Package com.pulumi.aws.secretsmanager

Class SecretPolicy

java.lang.Object

com.pulumi.resources.Resource

com.pulumi.resources.CustomResource

com.pulumi.aws.secretsmanager.SecretPolicy

public class SecretPolicy
extends com.pulumi.resources.CustomResource

Provides a resource to manage AWS Secrets Manager secret policy. ## Example Usage ### Basic <!--Start PulumiCodeChooser --> ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.secretsmanager.Secret; import com.pulumi.aws.secretsmanager.SecretArgs; import com.pulumi.aws.iam.IamFunctions; import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs; import com.pulumi.aws.secretsmanager.SecretPolicy; import com.pulumi.aws.secretsmanager.SecretPolicyArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var exampleSecret = new Secret("exampleSecret", SecretArgs.builder() .name("example") .build()); final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder() .statements(GetPolicyDocumentStatementArgs.builder() .sid("EnableAnotherAWSAccountToReadTheSecret") .effect("Allow") .principals(GetPolicyDocumentStatementPrincipalArgs.builder() .type("AWS") .identifiers("arn:aws:iam::123456789012:root") .build()) .actions("secretsmanager:GetSecretValue") .resources("*") .build()) .build()); var exampleSecretPolicy = new SecretPolicy("exampleSecretPolicy", SecretPolicyArgs.builder() .secretArn(exampleSecret.arn()) .policy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())) .build()); } } ``` <!--End PulumiCodeChooser --> ## Import Using `pulumi import`, import `aws_secretsmanager_secret_policy` using the secret Amazon Resource Name (ARN). For example: ```sh $ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456 ```

Nested Class Summary

Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

com.pulumi.resources.CustomResource.CustomResourceInternal

Nested classes/interfaces inherited from class com.pulumi.resources.Resource

com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

Field Summary

Fields inherited from class com.pulumi.resources.Resource

childResources, remote

Constructor Summary

Constructors

Constructor	Description
SecretPolicy(java.lang.String name)
SecretPolicy(java.lang.String name, SecretPolicyArgs args)
SecretPolicy(java.lang.String name, SecretPolicyArgs args, com.pulumi.resources.CustomResourceOptions options)

Method Summary

Modifier and Type	Method	Description
com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>>	blockPublicPolicy()
static SecretPolicy	get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, SecretPolicyState state, com.pulumi.resources.CustomResourceOptions options)	Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
com.pulumi.core.Output<java.lang.String>	policy()
com.pulumi.core.Output<java.lang.String>	secretArn()

Methods inherited from class com.pulumi.resources.CustomResource

getId, id, idFuture

Methods inherited from class com.pulumi.resources.Resource

getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecretPolicy

public SecretPolicy(java.lang.String name)

Parameters:

name - The _unique_ name of the resulting resource.

SecretPolicy

public SecretPolicy(java.lang.String name,
                    SecretPolicyArgs args)

Parameters:

name - The _unique_ name of the resulting resource.

args - The arguments to use to populate this resource's properties.

SecretPolicy

public SecretPolicy(java.lang.String name,
                    SecretPolicyArgs args,
                    @Nullable
                    com.pulumi.resources.CustomResourceOptions options)

Parameters:

name - The _unique_ name of the resulting resource.

args - The arguments to use to populate this resource's properties.

options - A bag of options that control this resource's behavior.

Method Detail

blockPublicPolicy

public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> blockPublicPolicy()

Returns:

Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.

policy

public com.pulumi.core.Output<java.lang.String> policy()

Returns:

Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `aws.secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.

secretArn

public com.pulumi.core.Output<java.lang.String> secretArn()

Returns:

Secret ARN. The following arguments are optional:

get

public static SecretPolicy get(java.lang.String name,
                               com.pulumi.core.Output<java.lang.String> id,
                               @Nullable
                               SecretPolicyState state,
                               @Nullable
                               com.pulumi.resources.CustomResourceOptions options)

Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Parameters:

name - The _unique_ name of the resulting resource.

id - The _unique_ provider ID of the resource to lookup.

state -

options - Optional settings to control the behavior of the CustomResource.