Create IAM Role

Resource Parameters

Throughout this guide we use the following example IAM Role parameters.

Role Name: my-role
Inline Policies:

Name

MySecretsManagerRead

JSON Summary

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue",
        "secretsmanager:DescribeSecret"
      ],
      "Resource": [
        "arn:aws:secretsmanager:*:*:secret*"
      ]
    }
  ]
}

Create the IAM Security Role

Navigate to the Create roleopen in new window form and fill out the form with the following details:

Region: Global
Trusted Entity Type: AWS Service
Choose a use case: EC2
Role name: my-role

Click Create role

Specify Permissions

Now click the newly created role my-role to show the details so we can add inline policies.

From the Permissions policies section > Add permissions menu > select Create inline policy
In the Policy editor specify JSON and add the below policy.

JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue",
        "secretsmanager:DescribeSecret"
      ],
      "Resource": [
        "arn:aws:secretsmanager:*:*:secret:*"
      ]
    }
  ]
}

Review

Policy name: MySecretsManagerRead

Click Create policy to create the inline policy so it shows in the Permissions for my-role.

Caution

Make sure to limit your policies to least privilege, granting only the permissions necessary. This includes narrowing the regular expressions to match only the resources needed.