How to parameterize the secret id in dynamic reference (via resolve keyword) to fetch the secret key in aws cloudformation?

huangapple go评论60阅读模式
英文:

How to parameterize the secret id in dynamic reference (via resolve keyword) to fetch the secret key in aws cloudformation?

问题

I have stored the RDS password, username and jdbcurl in the aws secret manager and want to fetch the password, etc from aws secret in the cloudformation json template file, and I expect that the secret-id should resolve at runtime based on stack prefix.

I tried fetching it using dynamic reference. It works when I fetch it using:

"{{resolve:secretsmanager:dev-myRDSSecret:SecretString:JdbcURL}}"

But I want to parameterize the secret-id on the basis of stack prefix, so I used:

"Fn::Sub": "{{resolve:secretsmanager:${StackPrefix}-myRDSSecret:SecretString:JdbcURL}}"

But this gives me an error while deploying -

FAILED: ERROR: Could not create stack summary - An error occurred (ValidationError) when calling the GetTemplateSummary operation: Template Error: Encountered unsupported function: Fn:Sub Supported functions are: [Fn::Base64, Fn::GetAtt, Fn::GetAZs, Fn::ImportValue, Fn::Join, Fn::Split, Fn::FindInMap, Fn::Select, Ref, Fn::Equals, Fn::If, Fn::Not, Condition, Fn::And, Fn::Or, Fn::Contains, Fn::EachMemberEquals, Fn::EachMemberIn, Fn::ValueOf, Fn::ValueOfAll, Fn::RefAll, Fn::Sub, Fn::Cidr]

Can someone here suggest how we can parameterize the secret-id here?

英文:

I have stored the RDS password, username and jdbcurl in the aws secret manager and want to fetch the password,etc from aws secret in the cloudformation json template file, and I expect that the secret-id should resolve at runtime based on stackprefix.

I tried fetching it using dynamic reference. It works when I fetch it using

"{{resolve:secretsmanager:dev-myRDSSecret:SecretString:JdbcURL}}"

But I want to parameterize the secret-id on the basis of stack prefix, So I used

"Fn::Sub": "{{resolve:secretsmanager:${StackPrefix}-myRDSSecret:SecretString:JdbcURL}}"

. But this gives me error while deploying -

FAILED: ERROR: Could not create stack summary - An error occurred (ValidationError) when calling the GetTemplateSummary operation: Template Error: Encountered unsupported function: Fn:Sub Supported functions are: [Fn::Base64, Fn::GetAtt, Fn::GetAZs, Fn::ImportValue, Fn::Join, Fn::Split, Fn::FindInMap, Fn::Select, Ref, Fn::Equals, Fn::If, Fn::Not, Condition, Fn::And, Fn::Or, Fn::Contains, Fn::EachMemberEquals, Fn::EachMemberIn, Fn::ValueOf, Fn::ValueOfAll, Fn::RefAll, Fn::Sub, Fn::Cidr]

Can someone here suggest how we can parameterize the secret-id here?

答案1

得分: 1

你可以使用 !Join 函数来组装秘密字符串引用,逐个组装各部分:

{
  "Fn::Join": [
    "", [
      "{{resolve:secretsmanager:",
      {
        "Sub": "${StackPrefix}"
      },
      "myRDSSecret:SecretString:JdbcURL}}"
    ]
  ]
}

我怀疑整个字符串上的子字符串出错,可能是因为{{括号(无论如何都需要)与插值语法冲突。

英文:

You can use the !Join function to assemble the secret string reference, assembling the pieces one by one:

{
  "Fn::Join": [
    "", [
      "{{resolve:secretsmanager:",
      {
        "Sub": "${StackPrefix}"
      },
      "myRDSSecret:SecretString:JdbcURL}}"
    ]
  ]
}

I suspect a sub on the whole string errors because of the {{ brackets (which you need anyway) interfering with the interpolation syntax.

huangapple
  • 本文由 发表于 2023年2月27日 13:03:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/75576913.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定