48 lines
1.6 KiB
PowerShell
48 lines
1.6 KiB
PowerShell
function Write-AlkamiSecretResourcePolicy {
|
|
<#
|
|
.SYNOPSIS
|
|
Creates or overwrites the resource policy for an Alkami AWS Secrets Manager secret.
|
|
|
|
.PARAMETER SecretName
|
|
[string] The name of the secret to modify.
|
|
|
|
.PARAMETER ProfileName
|
|
[string] The AWS profile to use during secret modification.
|
|
|
|
.PARAMETER Region
|
|
[string] The AWS region to use during secret modification.
|
|
|
|
.PARAMETER SecretAccessExtraArns
|
|
[string[]] An array of AWS ARNs that should be allowed to access the secret in addition to the defaults.
|
|
|
|
.EXAMPLE
|
|
Write-AlkamiSecretResourcePolicy -SecretName 'Example' -ProfileName 'temp-prod' -Region 'us-east-1' -SecretAccessExtraArns @( 'ExampleArn1', 'ExampleArn2' )
|
|
#>
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string] $SecretName,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string] $ProfileName,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateScript({$_ -in (Get-AWSRegion).region})]
|
|
[string] $Region,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[AllowNull()]
|
|
[AllowEmptyCollection()]
|
|
[string[]] $SecretAccessExtraArns = $null
|
|
)
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
Import-AWSModule
|
|
|
|
Write-Verbose "$logLead : Overwriting resource policy on secret '$SecretName'."
|
|
$policyString = Get-AlkamiSecretResourcePolicyString -ProfileName $ProfileName -SecretAccessExtraArns $SecretAccessExtraArns
|
|
Write-SECResourcePolicy -SecretId $SecretName -ResourcePolicy $policyString -ProfileName $ProfileName -Region $Region | Out-Null
|
|
} |