Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > Secrets Manager > Secret > Policy > Trusted Access

Take an action when AWS Secrets Manager secret policy is not trusted based on the AWS > Secrets Manager > Secret > Policy > Trusted Access > * policies.

The Trusted Access control evaluates the secret policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.

The account that owns the secret will always be trusted, even if its account ID is not included in the Trusted Accounts policy.

If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.

Targets

This policy targets the following resource types:

  • AWS > Secrets Manager > Secret

Primary Policy

This policy is used with the following primary policy:

  • AWS > Secrets Manager > Secret > Policy

Related Policies

  • Accounts
  • Identity Providers
  • Organization Restrictions
  • Services

Controls

Setting this policy configures this control:

  • AWS > Secrets Manager > Secret > Policy > Trusted Access

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • Check: Trusted Access

  • Enforce: Revoke untrusted access

Category

  • Security > Trusted Access

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/securityTrustedAccess
    • Policy Type URI
    • tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-secretsmanager#/policy/types/secretPolicyTrustedAccess"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM