如何最好地从AWS CDK中检索AWS SSM参数?

huangapple go评论79阅读模式
英文:

How best to retrieve AWS SSM parameters from the AWS CDK?

问题

抱歉,如果这是一个重复的问题,我正在通过博客和文章来寻找解决方案,我有点被弄得晕头转向。

我正在尝试使用AWS CDK来部署一个Stack,具体来说是在S3 Bucket上叠加一个CloudFront Distribution。我想从Cert Manager中获取一个证书,并且我还想更新R53中的一个Hosted Zone。

我想将区域ID和证书ARN放入SSM参数存储中,并且让我的CDK应用程序从那里获取正确的ID/ARN,以免将其留在我的代码中。

我目前在我的Go代码中这样获取这些值:

certArn := awsssm.StringParameter_ValueFromLookup(stack, certArnSSM)
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), certArn)

其中certArnSSM是参数的路径。

然而,当我运行synth时,我得到了以下错误:

panic: "ARNs must start with \"arn:\" and have at least 6 components: dummy-value-for-/dev/placeholder/certificateArn"

根据一些阅读资料,这是预期的。然而,我不确定解决这个问题的最佳实践方法。我对如何使用Lazy来解决这个问题不是很清楚 - 我需要创建一个type并实现Produce()方法吗?

英文:

Apologies if this is a duplicate, I'm going a bit snowblind with blogs and articles trying to find a solution.

I'm trying to use the AWS CDK to deploy a Stack - specifically a CloudFront Distribution layered over an S3 Bucket. I want to retrieve a cert from Cert Manager, and I also want to update a Hosted Zone in R53.

I want to put the zone ID and cert ARN in SSM Parameter Store, and have my CDK app pull the correct ID/ARN from there, so as not to leave it in my code.

I'm currently pulling the values like this in my Go code:

certArn := awsssm.StringParameter_ValueFromLookup(stack, certArnSSM)
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), certArn)

Where certArnSSM is the path to the parameter.

However, when I run the synth I get this:

panic: "ARNs must start with \"arn:\" and have at least 6 components: dummy-value-for-/dev/placeholder/certificateArn"

From some reading, this is expected. However, I'm not sure on the 'best practice' approach to solving it. I'm not totally clear on how to use Lazy to solve this - do I need to create a type and implement the Produce() method?

答案1

得分: 1

我无法复制您的错误。以下是没有错误的合成和部署,正确地从 ssm 中检索 certArn 参数作为有效的证书 arn 查找输入:

func NewCertLookupStack(scope constructs.Construct, id string, props *awscdk.StackProps) awscdk.Stack {
	stack := awscdk.NewStack(scope, &id, &props)

	certArn := awsssm.StringParameter_ValueFromLookup(stack, jsii.String("/dummy/certarn"))
	certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, jsii.String("Certificate"), certArn)

	awscdk.NewCfnOutput(stack, jsii.String("ArnOutput"), &awscdk.CfnOutputProps{
		Value: certificate.CertificateArn(), // 展示它的工作原理:正确的证书 arn 存储为堆栈输出
	})

	return stack
}
英文:

I was unable to replicate your error. The following synths and deploys without error, correctly retrieving the certArn param from ssm as a valid certificate arn lookup input:

func NewCertLookupStack(scope constructs.Construct, id string, props *awscdk.StackProps) awscdk.Stack {
	stack := awscdk.NewStack(scope, &id, &props)

	certArn := awsssm.StringParameter_ValueFromLookup(stack, jsii.String("/dummy/certarn"))
	certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, jsii.String("Certificate"), certArn)

	awscdk.NewCfnOutput(stack, jsii.String("ArnOutput"), &awscdk.CfnOutputProps{
		Value: certificate.CertificateArn(), // demonstrate it works: the correct cert arn storeed as a stack output
	})

	return stack
}

答案2

得分: 0

我通过在代码中将证书的UUID作为变量,并手动构建ARN来解决了这个问题。但感觉这种解决方法不太对。

createdArn := jsii.String(fmt.Sprintf("arn:aws:acm:us-east-1:%s:certificate/%s", *sprops.Env.Account, certUuid))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), createdArn)
英文:

I worked around the issue by making the UUID of the cert a variable in my code, and then constructing an ARN manually. It feels like the wrong way to solve the problem though.

createdArn := jsii.String(fmt.Sprintf("arn:aws:acm:us-east-1:%s:certificate/%s", *sprops.Env.Account, certUuid))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), createdArn)

huangapple
  • 本文由 发表于 2022年1月19日 01:10:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/70759640.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定