From 0a5bc8975fe52f32b2024fa75cf0c1cc008421c3 Mon Sep 17 00:00:00 2001
From: maxim <nikromax@gmail.com>
Date: Thu, 6 Jan 2022 16:59:59 +0600
Subject: [PATCH] bug: allow external secrets to get secrets from AWS Secrets
 Manager

---
 terraform/layer2-k8s/eks-external-secrets.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/terraform/layer2-k8s/eks-external-secrets.tf b/terraform/layer2-k8s/eks-external-secrets.tf
index 7b8aed94..a460ebf9 100644
--- a/terraform/layer2-k8s/eks-external-secrets.tf
+++ b/terraform/layer2-k8s/eks-external-secrets.tf
@@ -90,7 +90,13 @@ module "aws_iam_external_secrets" {
     "Statement" : [
       {
         "Effect" : "Allow",
-        "Action" : "ssm:GetParameter",
+        "Action" : [
+          "ssm:GetParameter",
+          "secretsmanager:GetResourcePolicy",
+          "secretsmanager:GetSecretValue",
+          "secretsmanager:DescribeSecret",
+          "secretsmanager:ListSecretVersionIds"
+        ],
         "Resource" : "*"
       }
     ]