Skip to content

Commit e13dd45

Browse files
jonathanfrappierjonathanfrappier
committed
Add IAM policy
1 parent 9063849 commit e13dd45

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

content/hcp-docs/content/docs/vault-radar/agent/correlate-aws-secrets-manager.mdx

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,40 @@ The IAM user, role, or assumed role must have the following permissions:
4141
| EC2 | `ec2:DescribeRegions` | [DescribeRegions API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html) |
4242
| STS | `sts:GetCallerIdentity` | [GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) |
4343

44+
**Example AWS IAM policy:**
45+
46+
```json
47+
{
48+
"Version": "2012-10-17",
49+
"Statement": [
50+
{
51+
"Effect": "Allow",
52+
"Action": [
53+
"secretsmanager:ListSecrets",
54+
"secretsmanager:DescribeSecret",
55+
"secretsmanager:GetSecretValue",
56+
"secretsmanager:ListSecretVersionIds"
57+
],
58+
"Resource": "*"
59+
},
60+
{
61+
"Effect": "Allow",
62+
"Action": [
63+
"ec2:DescribeRegions"
64+
],
65+
"Resource": "*"
66+
},
67+
{
68+
"Effect": "Allow",
69+
"Action": [
70+
"sts:GetCallerIdentity"
71+
],
72+
"Resource": "*"
73+
}
74+
]
75+
}
76+
```
77+
4478
## Agent configuration with AWS Secrets Manager
4579

4680
Set up and manage AWS Secrets Manager from the Vault Radar module in the [HCP

0 commit comments

Comments
 (0)