}
]
}
Here is my Secret
But in result I have this message: You don't have permission to view or select from existing secrets in your account. Contact your administrator to obtain ListSecrets access.
