AWS Managed Policies Explorer

Home About

AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

Service: AWS Secrets Manager

Short Name:

secretsmanager

ARN Format:arn:aws:secretsmanager:${Region}:${Account}:secret:${SecretId}

ARN Regex:^arn:aws:secretsmanager:.+

ReadOnlyAccess

…

AWSMigrationHubOrchestratorPlugin

Action	Reference	Description
secretsmanager:BatchGetSecretValue	Docs	Grants permission to retrieve and decrypt a list of secrets
secretsmanager:ListSecrets	Docs	Grants permission to list the available secrets
secretsmanager:DeleteResourcePolicy	Docs	Grants permission to delete the resource policy attached to a secret
secretsmanager:PutResourcePolicy	Docs	Grants permission to attach a resource policy to a secret
secretsmanager:ValidateResourcePolicy	Docs	Grants permission to validate a resource policy before attaching policy
secretsmanager:DescribeSecret	Docs	Grants permission to retrieve the metadata about a secret, but not the encrypted data
secretsmanager:GetRandomPassword	Docs	Grants permission to generate a random string for use in password creation
secretsmanager:GetResourcePolicy	Docs	Grants permission to get the resource policy attached to a secret
secretsmanager:GetSecretValue	Docs	Grants permission to retrieve and decrypt the encrypted data
secretsmanager:ListSecretVersionIds	Docs	Grants permission to list the available versions of a secret
secretsmanager:TagResource	Docs	Grants permission to add tags to a secret
secretsmanager:UntagResource	Docs	Grants permission to remove tags from a secret
secretsmanager:CancelRotateSecret	Docs	Grants permission to cancel an in-progress secret rotation
secretsmanager:CreateSecret	Docs	Grants permission to create a secret that stores encrypted data that can be queried and rotated
secretsmanager:DeleteSecret	Docs	Grants permission to delete a secret
secretsmanager:PutSecretValue	Docs	Grants permission to create a new version of the secret with new encrypted data
secretsmanager:RemoveRegionsFromReplication	Docs	Grants permission to remove regions from replication
secretsmanager:ReplicateSecretToRegions	Docs	Grants permission to convert an existing secret to a multi-Region secret and begin replicating the secret to a list of new regions
secretsmanager:RestoreSecret	Docs	Grants permission to cancel deletion of a secret
secretsmanager:RotateSecret	Docs	Grants permission to start rotation of a secret
secretsmanager:StopReplicationToReplica	Docs	Grants permission to remove the secret from replication and promote the secret to a regional secret in the replica Region
secretsmanager:UpdateSecret	Docs	Grants permission to update a secret with new metadata or with a new version of the encrypted data
secretsmanager:UpdateSecretVersionStage	Docs	Grants permission to move a stage from one secret to another

aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeyssecretsmanager:AddReplicaRegionssecretsmanager:BlockPublicPolicysecretsmanager:Descriptionsecretsmanager:ForceDeleteWithoutRecoverysecretsmanager:ForceOverwriteReplicaSecretsecretsmanager:KmsKeyIdsecretsmanager:ModifyRotationRulessecretsmanager:Namesecretsmanager:RecoveryWindowInDayssecretsmanager:ResourceTag/tag-keysecretsmanager:RotateImmediatelysecretsmanager:RotationLambdaARNsecretsmanager:SecretIdsecretsmanager:SecretPrimaryRegionsecretsmanager:VersionIdsecretsmanager:VersionStagesecretsmanager:resource/AllowRotationLambdaArn