secretsmanager:ValidateResourcePolicy

Permissions management

secretsmanager:ValidateResourcePolicy is a Permissions management access-level action in the secretsmanager service. Grants permission to validate a resource policy before attaching policy

Resource types

ARNs that secretsmanager:ValidateResourcePolicy can be scoped to in an IAM policy.

arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}
Secret

Condition keys

Keys you can use in the Condition block of a policy that grants secretsmanager:ValidateResourcePolicy.

aws:RequestTag/${TagKey} String

Filters access by a key that is present in the request the user makes to the Secrets Manager service

aws:ResourceTag/${TagKey} String

Filters access by the tags associated with the resource

aws:TagKeys ArrayOfString

Filters access by the list of all the tag key names present in the request the user makes to the Secrets Manager service

secretsmanager:ResourceTag/tag-key String

Filters access by a tag key and value pair

secretsmanager:resource/AllowRotationLambdaArn ARN

Filters access by the ARN of the rotation Lambda function associated with the secret

secretsmanager:resource/Type String

Filters access by the managed external secret type associated with the secret

Example IAM policy

A minimal policy that allows secretsmanager:ValidateResourcePolicy. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowSecretsmanagerValidateResourcePolicy",
      "Effect": "Allow",
      "Action": "secretsmanager:ValidateResourcePolicy",
      "Resource": "*"
    }
  ]
}

Related actions in secretsmanager

View all secretsmanager actions →