[英]How to retrieve an arn of secret with random suffix in AWS Cloudformation
arn:aws:secretsmanager:<region>:<accountid>:secret:<mysecret>-d1fX1Y
"Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN. " “Secrets Manager 在 ARN 末尾的秘密名称后自动添加一个连字符和六个随机字符。”
The arn is not static it may change. arn 不是 static 它可能会改变。
As far as I understand it is impossible to use.Ref because the resource is not created in the same stack.据我所知,不可能使用.Ref,因为资源不是在同一个堆栈中创建的。
I've tried to use.Sub with wildcard but the result is the same as it doesn't do a lookup.我试过使用 .Sub 和通配符,但结果是一样的,因为它没有进行查找。
Maybe any1 have an idea or workaround for that?也许有人对此有想法或解决方法?
Here is the part of the template.这是模板的一部分。
Globals:
Function:
CodeUri: ./
Timeout: 60
Runtime: nodejs14.x
VpcConfig:
SecurityGroupIds: !Ref SecurityGroups
SubnetIds: !Ref Subnets
Environment:
Variables:
STAGE: !Sub "${Stage}"
VERSION: !Sub "${Version}"
SECRET_ARN: !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:mysecret-*"
What you want to accomplish is to reference an Arn across Stacks?你想要完成的是跨 Stacks 引用一个 Arn? For example, if you export the ARN in the Stack creating the Secret, another Stack can reference that ARN with Fn::ImportValue.
例如,如果您在创建 Secret 的堆栈中导出 ARN,则另一个堆栈可以使用 Fn::ImportValue 引用该 ARN。
Fn::ImportValue - AWS CloudFormation Fn::ImportValue - AWS CloudFormation
The intrinsic function Fn::ImportValue returns the value of an output exported by another stack.
内部 function Fn::ImportValue 返回另一个堆栈导出的 output 的值。
You set it up so the ARN of the secret is passed in SSM parameter store and then use the parameter store value as a parameter in your cloudformation you can then use.Ref function to refer the secret value in your CF template.您设置它以便秘密的 ARN 在 SSM 参数存储中传递,然后使用参数存储值作为您的 cloudformation 中的参数,然后您可以使用。Ref function 在您的 CF 模板中引用秘密值。
This value is ARN of other resource (which is not other cloudformation stack) is just a resource created by terraform.
此值是其他资源(不是其他 cloudformation 堆栈)的 ARN 只是 terraform 创建的资源。
Suppose you add an SSM parameter resource with the Secret's Arn as a value to the.tf that creates the Secret.假设您将以 Secret 的 Arn 为值的 SSM 参数资源添加到创建 Secret 的.tf。 In that case, the CloudFormation template can reference that parameter with SSM dynamic references.
在这种情况下,CloudFormation 模板可以使用 SSM 动态引用来引用该参数。
It looks like this (Not tested):看起来像这样(未测试):
.tf .tf
resource "aws_ssm_parameter" "example" {
name = "example"
type = "String"
value = aws_secretsmanager_secret.<your_secret_name>.arn
}
aws_ssm_parameter | aws_ssm_参数 | Resources |
资源 | hashicorp/aws |
哈希公司/aws | Terraform Registry
Terraform 登记处
template模板
Globals:
Function:
CodeUri: ./
Timeout: 60
Runtime: nodejs14.x
VpcConfig:
SecurityGroupIds: !Ref SecurityGroups
SubnetIds: !Ref Subnets
Environment:
Variables:
STAGE: !Sub "${Stage}"
VERSION: !Sub "${Version}"
SECRET_ARN: !Sub "{{resolve:ssm:example}}"
Using dynamic references to specify template values - AWS CloudFormation 使用动态引用指定模板值 - AWS CloudFormation
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.