AWS Secrets Manager is a great way to safely store secrets needed by applications. Sometimes you need to access those secrets from an AWS account other than the account where the secret is stored. Here are some notes about that. |
AWS documentation about cross-account secret access: https://aws.amazon.com/premiumsupport/knowledge-center/secrets-manager-share-between-accounts/
The policies provided in the above link allow access to only the most recent version of the secret (i.e., AWSCURRENT
). Be sure to include that version stage in the API/CLI request. E.g.,
$ aws secretsmanager get-secret-value --secret-id arn:aws:secretsmanager:us-east-1:HOMEACCOUNT:secret:MySecret --region us-east-1 --version-stage AWSCURRENT |