英文:
How best to retrieve AWS SSM parameters from the AWS CDK?
问题
抱歉,如果这是一个重复的问题,我正在通过博客和文章来寻找解决方案,我有点被弄得晕头转向。
我正在尝试使用AWS CDK来部署一个Stack,具体来说是在S3 Bucket上叠加一个CloudFront Distribution。我想从Cert Manager中获取一个证书,并且我还想更新R53中的一个Hosted Zone。
我想将区域ID和证书ARN放入SSM参数存储中,并且让我的CDK应用程序从那里获取正确的ID/ARN,以免将其留在我的代码中。
我目前在我的Go代码中这样获取这些值:
certArn := awsssm.StringParameter_ValueFromLookup(stack, certArnSSM)
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), certArn)
其中certArnSSM是参数的路径。
然而,当我运行synth时,我得到了以下错误:
panic: "ARNs must start with \"arn:\" and have at least 6 components: dummy-value-for-/dev/placeholder/certificateArn"
根据一些阅读资料,这是预期的。然而,我不确定解决这个问题的最佳实践方法。我对如何使用Lazy来解决这个问题不是很清楚 - 我需要创建一个type并实现Produce()方法吗?
英文:
Apologies if this is a duplicate, I'm going a bit snowblind with blogs and articles trying to find a solution.
I'm trying to use the AWS CDK to deploy a Stack - specifically a CloudFront Distribution layered over an S3 Bucket. I want to retrieve a cert from Cert Manager, and I also want to update a Hosted Zone in R53.
I want to put the zone ID and cert ARN in SSM Parameter Store, and have my CDK app pull the correct ID/ARN from there, so as not to leave it in my code.
I'm currently pulling the values like this in my Go code:
certArn := awsssm.StringParameter_ValueFromLookup(stack, certArnSSM)
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), certArn)
Where certArnSSM is the path to the parameter.
However, when I run the synth I get this:
panic: "ARNs must start with \"arn:\" and have at least 6 components: dummy-value-for-/dev/placeholder/certificateArn"
From some reading, this is expected. However, I'm not sure on the 'best practice' approach to solving it. I'm not totally clear on how to use Lazy to solve this - do I need to create a type and implement the Produce() method?
答案1
得分: 1
我无法复制您的错误。以下是没有错误的合成和部署,正确地从 ssm 中检索 certArn 参数作为有效的证书 arn 查找输入:
func NewCertLookupStack(scope constructs.Construct, id string, props *awscdk.StackProps) awscdk.Stack {
stack := awscdk.NewStack(scope, &id, &props)
certArn := awsssm.StringParameter_ValueFromLookup(stack, jsii.String("/dummy/certarn"))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, jsii.String("Certificate"), certArn)
awscdk.NewCfnOutput(stack, jsii.String("ArnOutput"), &awscdk.CfnOutputProps{
Value: certificate.CertificateArn(), // 展示它的工作原理:正确的证书 arn 存储为堆栈输出
})
return stack
}
英文:
I was unable to replicate your error. The following synths and deploys without error, correctly retrieving the certArn param from ssm as a valid certificate arn lookup input:
func NewCertLookupStack(scope constructs.Construct, id string, props *awscdk.StackProps) awscdk.Stack {
stack := awscdk.NewStack(scope, &id, &props)
certArn := awsssm.StringParameter_ValueFromLookup(stack, jsii.String("/dummy/certarn"))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, jsii.String("Certificate"), certArn)
awscdk.NewCfnOutput(stack, jsii.String("ArnOutput"), &awscdk.CfnOutputProps{
Value: certificate.CertificateArn(), // demonstrate it works: the correct cert arn storeed as a stack output
})
return stack
}
答案2
得分: 0
我通过在代码中将证书的UUID作为变量,并手动构建ARN来解决了这个问题。但感觉这种解决方法不太对。
createdArn := jsii.String(fmt.Sprintf("arn:aws:acm:us-east-1:%s:certificate/%s", *sprops.Env.Account, certUuid))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), createdArn)
英文:
I worked around the issue by making the UUID of the cert a variable in my code, and then constructing an ARN manually. It feels like the wrong way to solve the problem though.
createdArn := jsii.String(fmt.Sprintf("arn:aws:acm:us-east-1:%s:certificate/%s", *sprops.Env.Account, certUuid))
certificate := awscertificatemanager.Certificate_FromCertificateArn(stack, wrapName("certificate"), createdArn)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论