意外的 ARN 格式,尝试检索 ASM 密钥时带有参数。

huangapple go评论71阅读模式
英文:

Unexpected ARN format with parameters when trying to retrieve ASM secret

问题

以下是我的CloudFormation模板的一部分,用于ECS任务。它获取了一个包含JSON键值对密码的秘密*/rds/rds_secret-D2fBVv*,格式如下:{"password":"1234ABCD","dbname":"my_db"}...

TaskDefinitionAPI:
  Type: AWS::ECS::TaskDefinition
  Properties:
    ContainerDefinitions:
      - Name: api
        Secrets:
          - Name: "DB_PASSWORD"
            ValueFrom: "arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"

根据此文档,然而,在创建堆栈时,我遇到了以下错误:

>ResourceInitializationError: 无法拉取密码或注册表授权:执行资源检索失败:无法从ASM检索密码:服务调用已重试1次:无法检索ASM密码时出现参数的意外ARN格式:尝试检索ASM密码时出现带参数的意外ARN格式。

我怀疑这是因为我的密码是JSON键值对。我尝试了许多修改,但CloudFormation仍然报错。

英文:

Below is a portion of my cloudformation template for an ECS task. It fetches a secret /rds/rds_secret-D2fBVv which contains a json key-value pair secret like {&quot;password&quot;:&quot;1234ABCD&quot;,&quot;dbname&quot;:&quot;my_db&quot;}...

TaskDefinitionAPI:
Type: AWS::ECS::TaskDefinition
Properties:
  ContainerDefinitions:
    - Name: api
      Secrets:
        - Name: &quot;DB_PASSWORD&quot;
          ValueFrom: &quot;arn:aws:secretsmanager:&lt;region&gt;:&lt;accountid&gt;:secret:/rds/rds_secret-D2fBVv:SecretString:password&quot;

as per this documentation here.

However when creating the stack, I get the following error

>ResourceInitializationError: unable to pull secrets or registry auth: Execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 1 time(s): secrets manager: failed to retrieve secret from arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password: unexpected ARN format with parameters when trying to retrieve ASM secret

I suspect it is because I have a json key-value pair as the secret. I have tried many modifications to this, but cloudformation still complains.

答案1

得分: 2

根据 [此文档](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html),格式应为

"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"


但你提供的是:

"arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"


应该是:

`arn:aws:secretsmanager:&lt;region&gt;:&lt;accountid&gt;:secret:/rds/rds_secret-D2fBVv:password::`
英文:

According to this doc the format should be

&quot;valueFrom&quot;: &quot;arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::&quot;

But you have:

&quot;arn:aws:secretsmanager:&lt;region&gt;:&lt;accountid&gt;:secret:/rds/rds_secret-D2fBVv:SecretString:password&quot;

that should be

arn:aws:secretsmanager:&lt;region&gt;:&lt;accountid&gt;:secret:/rds/rds_secret-D2fBVv:password::

huangapple
  • 本文由 发表于 2023年3月23日 08:29:45
  • 转载请务必保留本文链接:https://go.coder-hub.com/75818349.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定