Action Description Resources Conditions
Disables automatic scheduled rotation and cancels the rotation of a secret if one is currently in progress
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Creates a new secret.
  • *
  • secretsmanager:Name
  • secretsmanager:Description
  • secretsmanager:KmsKeyId
  • Global Conditions
Deletes the resource-based permission policy that's attached to the secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Deletes an entire secret and all of its versions.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Retrieves the details of a secret. It does not include the encrypted fields.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:RecoveryWindowInDays
  • secretsmanager:ForceDeleteWithoutRecovery
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Generates a random password of the specified complexity.
  • *
Retrieves the JSON text of the resource-based policy document that's attached to the specified secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Retrieves the contents of the encrypted fields from the specified version of a secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:VersionId
  • secretsmanager:VersionStage
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Lists all of the secrets that are stored by Secrets Manager in the AWS account.
  • *
Lists all of the versions attached to the specified secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Attaches the contents of the specified resource-based permission policy to a secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Stores a new encrypted secret value in the specified secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
Cancels the scheduled deletion of a secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Configures and starts the asynchronous process of rotating this secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:RotationLambdaArn
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Attaches one or more tags to the specified secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Removes one or more tags from the specified secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Modifies many of the details of the specified secret
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:Description
  • secretsmanager:KmsKeyId
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions
Modifies the staging labels attached to a version of a secret.
  • arn:aws:secretsmanager:$region:$account:secret:$secret_name
  • secretsmanager:SecretId
  • secretsmanager:VersionStage
  • secretsmanager:AllowRotationLambdaArn
  • secretsmanager:ResourceTag/$tag-key
  • Global Conditions