Access Secrets Across AWS Accounts By Attaching Resource-based Policies
Starting today, AWS Secrets Manager allows you to access secrets such as database credentials and API keys across AWS accounts securely, by attaching resource-based policies to secrets. AWS Secrets Manager is a secrets management service that enables you to rotate, manage, and retrieve secrets throughout their lifecycle.
With this capability, you can now use secrets across AWS accounts. For example, you can manage secrets in one AWS account and grant employees or applications in other AWS accounts permissions to use these secrets. Similarly, you can share a secret with a business partner, such as a managed service provider (MSP), without transmitting the secret through channels such as email and handwritten notes. Resource-based policies also enable you to control who can manage permissions on a secret. For example, you can grant an employee permission to administer a specific secret.
AWS Secrets Manager is available in the AWS US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Mumbai), and South America (São Paulo) regions. Learn more by reading the How to access secrets across AWS accounts by attaching resource-based policies blog or the AWS Secrets Manager User Guide.