https://awspolicygen.s3.amazonaws.com/policygen.html

https://yoo11052.tistory.com/136

{ "Version": "2012-10-17", "Statement": [ { "Sid": "getobject", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::s3-119030453180/*" }, { "Sid": "getsecretvalue", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:ap-northeast-2:119030453180:secret:/secrets/db-Owd5vs" ] }, { "Sid": "decrypt", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:ap-northeast-2:119030453180:key/32e2b378-30c1-4e71-a8fa-7bf42205180a" ] } --cmk에 권한 추가 안하면 추가 ] }