我写了一个政策,允许对秘密的特定行动以单词开头project1
。project2
例如,如何向此策略添加另一个条件?
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"secretsmanager:*"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringLike": {
"secretsmanager:Name": "project1-*"
}
}
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:GetResourcePolicy",
"secretsmanager:DeleteSecret",
"secretsmanager:PutSecretValue"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringLike": {
"secretsmanager:SecretId": "arn:aws:secretsmanager:${aws_region}:${aws_account_id}:secret:project1-*"
}
}
}
]
}