From 418bbb7ee184ea8f34d043b4a99987e3628a2e6b Mon Sep 17 00:00:00 2001
From: Markus Bergholz <git@osuv.de>
Date: Wed, 29 May 2024 15:52:35 +0200
Subject: [PATCH] add secretsmanager:GetRandomPassword (#303)

* add

* reduce two kms disable actions to wildcard Disable*

* fixed

* sort
---
 aws/policy/security-services.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws/policy/security-services.yaml b/aws/policy/security-services.yaml
index 29d58a7..679bdb2 100644
--- a/aws/policy/security-services.yaml
+++ b/aws/policy/security-services.yaml
@@ -73,8 +73,7 @@ Statement:
       - kms:CreateGrant
       - kms:DeleteAlias
       - kms:Describe*
-      - kms:DisableKey
-      - kms:DisableKeyRotation
+      - kms:Disable*
       - kms:EnableKey
       - kms:EnableKeyRotation
       - kms:Get*
@@ -88,6 +87,7 @@ Statement:
       - kms:UpdateKeyDescription
       - logs:List*
       - secretsmanager:Describe*
+      - secretsmanager:GetRandomPassword
       - secretsmanager:List*
     Resource: "*"