putResourcePolicy method

Future<PutResourcePolicyResponse> putResourcePolicy({
  1. required String resourcePolicy,
  2. required String secretId,
  3. bool? blockPublicPolicy,
})

Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more information, see Authentication and access control for Secrets Manager

For information about attaching a policy in the console, see Attach a permissions policy to a secret.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

Required permissions: secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.

May throw InternalServiceError. May throw InvalidParameterException. May throw InvalidRequestException. May throw MalformedPolicyDocumentException. May throw PublicPolicyException. May throw ResourceNotFoundException.

Parameter resourcePolicy : A JSON-formatted string for an Amazon Web Services resource-based policy. For example policies, see Permissions policy examples.

Parameter secretId : The ARN or name of the secret to attach the resource-based policy.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.

Parameter blockPublicPolicy : Specifies whether to block resource-based policies that allow broad access to the secret, for example those that use a wildcard for the principal. By default, public policies aren't blocked.

  • Identity-based policies attached to associated Amazon Web Services principals (for example, IAM roles)
  • Resource-based policies attached to associated Amazon Web Services resources (for example, Key Management Service (KMS) keys)
To review permissions to your secrets, see Determine who has permissions to your secrets.

Implementation

Future<PutResourcePolicyResponse> putResourcePolicy({
  required String resourcePolicy,
  required String secretId,
  bool? blockPublicPolicy,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'secretsmanager.PutResourcePolicy'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'ResourcePolicy': resourcePolicy,
      'SecretId': secretId,
      if (blockPublicPolicy != null) 'BlockPublicPolicy': blockPublicPolicy,
    },
  );

  return PutResourcePolicyResponse.fromJson(jsonResponse.body);
}