Home > Enterprise >  Adding a resource based policy vs IAM policy
Adding a resource based policy vs IAM policy

Time:01-06

I want to have a lambda accessing secret manager.

For reasons beyond the scope of this question, I want to go with a resource based policy.

So I am considering allowing principal lambda-my-lambda in the specific SM secret.

Will I also need to add a specific IAM policy to the lambda's executor role?

Or will just the resource based policy allow lambda-my-lambda to access the secrets' manager secret?

CodePudding user response:

Either is sufficient on its own.

Identity-based policy = "Entry Pass"

  • Permissions policy is attached to your Lambda Role

Resource-based policy = "Guest List"

  • Permissions policy is attached to the Secret
  • "Principal": <Lambda Role ARN>

Page link:https//www.codepudding.com/Enterprise/663459.html

Prev:How to Get File then Print from a Textbox?
Next:Return fixed number of items from dynamo db query with filter expression
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding