2018/06/26 - AWS Secrets Manager - 3 new api methods
Changes Update secretsmanager client to latest version
Deletes the resource-based policy currently attached to the secret.
Minimum permissions
To run this command, you must have the following permissions:
secretsmanager:DeleteResourcePolicy
Related operations
To attach a resource policy to a secret, use PutResourcePolicy.
To retrieve the current resource-based policy that is attached to a secret, use GetResourcePolicy.
To list all of the currently available secrets, use ListSecrets.
See also: AWS API Documentation
Request Syntax
client.delete_resource_policy( SecretId='string' )
string
[REQUIRED]
Specifies the secret for which you want to delete the attached resource-based policy. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
dict
Response Syntax
{ 'ARN': 'string', 'Name': 'string' }
Response Structure
(dict) --
ARN (string) --
The ARN of the secret for which the resource-based policy was deleted.
Name (string) --
The friendly name of the secret for which the resource-based policy was deleted.
Attaches the contents of the specified resource-based policy to a secret. A resource-based policy is optional. Alternatively, you can use IAM user-based policies that specify the secret's ARN in the policy statement's Resources element. You can also use a combination of both identity- an resource-based policies. The affected users and roles receive the permissions permitted by all of the relevant policies. For more information, see Using Resource-Based Policies for AWS Secrets Manager. For the complete description of the AWS policy syntax and grammar, see IAM JSON Policy Reference in the IAM User Guide.
Minimum permissions
To run this command, you must have the following permissions:
secretsmanager:PutResourcePolicy
Related operations
To retrieve the resource policy attached to a secret, use GetResourcePolicy.
To delete the resource-based policy that is attached to a secret, use DeleteResourcePolicy.
To list all of the currently available secrets, use ListSecrets.
See also: AWS API Documentation
Request Syntax
client.put_resource_policy( SecretId='string', ResourcePolicy='string' )
string
[REQUIRED]
Specifies the secret to which you want to attach the resource-based policy. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
string
[REQUIRED]
A JSON-formatted string constructed according to the grammar and syntax for an AWS resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For information on how to format a JSON parameter for the various command line tool environments, see Using JSON for Parameters in the AWS CLI User Guide.
dict
Response Syntax
{ 'ARN': 'string', 'Name': 'string' }
Response Structure
(dict) --
ARN (string) --
The ARN of the secret for which the resource-based policy was retrieved.
Name (string) --
The friendly name of the secret for which the resource-based policy was retrieved.
Retrieves the JSON text of the resource-based policy attached to the specified secret. The JSON request string input and response output are shown formatted with whitespace and line breaks for better readability. Submit your input as a single line JSON string.
Minimum permissions
To run this command, you must have the following permissions:
secretsmanager:GetResourcePolicy
Related operations
To attach a resource policy to a secret, use PutResourcePolicy.
To delete the resource-based policy that is attached to a secret, use DeleteResourcePolicy.
To list all of the currently available secrets, use ListSecrets.
See also: AWS API Documentation
Request Syntax
client.get_resource_policy( SecretId='string' )
string
[REQUIRED]
Specifies the secret for which you want to retrieve the attached resource-based policy. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
dict
Response Syntax
{ 'ARN': 'string', 'Name': 'string', 'ResourcePolicy': 'string' }
Response Structure
(dict) --
ARN (string) --
The ARN of the secret for which the resource-based policy was retrieved.
Name (string) --
The friendly name of the secret for which the resource-based policy was retrieved.
ResourcePolicy (string) --
A JSON-formatted string that describes the permissions associated with the attached secret. These permissions are combined with any permissions associated with the user or role who attempts to access this secret. The combined permissions specify who can access the secret and what actions they can perform. For more information, see Authentication and Access Control for AWS Secrets Manager in the AWS Secrets Manager User Guide.