added access to secrets manager from bastion host

nanlabs · Oct 12, 2023 · 30522cc · 30522cc
1 parent a0d922e
commit 30522cc
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/modules/bastion/iam.tf b/modules/bastion/iam.tf
@@ -64,6 +64,13 @@ resource "aws_iam_role_policy" "bastion_host_iam_role" {
           "ssm:GetParameter"
         ],
         "Resource" : "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "secretsmanager:GetSecretValue"
+        ],
+        "Resource" : "arn:aws:secretsmanager:*:*:secret:*"
       }
     ]
   })