[英]Aws secrets manager
I tried writing a hostedlambdarotation property in AWS cloudformation to rotate my credentials after every X days, but the deployment fails stating the following error - "Transform AWS::SecretsManager-2020-07-23 failed with: PostgreSQLSingleUser is not a supported rotation engine type."我尝试在 AWS cloudformation 中编写托管 lambdarotation 属性,以在每 X 天后轮换我的凭据,但部署失败并显示以下错误 - “转换 AWS::SecretsManager-2020-07-23 失败:PostgreSQLSingleUser 不是受支持的轮换引擎类型。”
Here in the documentation it says that the above mentioned rotation type is supported.在文档中,它说支持上述旋转类型。 Hostedlambdarotation property
Hostedlambdarotation 属性
Has anyone faced a similar issue?有没有人遇到过类似的问题? I am using a postgresql thus want to use the above mentioned rotation policy.
我正在使用 postgresql 因此想使用上述轮换策略。
Any help will be much appreciated!任何帮助都感激不尽!
Edit: Sample Code编辑:示例代码
{
"Transform": "AWS::SecretsManager-2020-07-23",
"Resources": {
"Test": {
"Type": "AWS::SecretsManager::Secret",
"Properties": {
"Name": "Test",
"Description": "Secrets for db connectivity",
"SecretString": "{\"username\":\"test\",\"password\":\"test\",\"engine\":\"postgres\",\"host\":\"test.rds.amazonaws.com\",\"port\":\"5432\",\"dbname\":\"test\"}"
}
},
"TestAttachment": {
"Type": "AWS::SecretsManager::SecretTargetAttachment",
"Properties": {
"SecretId": {
"Ref": "Test"
},
"TargetId": "arn:aws:rds:test",
"TargetType": "AWS::RDS::DBInstance"
}
},
"TestSecretRotationSchedule": {
"Type": "AWS::SecretsManager::RotationSchedule",
"Properties": {
"SecretId": {
"Ref": "Test"
},
"HostedRotationLambda": {
"RotationType": "PostgreSQLSingleUser",
"RotationLambdaName": "SecretsManagerRotation",
"VpcSecurityGroupIds": "sg-testid",
"VpcSubnetIds": {
"Fn::Join": [
",",
[
"subnet-test01",
"subnet-test02"
]
]
}
},
"RotationRules": {
"AutomaticallyAfterDays": 45
}
}
}
}
}
Maybe it has been updated since you last tried?也许自您上次尝试以来它已更新? I just used more or less than same syntax in yaml and it just deployed successfully in CFN.
我只是在 yaml 中使用了或多或少相同的语法,它刚刚在 CFN 中成功部署。
AuroraSecretRotationSchedule:
Type: AWS::SecretsManager::RotationSchedule
DependsOn:
- SecretAuroraClusterAttachment
- AuroraDBInstance
Properties:
HostedRotationLambda:
RotationType: PostgreSQLSingleUser
RotationLambdaName: "PGMasterSecretRotationLambda"
SecretId: !Ref AuroraMasterSecret
RotationRules:
AutomaticallyAfterDays: 30
Funny thing is I would never have gotten it if not for your question-- I specified the MasterSecretArn parameter previously, which caused an error.有趣的是,如果不是因为你的问题,我永远不会得到它——我之前指定了 MasterSecretArn 参数,这导致了错误。 Disclaimer: I haven't tested if this lambda actually works, just that it deployed w/o error.
免责声明:我尚未测试此 lambda 是否真的有效,只是它部署时没有错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.