如何在 AWS Cloudformation 中检索具有随机后缀的机密 arn
[英]How to retrieve an arn of secret with random suffix in AWS Cloudformation
问题描述
- I have an existing secret in secrets manager.
我在机密管理器中有一个现有机密。
The arn looks like that:arn 看起来像这样:
arn:aws:secretsmanager:<region>:<accountid>:secret:<mysecret>-d1fX1Y
As we all know the suffix is added by AWS.众所周知后缀是AWS加的。
"Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN. " “Secrets Manager 在 ARN 末尾的秘密名称后自动添加一个连字符和六个随机字符。”
- I have a cloudformation template and I need somehow to get the arn of this secret into the template.我有一个 cloudformation 模板,我需要以某种方式将这个秘密的 arn 放入模板中。
The arn is not static it may change. arn 不是 static 它可能会改变。
As far as I understand it is impossible to use.Ref because the resource is not created in the same stack.据我所知,不可能使用.Ref,因为资源不是在同一个堆栈中创建的。
I've tried to use.Sub with wildcard but the result is the same as it doesn't do a lookup.我试过使用 .Sub 和通配符,但结果是一样的,因为它没有进行查找。
Maybe any1 have an idea or workaround for that?也许有人对此有想法或解决方法?
Here is the part of the template.这是模板的一部分。
Globals:
Function:
CodeUri: ./
Timeout: 60
Runtime: nodejs14.x
VpcConfig:
SecurityGroupIds: !Ref SecurityGroups
SubnetIds: !Ref Subnets
Environment:
Variables:
STAGE: !Sub "${Stage}"
VERSION: !Sub "${Version}"
SECRET_ARN: !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:mysecret-*"
3 个解决方案
解决方案1
1 2023-01-23 17:49:34
What you want to accomplish is to reference an Arn across Stacks?你想要完成的是跨 Stacks 引用一个 Arn? For example, if you export the ARN in the Stack creating the Secret, another Stack can reference that ARN with Fn::ImportValue.例如,如果您在创建 Secret 的堆栈中导出 ARN,则另一个堆栈可以使用 Fn::ImportValue 引用该 ARN。
Fn::ImportValue - AWS CloudFormation Fn::ImportValue - AWS CloudFormation
The intrinsic function Fn::ImportValue returns the value of an output exported by another stack.
解决方案2
0 2023-01-23 16:41:00
You set it up so the ARN of the secret is passed in SSM parameter store and then use the parameter store value as a parameter in your cloudformation you can then use.Ref function to refer the secret value in your CF template.您设置它以便秘密的 ARN 在 SSM 参数存储中传递,然后使用参数存储值作为您的 cloudformation 中的参数,然后您可以使用。Ref function 在您的 CF 模板中引用秘密值。
解决方案3
0 2023-01-25 20:23:41
This value is ARN of other resource (which is not other cloudformation stack) is just a resource created by terraform.
Suppose you add an SSM parameter resource with the Secret's Arn as a value to the.tf that creates the Secret.假设您将以 Secret 的 Arn 为值的 SSM 参数资源添加到创建 Secret 的.tf。 In that case, the CloudFormation template can reference that parameter with SSM dynamic references.在这种情况下,CloudFormation 模板可以使用 SSM 动态引用来引用该参数。
It looks like this (Not tested):看起来像这样(未测试):
.tf .tf
resource "aws_ssm_parameter" "example" {
name = "example"
type = "String"
value = aws_secretsmanager_secret.<your_secret_name>.arn
}
aws_ssm_parameter | aws_ssm_参数 | Resources | 资源 | hashicorp/aws | 哈希公司/aws | Terraform Registry Terraform 登记处
template模板
Globals:
Function:
CodeUri: ./
Timeout: 60
Runtime: nodejs14.x
VpcConfig:
SecurityGroupIds: !Ref SecurityGroups
SubnetIds: !Ref Subnets
Environment:
Variables:
STAGE: !Sub "${Stage}"
VERSION: !Sub "${Version}"
SECRET_ARN: !Sub "{{resolve:ssm:example}}"
Using dynamic references to specify template values - AWS CloudFormation 使用动态引用指定模板值 - AWS CloudFormation
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.