英文:
Unexpected ARN format with parameters when trying to retrieve ASM secret
问题
以下是我的CloudFormation模板的一部分,用于ECS任务。它获取了一个包含JSON键值对密码的秘密*/rds/rds_secret-D2fBVv*,格式如下:{"password":"1234ABCD","dbname":"my_db"}...
TaskDefinitionAPI:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: api
Secrets:
- Name: "DB_PASSWORD"
ValueFrom: "arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
根据此文档,然而,在创建堆栈时,我遇到了以下错误:
>ResourceInitializationError: 无法拉取密码或注册表授权:执行资源检索失败:无法从ASM检索密码:服务调用已重试1次:无法检索ASM密码时出现参数的意外ARN格式:尝试检索ASM密码时出现带参数的意外ARN格式。
我怀疑这是因为我的密码是JSON键值对。我尝试了许多修改,但CloudFormation仍然报错。
英文:
Below is a portion of my cloudformation template for an ECS task. It fetches a secret /rds/rds_secret-D2fBVv which contains a json key-value pair secret like {"password":"1234ABCD","dbname":"my_db"}...
TaskDefinitionAPI:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: api
Secrets:
- Name: "DB_PASSWORD"
ValueFrom: "arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
as per this documentation here.
However when creating the stack, I get the following error
>ResourceInitializationError: unable to pull secrets or registry auth: Execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 1 time(s): secrets manager: failed to retrieve secret from arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password: unexpected ARN format with parameters when trying to retrieve ASM secret
I suspect it is because I have a json key-value pair as the secret. I have tried many modifications to this, but cloudformation still complains.
答案1
得分: 2
根据 [此文档](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html),格式应为
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"
但你提供的是:
"arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
应该是:
`arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:password::`
英文:
According to this doc the format should be
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"
But you have:
"arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
that should be
arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:password::
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论