AWSSecretsManagerClientReadOnlyAccess - Policy Version v1

Author: MAMIP Bot

policies/AWSSecretsManagerClientReadOnlyAccess

@@ -0,0 +1,35 @@
+{
+    "PolicyVersion": {
+        "CreateDate": "2025-11-05T20:04:08Z", 
+        "VersionId": "v1", 
+        "Document": {
+            "Version": "2012-10-17", 
+            "Statement": [
+                {
+                    "Action": [
+                        "secretsmanager:GetSecretValue", 
+                        "secretsmanager:DescribeSecret"
+                    ], 
+                    "Resource": "arn:aws:secretsmanager:*:*:secret:*", 
+                    "Effect": "Allow", 
+                    "Sid": "SecretsManagerGetAndDescribeSecret"
+                }, 
+                {
+                    "Action": [
+                        "kms:Decrypt"
+                    ], 
+                    "Resource": "arn:aws:kms:*:*:key/*", 
+                    "Effect": "Allow", 
+                    "Condition": {
+                        "StringLike": {
+                            "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:*:*:secret:*", 
+                            "kms:ViaService": "secretsmanager.*.amazonaws.com"
+                        }
+                    }, 
+                    "Sid": "KMSDecryptKey"
+                }
+            ]
+        }, 
+        "IsDefaultVersion": true
+    }
+}