Merge pull request #8940 from zalando-incubator/add-zmon-policy

Allow access to secretsmanager:GetSecretValue for ZMON role
zalando-incubator · Mar 6, 2025 · 778a246 · 778a246
2 parents 8a2c946 + 0ee8b8d
commit 778a246
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml
@@ -1938,6 +1938,9 @@ Resources:
               - Action: 'states:ListExecutions'
                 Effect: Allow
                 Resource: '*'
+              - Action: 'secretsmanager:GetSecretValue'
+                Effect: Allow
+                Resource: "arn:aws:secretsmanager:{{.Cluster.Region}}:{{.Cluster.InfrastructureAccount | getAWSAccountID}}:secret:*.zmon-db-user.credentials*"
             Version: 2012-10-17
           PolicyName: root
       RoleName: "{{.Cluster.LocalID}}-app-zmon"