Secret writer role

The flip side to the secret reader role is the secret writer.

Add this snippet to the relevant IAM policy section of a role to give it the ability to set secret values, but not retrieve them:

{ 
  "Version": "2012-10-17", 
  "Statement": [ 
    { 
      "Action": [ 
         "kms:GenerateDataKey" 
      ], 
      "Effect": "Allow", 
      "Resource": "arn:aws:kms:us-east-1:<your-account-id>:
         key/<your-key-id>" 
    }, 
    { 
      "Action": [ 
        "dynamodb:PutItem" 
      ], 
      "Effect": "Allow", 
      "Resource": "arn:aws:dynamodb:us-east-1:<your-account-id>:
         table/credential-store" 
    } 
  ] 
}
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset