@cloud-copilot/iam-data
Version:
107 lines • 4.33 kB
JSON
{
"aws:requesttag/${tagkey}": {
"key": "aws:RequestTag/${TagKey}",
"description": "Filters access by a key that is present in the request the user makes to the Secrets Manager service",
"type": "String"
},
"aws:resourcetag/${tagkey}": {
"key": "aws:ResourceTag/${TagKey}",
"description": "Filters access by the tags associated with the resource",
"type": "String"
},
"aws:tagkeys": {
"key": "aws:TagKeys",
"description": "Filters access by the list of all the tag key names present in the request the user makes to the Secrets Manager service",
"type": "ArrayOfString"
},
"secretsmanager:addreplicaregions": {
"key": "secretsmanager:AddReplicaRegions",
"description": "Filters access by the list of Regions in which to replicate the secret",
"type": "ArrayOfString"
},
"secretsmanager:blockpublicpolicy": {
"key": "secretsmanager:BlockPublicPolicy",
"description": "Filters access by whether the resource policy blocks broad AWS account access",
"type": "Bool"
},
"secretsmanager:description": {
"key": "secretsmanager:Description",
"description": "Filters access by the description text in the request",
"type": "String"
},
"secretsmanager:forcedeletewithoutrecovery": {
"key": "secretsmanager:ForceDeleteWithoutRecovery",
"description": "Filters access by whether the secret is to be deleted immediately without any recovery window",
"type": "Bool"
},
"secretsmanager:forceoverwritereplicasecret": {
"key": "secretsmanager:ForceOverwriteReplicaSecret",
"description": "Filters access by whether to overwrite a secret with the same name in the destination Region",
"type": "Bool"
},
"secretsmanager:kmskeyarn": {
"key": "secretsmanager:KmsKeyArn",
"description": "Filters access by the key ARN of the KMS key in the request",
"type": "ARN"
},
"secretsmanager:kmskeyid": {
"key": "secretsmanager:KmsKeyId",
"description": "Filters access by the key identifier of the KMS key in the request. Deprecated: Use secretsmanager:KmsKeyArn",
"type": "String"
},
"secretsmanager:modifyrotationrules": {
"key": "secretsmanager:ModifyRotationRules",
"description": "Filters access by whether the rotation rules of the secret are to be modified",
"type": "Bool"
},
"secretsmanager:name": {
"key": "secretsmanager:Name",
"description": "Filters access by the friendly name of the secret in the request",
"type": "String"
},
"secretsmanager:recoverywindowindays": {
"key": "secretsmanager:RecoveryWindowInDays",
"description": "Filters access by the number of days that Secrets Manager waits before it can delete the secret",
"type": "Numeric"
},
"secretsmanager:resourcetag/tag-key": {
"key": "secretsmanager:ResourceTag/tag-key",
"description": "Filters access by a tag key and value pair",
"type": "String"
},
"secretsmanager:rotateimmediately": {
"key": "secretsmanager:RotateImmediately",
"description": "Filters access by whether the secret is to be rotated immediately",
"type": "Bool"
},
"secretsmanager:rotationlambdaarn": {
"key": "secretsmanager:RotationLambdaARN",
"description": "Filters access by the ARN of the rotation Lambda function in the request",
"type": "ARN"
},
"secretsmanager:secretid": {
"key": "secretsmanager:SecretId",
"description": "Filters access by the SecretID value in the request",
"type": "ARN"
},
"secretsmanager:secretprimaryregion": {
"key": "secretsmanager:SecretPrimaryRegion",
"description": "Filters access by primary region in which the secret is created",
"type": "String"
},
"secretsmanager:versionid": {
"key": "secretsmanager:VersionId",
"description": "Filters access by the unique identifier of the version of the secret in the request",
"type": "String"
},
"secretsmanager:versionstage": {
"key": "secretsmanager:VersionStage",
"description": "Filters access by the list of version stages in the request",
"type": "String"
},
"secretsmanager:resource/allowrotationlambdaarn": {
"key": "secretsmanager:resource/AllowRotationLambdaArn",
"description": "Filters access by the ARN of the rotation Lambda function associated with the secret",
"type": "ARN"
}
}