I have created a secret on AWS's Secrets Manager. I have a python service with cognito authentication, and I want to assign to a particular user permission to get this secret. I created the following policy to allow users to get the secret's value.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": "arn:aws:secretsmanager:*:*:secret:test_secret*"
}
]
}
I've then assigned this policy to my cognito identity pool's Authenticated role. Now every user in this pool has permission to get this secret's value. But I need to assign this permission to a single user, not all of them. Is there any way to do this?
You can put this user in a group and let this group assume a IAM Role. Then attach the right to the IAM Role.