secretsmanager grantWrite doesn't give permission to update a secret

[dirknilius]

Consider the following example:

import * as secretsmanager from '@aws-cdk/aws-secretsmanager';

const secret = new secretsmanager.Secret(this, 'Secret');
secret.grantWrite(role);

The grantWrite will give you secretsmanager:PutSecretValue permission. But it doesn't give secretsmanager:UpdateSecret permission.

Environment

• Framework Version: 1.45.0
• Language (Version): TypeScript 3.9.5

---

This is 🐛 Bug Report