Change log of AWS IAM permissions

2025-11-22

3 new conditions | 20 updated actions, 1 updated resource

Conditions

secretsmanager:ExternalSecretRotationRoleArn
- Description: Filters access by the managed external secret rotation role ARN in the request
- Type: ARN
secretsmanager:Type
- Description: Filters access by the managed external secret type in the request
- Type: String
secretsmanager:resource/Type
- Description: Filters access by the managed external secret type associated with the secret
- Type: String

Actions

CancelRotateSecret
- ＋ secretsmanager:resource/Type
CreateSecret
- ＋ secretsmanager:Type
DeleteResourcePolicy
- ＋ secretsmanager:resource/Type
DeleteSecret
- ＋ secretsmanager:resource/Type
DescribeSecret
- ＋ secretsmanager:resource/Type
GetResourcePolicy
- ＋ secretsmanager:resource/Type
GetSecretValue
- ＋ secretsmanager:resource/Type
ListSecretVersionIds
- ＋ secretsmanager:resource/Type
PutResourcePolicy
- ＋ secretsmanager:resource/Type
PutSecretValue
- ＋ secretsmanager:resource/Type
RemoveRegionsFromReplication
- ＋ secretsmanager:resource/Type
ReplicateSecretToRegions
- ＋ secretsmanager:resource/Type
RestoreSecret
- ＋ secretsmanager:resource/Type
RotateSecret
- ＋ secretsmanager:resource/Type
- ＋ secretsmanager:ExternalSecretRotationRoleArn
StopReplicationToReplica
- ＋ secretsmanager:resource/Type
TagResource
- ＋ secretsmanager:resource/Type
UntagResource
- ＋ secretsmanager:resource/Type
UpdateSecret
- ＋ secretsmanager:Type
- ＋ secretsmanager:resource/Type
UpdateSecretVersionStage
- ＋ secretsmanager:resource/Type
ValidateResourcePolicy
- ＋ secretsmanager:resource/Type

Resources

AWS Secrets Manager (secretsmanager)