diff --git a/docs/images/integrations/aws/integration-aws-iam-assume-arn.png b/docs/images/integrations/aws/integration-aws-iam-assume-arn.png
new file mode 100644
index 0000000000..1c36fc1517
Binary files /dev/null and b/docs/images/integrations/aws/integration-aws-iam-assume-arn.png differ
diff --git a/docs/images/integrations/aws/integration-aws-iam-assume-permission.png b/docs/images/integrations/aws/integration-aws-iam-assume-permission.png
new file mode 100644
index 0000000000..0fb8d493db
Binary files /dev/null and b/docs/images/integrations/aws/integration-aws-iam-assume-permission.png differ
diff --git a/docs/images/integrations/aws/integration-aws-iam-assume-role.png b/docs/images/integrations/aws/integration-aws-iam-assume-role.png
new file mode 100644
index 0000000000..29094b060c
Binary files /dev/null and b/docs/images/integrations/aws/integration-aws-iam-assume-role.png differ
diff --git a/docs/images/integrations/aws/integration-aws-iam-assume-select.png b/docs/images/integrations/aws/integration-aws-iam-assume-select.png
new file mode 100644
index 0000000000..63c5d2b01c
Binary files /dev/null and b/docs/images/integrations/aws/integration-aws-iam-assume-select.png differ
diff --git a/docs/images/integrations/aws/integrations-aws-secret-manager-auth.png b/docs/images/integrations/aws/integrations-aws-secret-manager-auth.png
index cc17097e16..ae83fcf9a4 100644
Binary files a/docs/images/integrations/aws/integrations-aws-secret-manager-auth.png and b/docs/images/integrations/aws/integrations-aws-secret-manager-auth.png differ
diff --git a/docs/integrations/cloud/aws-secret-manager-assume-role.mdx b/docs/integrations/cloud/aws-secret-manager-assume-role.mdx
new file mode 100644
index 0000000000..d4cd8370c0
--- /dev/null
+++ b/docs/integrations/cloud/aws-secret-manager-assume-role.mdx
@@ -0,0 +1,144 @@
+---
+title: "AWS Secrets Manager Assume Role"
+description: "Learn how to sync secrets from Infisical to AWS Secrets Manager without sharing any user credentials."
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+
+
+ To connect your Infisical instance with AWS, you need to set up an AWS IAM User account that can assume the AWS IAM Role for the integration.
+
+
+
+ Navigate to [Create IAM User](https://console.aws.amazon.com/iamv2/home#/users/create) in your AWS Console.
+
+
+ Attach the following inline permission policy to the IAM User to allow it to assume any IAM Roles:
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "AllowAssumeAnyRole",
+ "Effect": "Allow",
+ "Action": "sts:AssumeRole",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ]
+}
+```
+
+
+ Obtain the AWS access key ID and secret access key for your IAM User by navigating to IAM > Users > [Your User] > Security credentials > Access keys.
+
+ ![Access Key Step 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
+ ![Access Key Step 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
+ ![Access Key Step 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+
+
+ 1. Set the access key as **CLIENT_ID_AWS_INTEGRATION**.
+ 2. Set the secret key as **CLIENT_SECRET_AWS_INTEGRATION**.
+
+
+
+
+
+
+ 1. Navigate to the [Create IAM Role](https://console.aws.amazon.com/iamv2/home#/roles/create?step=selectEntities) page in your AWS Console.
+ ![IAM Role Creation](../../images/integrations/aws/integration-aws-iam-assume-role.png)
+
+ 2. Select **AWS Account** as the **Trusted Entity Type**.
+ 3. Choose **Another AWS Account** and enter **381492033652** (Infisical AWS Account ID). This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead.
+ 4. Optionally, enable **Require external ID** and enter your **project ID** to further enhance security.
+
+
+
+ ![IAM Role Permissions](../../images/integrations/aws/integration-aws-iam-assume-permission.png)
+ Use the following custom policy to grant the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager:
+
+ ```json
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "AllowSecretsManagerAccess",
+ "Effect": "Allow",
+ "Action": [
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:CreateSecret",
+ "secretsmanager:UpdateSecret",
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:TagResource",
+ "secretsmanager:UntagResource",
+ "kms:ListKeys",
+ "kms:ListAliases",
+ "kms:Encrypt",
+ "kms:Decrypt"
+ ],
+ "Resource": "*"
+ }
+ ]
+ }
+ ```
+
+
+
+ ![Copy IAM Role ARN](../../images/integrations/aws/integration-aws-iam-assume-arn.png)
+
+
+
+ 1. Navigate to your project's integrations tab in Infisical.
+ 2. Click on the **AWS Secrets Manager** tile.
+ ![Select AWS Secrets Manager](../../images/integrations.png)
+
+ 3. Select the **AWS Assume Role** option.
+ ![Select Assume Role](../../images/integrations/aws/integration-aws-iam-assume-select.png)
+
+ 4. Provide the **AWS IAM Role ARN** obtained from the previous step.
+
+ Select how you want to integration to work by specifying a number of parameters:
+
+
+ The environment in Infisical from which you want to sync secrets to AWS Secrets Manager.
+
+
+ The path within the preselected environment form which you want to sync secrets to AWS Secrets Manager.
+
+
+ The region that you want to integrate with in AWS Secrets Manager.
+
+
+ How you want the integration to map the secrets. The selected value could be either one to one or one to many.
+
+
+ The secret name/path in AWS into which you want to sync the secrets from Infisical.
+
+
+ ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)
+
+ Optionally, you can add tags or specify the encryption key of all the secrets created via this integration:
+
+
+ The Key/Value of a tag that will be added to secrets in AWS. Please note that it is possible to add multiple tags via API.
+
+
+ The alias/ID of the AWS KMS key used for encryption. Please note that key should be enabled in order to work and the IAM user should have access to it.
+
+ ![integration options](../../images/integrations/aws/integrations-aws-secret-manager-options.png)
+
+ Then, press `Create Integration` to start syncing secrets to AWS Secrets Manager.
+
+
+ Infisical currently syncs environment variables to AWS Secrets Manager as
+ key-value pairs under one secret. We're actively exploring ways to help users
+ group environment variable key-pairs under multiple secrets for greater
+ control.
+
+
+ Please note that upon deleting secrets in Infisical, AWS Secrets Manager immediately makes the secrets inaccessible but only schedules them for deletion after at least 7 days.
+
+
+
+
diff --git a/docs/integrations/cloud/aws-secret-manager.mdx b/docs/integrations/cloud/aws-secret-manager.mdx
index 9b3a8a2f83..4b46840b05 100644
--- a/docs/integrations/cloud/aws-secret-manager.mdx
+++ b/docs/integrations/cloud/aws-secret-manager.mdx
@@ -51,13 +51,13 @@ Prerequisites:
![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
- Navigate to your project's integrations tab in Infisical.
+ 1. Navigate to your project's integrations tab in Infisical.
+ 2. Click on the **AWS Secrets Manager** tile.
+ ![Select AWS Secrets Manager](../../images/integrations.png)
- ![integrations](../../images/integrations.png)
-
- Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.
-
- ![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
+ 3. Select the **Access Key** option for Authentication Mode.
+ ![Select Access Key](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
+ 4. Provide the **access key** and **secret key** for the AWS Iam User.
diff --git a/docs/mint.json b/docs/mint.json
index ac2a536c0a..d8410e27af 100644
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -299,6 +299,7 @@
"pages": [
"integrations/cloud/aws-parameter-store",
"integrations/cloud/aws-secret-manager",
+ "integrations/cloud/aws-secret-manager-assume-role",
"integrations/cloud/aws-amplify"
]
},
diff --git a/docs/self-hosting/configuration/envars.mdx b/docs/self-hosting/configuration/envars.mdx
index 754409dfeb..09eb86647b 100644
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@@ -445,6 +445,16 @@ To help you sync secrets from Infisical to services such as Github and Gitlab, I
+
+
+ The AWS IAM User access key for assuming roles.
+
+
+
+ The AWS IAM User secret key for assuming roles.
+
+
+
OAuth2 client id for Azure integration