Add UpdateSecret permissions to lambda role

godatadriven · Oct 16, 2023 · bba6249 · bba6249
1 parent e95f50e
commit bba6249
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/typescript/src/resources/deploy-lambda.ts b/typescript/src/resources/deploy-lambda.ts
@@ -304,7 +304,7 @@ export class DatabricksDeployLambda extends IDatabricksDeployLambda {
 
         this.lambdaRole.addToPrincipalPolicy(new aws_iam.PolicyStatement({
             effect: aws_iam.Effect.ALLOW,
-            actions: ["secretsmanager:CreateSecret", "secretsmanager:DeleteSecret"],
+            actions: ["secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret"],
             resources: [
                 `arn:aws:secretsmanager:${this.props.region}:${this.props.accountId}:secret:/databricks/token/*`,
             ]