Amazon IAM Access Analyzer · JSON Structure

Iam Access Analyzer Secrets Manager Secret Configuration Structure

The configuration for a Secrets Manager secret. For more information, see CreateSecret.

You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key aws/secretsmanager. If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see Quotas for Secrets Manager..

Type: object Properties: 2
Access ControlComplianceIAMPolicy ManagementSecurity

SecretsManagerSecretConfiguration is a JSON Structure definition published by Amazon IAM Access Analyzer, describing 2 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

kmsKeyId secretPolicy

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-structure/iam-access-analyzer-secrets-manager-secret-configuration-structure.json",
  "name": "SecretsManagerSecretConfiguration",
  "description": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>",
  "type": "object",
  "properties": {
    "kmsKeyId": {
      "allOf": [
        {
          "$ref": "#/components/schemas/SecretsManagerSecretKmsId"
        },
        {
          "description": "The proposed ARN, key ID, or alias of the KMS key."
        }
      ]
    },
    "secretPolicy": {
      "allOf": [
        {
          "$ref": "#/components/schemas/SecretsManagerSecretPolicy"
        },
        {
          "description": "The proposed resource policy defining who can access or manage the secret."
        }
      ]
    }
  }
}