resource access to secrets manager for bitbucket sourceaction
See original GitHub issue // SourceAction
const sourceAction = new BitBucketSourceAction({
actionName: 'BitbucketSource',
owner: 'ownername',
repo: repoName,
output: sourceOutputArtifact,
connectionArn: SecretValue.secretsManager('BBCloudConnection').toString(),
})
This is what the source action looks like. I need it to be able to access connectionArn from SecretValue. It fails due to lack of permissions at the moment. Where should the resource permission be added? I am using the pipeline from https://github.com/awslabs/aws-simple-cicd
Action in deploymentPolicy looks as follows:
Action:
- 'cloudformation:*'
- 'iam:*'
- 'lambda:*'
- 'ecs:*'
- 'ecr:*'
- 'logs:*'
- 'ec2:*'
- 'ssm:*'
- 'secretsmanager:*'
i.e have added ‘secretsmanager:*’ at the bottom
As of now, I get the following error if I use secretsManager:
17/49 | 2:14:10 a.m. | CREATE_FAILED | AWS::IAM::Policy | backend--854-pipeline-backend-setup-pipeline/Source/BitbucketSource/CodePipelineActionRole/DefaultPolicy (backendVLNCC854pipelinebackendsetuppipelineSourceBitbucketSourceCodePipelineActionRoleDefaultPolicy41F7C61D) Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 62b6fb1c-77b0-432c-b907-2e409ff7c538; Proxy: null)
The secret was created manually on console and has the following resource permissions:
{ “Version” : “2012-10-17”, “Statement” : [ { “Effect” : “Allow”, “Principal” : { “AWS” : “arn:aws:iam::1111111111:role/deployment-role” }, “Action” : “secretsmanager:GetSecretValue”, “Resource” : “*” } ] }
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (6 by maintainers)
Top GitHub Comments
@s1mrankaur you can create your own Role, and pass it when creating the
BitBucketSourceAction
. For that Role, you can add any permissions you need.Hope that helps!
Thanks, Adam
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.