“MasterUserSecret field missing in describe-db-instances API.”

huangapple go评论68阅读模式
英文:

MasterUserSecret field missing in describe-db-instances API

问题

我已经使用ManageMasterUserPassword=True创建了数据库。但是我无法从describe-db-instances命令中获取秘密ARN。

aws rds describe-db-instances --db-instance-identifier database-1 --query DBInstances[*].[MasterUsername,MasterUserSecret]
[
    [
        "postgres",
        null
    ]
]

我甚至从控制台创建了数据库,

“MasterUserSecret field missing in describe-db-instances API.”

但我仍然遇到相同的错误。

但我明确地看到了SecretsManager中的数据库ARN和数据库中的Secrets ARN。

“MasterUserSecret field missing in describe-db-instances API.”
“MasterUserSecret field missing in describe-db-instances API.”

英文:

I have created the database with ManageMasterUserPassword=True. But I couldn't get the Secret Arn from the describe-db-instances command.

aws rds describe-db-instances --db-instance-identifier database-1 --query DBInstances[*].[MasterUsername,MasterUserSecret]
[
    [
        "postgres",
        null
    ]
]

I have created the database even from console,
“MasterUserSecret field missing in describe-db-instances API.”

Still I am facing the same error.
But I can clearly see the database ARN in SecretsManager and Secrets ARN in database.
“MasterUserSecret field missing in describe-db-instances API.”
“MasterUserSecret field missing in describe-db-instances API.”

答案1

得分: 3

请确保您拥有更新的awscli,此功能的支持已在2.9.10版本中添加:

https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst

2.9.10
...

  • api-change:rds: 添加对在AWS Secrets Manager中管理DBInstance和DBCluster的主用户密码的支持。
    ...

使用此功能,输出(仅在数据库实例上启用该功能时)将包含:

$ aws rds describe-db-instances --db-instance-identifier database-1 --region=us-east-1

...
"MasterUserSecret": {
"SecretArn": "arn:aws:secretsmanager:us-east-1:776665554444:secret:rds!db-88888888-82e1-4a59-8c35-888888888888-SyXcpL",
"SecretStatus": "active",
"KmsKeyId": "arn:aws:kms:us-east-1:888888888888:key/88888888-c6c4-43da-a4a4-888888888888"
},

您可以使用以下命令获取实际值(例如):

$ secret_arn=$(aws rds describe-db-instances --db-instance-identifier database-1 --region=us-east-1 --query DBInstances[*].[MasterUserSecret.SecretArn] --output text)
$ aws secretsmanager get-secret-value --secret-id ${secret_arn} --region us-east-1 --query SecretString --output text
{"username":"admin","password":"SVxxxxxxxxxxxxxxxxxxxxxxxY7gwkD"}

英文:

Make sure you have more recent awscli, the support for this feature was added in 2.9.10:

https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst

2.9.10
...
* api-change:``rds``: Add support for managing master user password in AWS Secrets Manager for the DBInstance and DBCluster.
...

With this, the output (only when the feature is enabled on the db instance) will contain:

$ aws rds describe-db-instances --db-instance-identifier database-1 --region=us-east-1

...
"MasterUserSecret": {
                "SecretArn": "arn:aws:secretsmanager:us-east-1:776665554444:secret:rds!db-88888888-82e1-4a59-8c35-888888888888-SyXcpL",
                "SecretStatus": "active",
                "KmsKeyId": "arn:aws:kms:us-east-1:888888888888:key/88888888-c6c4-43da-a4a4-888888888888"
            },

You can get the actual values with (for example):

$ secret_arn=$(aws rds describe-db-instances --db-instance-identifier database-1 --region=us-east-1 --query DBInstances[*].[MasterUserSecret.SecretArn] --output text)
$ aws secretsmanager get-secret-value --secret-id ${secret_arn} --region us-east-1 --query SecretString --output text
{"username":"admin","password":"SVxxxxxxxxxxxxxxxxxxxxxxxY7gwkD"}

huangapple
  • 本文由 发表于 2023年2月8日 15:13:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/75382429.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定