secretsmanager:ResourceTag/environment doesn't work with *(star)

Question

I am trying to narrow down access to secrets which has an "environment" key. But it doesn't allow me to do so. When using specific environment name like "secretsmanager:ResourceTag/environment": "development" it works. But a wildcard value isn't working.

{
  "Sid": "VisualEditor0",
  "Effect": "Allow",
  "Action": [
    "secretsmanager:GetRandomPassword",
    "secretsmanager:GetResourcePolicy",
    "secretsmanager:GetSecretValue",
    "secretsmanager:DescribeSecret",
    "secretsmanager:ListSecretVersionIds",
    "secretsmanager:ListSecrets"
  ],
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "secretsmanager:ResourceTag/environment": "*"
    }
  }
}

Answer 1

StringEquals does case sensitive exact matching. Try StringLike instead, e.g:

{
  "Sid": "VisualEditor0",
  "Effect": "Allow",
  "Action": [
    "secretsmanager:GetRandomPassword",
    "secretsmanager:GetResourcePolicy",
    "secretsmanager:GetSecretValue",
    "secretsmanager:DescribeSecret",
    "secretsmanager:ListSecretVersionIds",
    "secretsmanager:ListSecrets"
  ],
  "Resource": "*",
  "Condition": {
    "StringLike": {
      "secretsmanager:ResourceTag/environment": "*"
    }
  }
}