Anybody know how to share a SecretsManager secret setting th

Question

Anybody know how to share a SecretsManager secret setting the principal as an entire AWS organization Would be nice if we could make a centralized secrets store in one account that accounts in a particular organizational unit can access easily

billowy-army-68599 · Answer

you d use a condition key with the org ID <https docs aws amazon com IAM latest UserGuide reference policies condition keys html condition keys principalorgid>

billowy-army-68599 · Answer

however you likely don t want to do this because you generally want to restrict access to secrets based on the IAM role

billowy-army-68599 · Answer

if you only use a condition key it allows access from all IAM roles

fierce-xylophone-92490 · Answer

So I think AWS doesn t support using that condition key on secrets And your answer explains why that probably is Super helpful Thank you