diff --git a/define-policies.tf b/define-policies.tf
index ac4d17b..9cd1d1f 100644
--- a/define-policies.tf
+++ b/define-policies.tf
@@ -84,6 +84,21 @@ resource "aws_iam_role_policy_attachment" "attach-allow-elb" {
 #   name = "ecsTaskExecutionRole"
 # }
 
+data "aws_iam_policy_document" "ecs-service-allow-secrets-manager" {
+  count = "${var.aws_secrets_manager_secret_arn != "" ? 1 : 0}"
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "secretsmanager:GetSecretValue"
+    ]
+
+    resources = [
+      "${var.aws_secrets_manager_secret_arn}"
+    ]
+  }
+}
+
 data "aws_iam_policy_document" "ecs-task-access-ecr" {
   statement {
     effect = "Allow"
@@ -116,6 +131,13 @@ data "aws_iam_policy_document" "ecs-task-access-cloudwatch" {
   }
 }
 
+resource "aws_iam_policy" "ecs-service-allow-secrets-manager" {
+  count = "${var.aws_secrets_manager_secret_arn != "" ? 1 : 0}"
+  name        = "ecs-service-allow-secrets-manager-${var.project}-${var.service}-${var.environment}"
+  description = "ECS Service policy to access Secrets Manager"
+  policy      = "${data.aws_iam_policy_document.ecs-service-allow-secrets-manager.json}"
+}
+
 resource "aws_iam_policy" "ecs-task-access-ecr" {
   name        = "ecs-task-allow-ec2-${var.project}-${var.service}-${var.environment}"
   description = "ECS task policy to access ECR"
@@ -150,6 +172,12 @@ EOF
   tags = "${merge(local.default_tags, var.tags)}"
 }
 
+resource "aws_iam_role_policy_attachment" "attach-allow-secrets-manager" {
+  count = "${var.aws_secrets_manager_secret_arn != "" ? 1 : 0}"
+  role       = "${aws_iam_role.ecs-task-execution.name}"
+  policy_arn = "${aws_iam_policy.ecs-service-allow-secrets-manager.arn}"
+}
+
 resource "aws_iam_role_policy_attachment" "attach-allow-ecr" {
   role       = "${aws_iam_role.ecs-task-execution.name}"
   policy_arn = "${aws_iam_policy.ecs-task-access-ecr.arn}"
diff --git a/variables.tf b/variables.tf
index 67d7de6..75e0dff 100644
--- a/variables.tf
+++ b/variables.tf
@@ -82,6 +82,11 @@ variable "task_role_arn" {
   default     = ""
 }
 
+variable "aws_secrets_manager_secret_arn" {
+  description = "ARN of specific AWS Secrets Manager secret which stores credentials for accessing private docker images registry"
+  default     = ""
+}
+
 variable "tags" {
   type        = "map"
   description = "Additional tags for all resources"