From c35fc099baf05b517443e37fa231b29e10d28379 Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Mon, 23 Sep 2024 08:30:35 -0700
Subject: [PATCH] Allow for secretsmanager dynamic refs in Parameter defaults
 (#3707)

---
 .../rules/functions/DynamicReferenceSecretsManagerPath.py   | 6 ++++++
 .../test_dynamic_reference_secrets_manager_path.py          | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/src/cfnlint/rules/functions/DynamicReferenceSecretsManagerPath.py b/src/cfnlint/rules/functions/DynamicReferenceSecretsManagerPath.py
index 11ba63e9ab..d45de05073 100644
--- a/src/cfnlint/rules/functions/DynamicReferenceSecretsManagerPath.py
+++ b/src/cfnlint/rules/functions/DynamicReferenceSecretsManagerPath.py
@@ -29,6 +29,12 @@ def validate(self, validator: Validator, s: Any, instance: Any, schema: Any):
             ):
                 return
 
+            if (
+                validator.context.path.path[0] == "Parameters"
+                and validator.context.path.path[2] == "Default"
+            ):
+                return
+
         yield ValidationError(
             (
                 f"Dynamic reference {instance!r} to secrets manager can only be "
diff --git a/test/unit/rules/functions/test_dynamic_reference_secrets_manager_path.py b/test/unit/rules/functions/test_dynamic_reference_secrets_manager_path.py
index fcaaebf714..1186a2f6fc 100644
--- a/test/unit/rules/functions/test_dynamic_reference_secrets_manager_path.py
+++ b/test/unit/rules/functions/test_dynamic_reference_secrets_manager_path.py
@@ -42,6 +42,12 @@ def context(cfn):
             ["Resources", "MyResource", "Properties", "LoginProfile", "Password"],
             [],
         ),
+        (
+            "Valid secrets manager",
+            "{{resolve:secretsmanager:Parameter}}",
+            ["Parameters", "MyParameter", "Default"],
+            [],
+        ),
         (
             "Short list",
             "{{resolve:secretsmanager:Parameter}}",