英文:
How to parameterize the secret id in dynamic reference (via resolve keyword) to fetch the secret key in aws cloudformation?
问题
I have stored the RDS password, username and jdbcurl in the aws secret manager and want to fetch the password, etc from aws secret in the cloudformation json template file, and I expect that the secret-id should resolve at runtime based on stack prefix.
I tried fetching it using dynamic reference. It works when I fetch it using:
"{{resolve:secretsmanager:dev-myRDSSecret:SecretString:JdbcURL}}"
But I want to parameterize the secret-id on the basis of stack prefix, so I used:
"Fn::Sub": "{{resolve:secretsmanager:${StackPrefix}-myRDSSecret:SecretString:JdbcURL}}"
But this gives me an error while deploying -
FAILED: ERROR: Could not create stack summary - An error occurred (ValidationError) when calling the GetTemplateSummary operation: Template Error: Encountered unsupported function: Fn:Sub Supported functions are: [Fn::Base64, Fn::GetAtt, Fn::GetAZs, Fn::ImportValue, Fn::Join, Fn::Split, Fn::FindInMap, Fn::Select, Ref, Fn::Equals, Fn::If, Fn::Not, Condition, Fn::And, Fn::Or, Fn::Contains, Fn::EachMemberEquals, Fn::EachMemberIn, Fn::ValueOf, Fn::ValueOfAll, Fn::RefAll, Fn::Sub, Fn::Cidr]
Can someone here suggest how we can parameterize the secret-id here?
英文:
I have stored the RDS password, username and jdbcurl in the aws secret manager and want to fetch the password,etc from aws secret in the cloudformation json template file, and I expect that the secret-id should resolve at runtime based on stackprefix.
I tried fetching it using dynamic reference. It works when I fetch it using
"{{resolve:secretsmanager:dev-myRDSSecret:SecretString:JdbcURL}}"
But I want to parameterize the secret-id on the basis of stack prefix, So I used
"Fn::Sub": "{{resolve:secretsmanager:${StackPrefix}-myRDSSecret:SecretString:JdbcURL}}"
. But this gives me error while deploying -
FAILED: ERROR: Could not create stack summary - An error occurred (ValidationError) when calling the GetTemplateSummary operation: Template Error: Encountered unsupported function: Fn:Sub Supported functions are: [Fn::Base64, Fn::GetAtt, Fn::GetAZs, Fn::ImportValue, Fn::Join, Fn::Split, Fn::FindInMap, Fn::Select, Ref, Fn::Equals, Fn::If, Fn::Not, Condition, Fn::And, Fn::Or, Fn::Contains, Fn::EachMemberEquals, Fn::EachMemberIn, Fn::ValueOf, Fn::ValueOfAll, Fn::RefAll, Fn::Sub, Fn::Cidr]
Can someone here suggest how we can parameterize the secret-id here?
答案1
得分: 1
你可以使用 !Join 函数来组装秘密字符串引用,逐个组装各部分:
{
"Fn::Join": [
"", [
"{{resolve:secretsmanager:",
{
"Sub": "${StackPrefix}"
},
"myRDSSecret:SecretString:JdbcURL}}"
]
]
}
我怀疑整个字符串上的子字符串出错,可能是因为{{括号(无论如何都需要)与插值语法冲突。
英文:
You can use the !Join function to assemble the secret string reference, assembling the pieces one by one:
{
"Fn::Join": [
"", [
"{{resolve:secretsmanager:",
{
"Sub": "${StackPrefix}"
},
"myRDSSecret:SecretString:JdbcURL}}"
]
]
}
I suspect a sub on the whole string errors because of the {{ brackets (which you need anyway) interfering with the interpolation syntax.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论