38 lines
1.2 KiB
PowerShell
38 lines
1.2 KiB
PowerShell
|
function Get-ServerlessServiceAccountIamPolicyString {
|
||
|
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Returns the string for an AWS IAM policy for serverless service accounts.
|
||
|
|
|
||
|
|
.PARAMETER SecretArns
|
||
|
|
[string[]] The AWS ARNs for the secrets associated with the serverless service account.
|
||
|
|
|
||
|
|
.EXAMPLE
|
||
|
|
Get-ServerlessServiceAccountIamPolicyString -SecretArns @( 'example' )
|
||
|
|
|
||
|
|
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Sid":"AllowSecretsManagerAccess","Resource":["example"],"Action":["secretsmanager:DescribeSecret","secretsmanager:GetSecretValue"]}]}
|
||
|
|
#>
|
||
|
|
[CmdletBinding()]
|
||
|
|
[OutputType([string])]
|
||
|
|
param(
|
||
|
|
[Parameter(Mandatory = $true)]
|
||
|
|
[ValidateNotNullOrEmpty()]
|
||
|
|
[string[]] $SecretArns
|
||
|
|
)
|
||
|
|
|
||
|
|
$policyObj = @{
|
||
|
|
Version = "2012-10-17"
|
||
|
|
Statement = @(
|
||
|
|
@{
|
||
|
|
Sid = "AllowSecretsManagerAccess"
|
||
|
|
Effect = "Allow"
|
||
|
|
Action = @(
|
||
|
|
"secretsmanager:DescribeSecret",
|
||
|
|
"secretsmanager:GetSecretValue"
|
||
|
|
)
|
||
|
|
Resource = $SecretArns
|
||
|
|
}
|
||
|
|
)
|
||
|
|
}
|
||
|
|
|
||
|
|
return (ConvertTo-Json -InputObject $policyObj -Compress -Depth 10)
|
||
|
|
}
|