From 30522cc2a4c99893f73a7523cab6df18f95c1499 Mon Sep 17 00:00:00 2001
From: AgusPk <agustinperkins@hotmail.com>
Date: Thu, 12 Oct 2023 11:35:06 -0300
Subject: [PATCH] added access to secrets manager from bastion host

---
 modules/bastion/iam.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/bastion/iam.tf b/modules/bastion/iam.tf
index 65eaef5..7bdc611 100644
--- a/modules/bastion/iam.tf
+++ b/modules/bastion/iam.tf
@@ -64,6 +64,13 @@ resource "aws_iam_role_policy" "bastion_host_iam_role" {
           "ssm:GetParameter"
         ],
         "Resource" : "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "secretsmanager:GetSecretValue"
+        ],
+        "Resource" : "arn:aws:secretsmanager:*:*:secret:*"
       }
     ]
   })