Control: AWS > Secrets Manager > Secret > Policy > Trusted Access
Take an action when AWS Secrets Manager secret policy is not trusted based on the AWS > Secrets Manager > Secret > Policy > Trusted Access > * policies.
The Trusted Access control evaluates the secret policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.
The account that owns the secret will always be trusted, even if its account ID is not included in the Trusted Accounts policy.
If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.
Resource Types
This control targets the following resource types:
Primary Policies
The following policies can be used to configure this control:
- Trusted Access
- Trusted Access > Accounts
- Trusted Access > Identity Providers
- Trusted Access > Organization Restrictions
- Trusted Access > Services
Category
In Your Workspace
Developers
- tmod:@turbot/aws-secretsmanager#/control/types/secretPolicyTrustedAccess
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-secretsmanager#/control/types/secretPolicyTrustedAccess"
Get Controls
Control Type URI
Category URI
GraphQL
CLI