AWS IAM role
To permit access to the secret we have just created, we need to create a role for our AWS App Runner service to fetch the secret.
Open the policies screen on the AWS IAM product.
Navigate to the AWS IAM page on the AWS console, and click "Create policy"
Create the policy
Using the JSON editor, we can create a very specific policy to allow only read access to the secret we have just created.
Remember to replace the ARN with the ARN of the secret you have just created!
Once finished, click "Next", provide a name for the policy and then click "Create policy".
Create the role
Navigate to the "Roles" section of the AWS IAM product, and click "Create role".
Select "Custom trust policy" as the trusted entity for the role, and enter the following policy to allow AWS App Runner to assume this role.
Once entered, click "Next".
Then, search for the policy you have just created, select it and then click "Next"
Then, name the role and click "Create". For this guide I have chosen the name "vizzly-query-engine-role".