CfnResourcePolicyProps

class aws_cdk.aws_secretsmanager.CfnResourcePolicyProps(*, resource_policy, secret_id, block_public_policy=None)

Bases: object

Properties for defining a CfnResourcePolicy.

Parameters:
  • resource_policy (Any) – A JSON-formatted string for an AWS resource-based policy. For example policies, see Permissions policy examples .

  • secret_id (str) – The ARN or name of the secret to attach the resource-based policy. For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

  • block_public_policy (Union[bool, IResolvable, None]) – Specifies whether to block resource-based policies that allow broad access to the secret. By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_secretsmanager as secretsmanager

# resource_policy: Any

cfn_resource_policy_props = secretsmanager.CfnResourcePolicyProps(
    resource_policy=resource_policy,
    secret_id="secretId",

    # the properties below are optional
    block_public_policy=False
)

Attributes

block_public_policy

Specifies whether to block resource-based policies that allow broad access to the secret.

By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html#cfn-secretsmanager-resourcepolicy-blockpublicpolicy

resource_policy

A JSON-formatted string for an AWS resource-based policy.

For example policies, see Permissions policy examples .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html#cfn-secretsmanager-resourcepolicy-resourcepolicy

secret_id

The ARN or name of the secret to attach the resource-based policy.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html#cfn-secretsmanager-resourcepolicy-secretid