https://pulumi.com logo
f

fierce-xylophone-92490

09/02/2023, 12:58 AM
Anybody know how to share a SecretsManager secret, setting the principal as an entire AWS organization? Would be nice if we could make a centralized secrets store in one account that accounts in a particular "organizational unit" can access easily.
b

billowy-army-68599

09/02/2023, 1:03 AM
however, you likely don’t want to do this because you generally want to restrict access to secrets based on the IAM role
if you only use a condition key it allows access from all IAM roles
f

fierce-xylophone-92490

09/02/2023, 1:06 AM
So I think AWS doesn't support using that condition key on secrets. And your answer explains why that probably is. Super helpful. Thank you!