update perms

lucasmcdonald3 · lucasmcdonald3 · commit 3ac7daed2852 · 2024-03-14T17:07:41.000-07:00
diff --git a/cfn/ESDK-Python.yml b/cfn/ESDK-Python.yml
@@ -186,6 +186,7 @@ Resources:
         - !Ref CryptoToolsKMS
         - !Ref CodeBuildCIBatchPolicy
         - !Ref CodeBuildBasePolicy
+        - !Ref SecretsManagerCIPolicy
         
   CodeBuildBatchPolicy:
     Type: "AWS::IAM::ManagedPolicy"
@@ -309,6 +310,25 @@ Resources:
             }
           ]
         }
+  
+  SecretsManagerCIPolicy:
+    Type: "AWS::IAM::ManagedPolicy"
+    Properties:
+      ManagedPolicyName: !Sub "CryptoTools-SecretsManager-${ProjectName}-release"
+      Path: "/service-role/"
+      PolicyDocument: !Sub |
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Resource": [
+                "arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U"
+              ],
+              "Action": "secretsmanager:GetSecretValue"
+            }
+          ]
+        }
 
   # There exist public AWS KMS CMKs that are used for testing
   # Take care with these CMKs they are **ONLY** for testing!!!
