AliyunKMSSecretAdminAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunKMSSecretAdminAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunKMSSecretAdminAccess policy: Provides administrative access to secrets in KMS via Management Console.
Policy details
Type: service system policy
Creation time: 14:44:44 on March 04, 2020
Update time: 13:51:26 on June 26, 2023
Current version: v5
Policy content
{
"Version": "1",
"Statement": [
{
"Action": "kms:*",
"Resource": "acs:kms:*:*:secret*",
"Effect": "Allow"
},
{
"Action": "kms:GetRandomPassword",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeDBInstanceNetInfo",
"rds:CreateAccount",
"rds:GrantAccountPrivilege"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ecs:DescribeInstances",
"Resource": "acs:ecs:*:*:instance/*",
"Effect": "Allow"
},
{
"Action": ["ecs:TagResources","ecs:UntagResources","ecs:ListTagResources"],
"Resource": ["acs:kms:*:*:key/*","acs:kms:*:*:secret/*"],
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"secretsmanager-rds.kms.aliyuncs.com",
"secretsmanager-ecs.kms.aliyuncs.com"
]
}
},
"Resource": "*",
"Effect": "Allow"
}
]
}