| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.SecretsManager.PutResourcePolicy
Description
Attaches the contents of the specified resource-based permission policy
to a secret. A resource-based policy is optional. Alternatively, you can
use IAM identity-based policies that specify the secret's Amazon
Resource Name (ARN) in the policy statement's Resources element. You
can also use a combination of both identity-based and resource-based
policies. The affected users and roles receive the permissions that are
permitted by all of the relevant policies. For more information, see
Using Resource-Based Policies for Amazon Web Services Secrets Manager.
For the complete description of the Amazon Web Services policy syntax
and grammar, see
IAM JSON Policy Reference
in the IAM User Guide.
Minimum permissions
To run this command, you must have the following permissions:
- secretsmanager:PutResourcePolicy
Related operations
- To retrieve the resource policy attached to a secret, use GetResourcePolicy.
- To delete the resource-based policy attached to a secret, use DeleteResourcePolicy.
- To list all of the currently available secrets, use ListSecrets.
Synopsis
- data PutResourcePolicy = PutResourcePolicy' {}
- newPutResourcePolicy :: Text -> Text -> PutResourcePolicy
- putResourcePolicy_blockPublicPolicy :: Lens' PutResourcePolicy (Maybe Bool)
- putResourcePolicy_secretId :: Lens' PutResourcePolicy Text
- putResourcePolicy_resourcePolicy :: Lens' PutResourcePolicy Text
- data PutResourcePolicyResponse = PutResourcePolicyResponse' {}
- newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse
- putResourcePolicyResponse_arn :: Lens' PutResourcePolicyResponse (Maybe Text)
- putResourcePolicyResponse_name :: Lens' PutResourcePolicyResponse (Maybe Text)
- putResourcePolicyResponse_httpStatus :: Lens' PutResourcePolicyResponse Int
Creating a Request
data PutResourcePolicy Source #
See: newPutResourcePolicy smart constructor.
Constructors
| PutResourcePolicy' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> PutResourcePolicy |
Create a value of PutResourcePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:blockPublicPolicy:PutResourcePolicy', putResourcePolicy_blockPublicPolicy - (Optional) If you set the parameter, BlockPublicPolicy to true, then
you block resource-based policies that allow broad access to the secret.
$sel:secretId:PutResourcePolicy', putResourcePolicy_secretId - Specifies the secret that you want to attach the resource-based policy.
You can specify either the ARN or the friendly name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.
$sel:resourcePolicy:PutResourcePolicy', putResourcePolicy_resourcePolicy - A JSON-formatted string constructed according to the grammar and syntax
for an Amazon Web Services resource-based policy. The policy in the
string identifies who can access or manage this secret and its versions.
For information on how to format a JSON parameter for the various
command line tool environments, see
Using JSON for Parameters
in the CLI User Guide.
Request Lenses
putResourcePolicy_blockPublicPolicy :: Lens' PutResourcePolicy (Maybe Bool) Source #
(Optional) If you set the parameter, BlockPublicPolicy to true, then
you block resource-based policies that allow broad access to the secret.
putResourcePolicy_secretId :: Lens' PutResourcePolicy Text Source #
Specifies the secret that you want to attach the resource-based policy. You can specify either the ARN or the friendly name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.
putResourcePolicy_resourcePolicy :: Lens' PutResourcePolicy Text Source #
A JSON-formatted string constructed according to the grammar and syntax for an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For information on how to format a JSON parameter for the various command line tool environments, see Using JSON for Parameters in the CLI User Guide.
Destructuring the Response
data PutResourcePolicyResponse Source #
See: newPutResourcePolicyResponse smart constructor.
Constructors
| PutResourcePolicyResponse' | |
Instances
newPutResourcePolicyResponse Source #
Create a value of PutResourcePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:PutResourcePolicyResponse', putResourcePolicyResponse_arn - The ARN of the secret retrieved by the resource-based policy.
$sel:name:PutResourcePolicyResponse', putResourcePolicyResponse_name - The friendly name of the secret retrieved by the resource-based policy.
$sel:httpStatus:PutResourcePolicyResponse', putResourcePolicyResponse_httpStatus - The response's http status code.
Response Lenses
putResourcePolicyResponse_arn :: Lens' PutResourcePolicyResponse (Maybe Text) Source #
The ARN of the secret retrieved by the resource-based policy.
putResourcePolicyResponse_name :: Lens' PutResourcePolicyResponse (Maybe Text) Source #
The friendly name of the secret retrieved by the resource-based policy.
putResourcePolicyResponse_httpStatus :: Lens' PutResourcePolicyResponse Int Source #
The response's http status code.