堆栈内存溢出
  简体   繁体   English

CloudFormation:对 SecretManager 值的动态引用不适用于资源的标记属性

[英]CloudFormation: Dynamic reference to SecretManager value not working for Resource's Tag Property

 原文  2020-12-02 18:27:03       amazon-web-services/ amazon-cloudformation/ aws-secrets-manager

问题描述

I want to store a secret in AWS secrets manager and retrieve it in a CloudFormation template.我想在 AWS 机密管理器中存储机密并在 CloudFormation 模板中检索它。 To test it I just put it in the value of a tag -为了测试它,我只是把它放在一个标签的值中——

  MainRouteTable:
    Properties:
      Tags:
        - Key: Environment
          Value: LIVE
        - Key: Name
          Value: '{{resolve:secretsmanager:tvs:SecretString:testname}}'
      VpcId: !Ref 'VPC'
    Type: AWS::EC2::RouteTable

After I run the CloudFormation using the template and the environment is up, the value for the tag "Name" is "{{resolve:secretsmanager:tvs:SecretString:testname}}" and not the actual secret stored in testname.在我使用模板运行 CloudFormation 并且环境启动后,标签“Name”的值是“{{resolve:secretsmanager:tvs:SecretString:testname}}”,而不是存储在 testname 中的实际秘密。 在此处输入图像描述

I have looked all around and can not figure out what is wrong.我环顾四周,无法弄清楚出了什么问题。 According to the AWS docs I am doing it properly.根据 AWS 文档,我做得很好。

I can retrieve the secret fine from the CLI -我可以从 CLI 中检索到秘密罚款 -

aws secretsmanager --region us-east-1 get-secret-value --secret-id arn:aws:secretsmanager:us-east-1:xxxxxx:secret:tvs-ZVTiDO --query SecretString --output text | jq -r .testname

Any suggestions?有什么建议么?

I followed the instructions here - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager我按照此处的说明操作 - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager

2 个解决方案

解决方案1
 2 已采纳  2020-12-02 21:20:26

SecretString can only be used in few resources and selected properties. SecretString只能在少数资源和选定属性中使用。 Tags are not supported .不支持标签 The supported list is: 支持的列表是:

AWS::DirectoryService::MicrosoftAD Password

AWS::DirectoryService::SimpleAD Password

AWS::ElastiCache::ReplicationGroup AuthToken

AWS::IAM::User LoginProfile Password

AWS::KinesisFirehose::DeliveryStream 

RedshiftDestinationConfiguration Password

AWS::OpsWorks::App Source Password

AWS::OpsWorks::Stack CustomCookbooksSource Password

AWS::OpsWorks::Stack RdsDbInstances DbPassword

AWS::RDS::DBCluster MasterUserPassword 

AWS::RDS::DBInstance MasterUserPassword

AWS::Redshift::Cluster MasterUserPassword

解决方案2
 0  2020-12-03 12:34:32

as a general rule, secrets will never display in AWS console, eg you can't use the im CloudFormation export, tags ect.作为一般规则,机密永远不会显示在 AWS 控制台中,例如,您不能使用 im CloudFormation 导出、标签等。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CloudFormation - 参考资源作为参数的默认值 - CloudFormation - reference resource as default value for Parameter Lambda函数的内联代码属性中CloudFormation模板中的参考资源 - Reference resource in CloudFormation template in inline code property of a Lambda function 无效的资源属性cloudformation - Invalid resource property cloudformation AWS Cloudformation-参考标签 - AWS Cloudformation - reference tag 在AWS Cloudformation中为资源名称传递标签键和值 - Pass tag Key and Value for resource name in AWS Cloudformation Userdata Cloudformation中资源的参考ID - Reference ID of resource in Userdata Cloudformation AWS Cloudformation动态资源名称 - AWS Cloudformation dynamic resource name 是否可以在 AppSync 解析器中引用 CloudFormation 资源名称? - Is it possible to reference a CloudFormation resource name in an AppSync resolver? AWS Cloudformation 有条件地添加资源属性 - AWS Cloudformation conditionally add resource property 在 Cloudformation 模板中引用动态角色名称 - Reference a dynamic role name in a Cloudformation template
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM