stackoom
  简体   繁体   中英

Aws secrets manager

 原文  2020-08-05 14:14:07       amazon-web-services/ aws-lambda/ amazon-cloudformation/ amazon-rds/ aws-secrets-manager

Question

I tried writing a hostedlambdarotation property in AWS cloudformation to rotate my credentials after every X days, but the deployment fails stating the following error - "Transform AWS::SecretsManager-2020-07-23 failed with: PostgreSQLSingleUser is not a supported rotation engine type."

Here in the documentation it says that the above mentioned rotation type is supported. Hostedlambdarotation property

Has anyone faced a similar issue? I am using a postgresql thus want to use the above mentioned rotation policy.

Any help will be much appreciated!

Edit: Sample Code

   {
  "Transform": "AWS::SecretsManager-2020-07-23",
  "Resources": {
    "Test": {
      "Type": "AWS::SecretsManager::Secret",
      "Properties": {
        "Name": "Test",
        "Description": "Secrets for db connectivity",
        "SecretString": "{\"username\":\"test\",\"password\":\"test\",\"engine\":\"postgres\",\"host\":\"test.rds.amazonaws.com\",\"port\":\"5432\",\"dbname\":\"test\"}"
      }
    },
    "TestAttachment": {
      "Type": "AWS::SecretsManager::SecretTargetAttachment",
      "Properties": {
        "SecretId": {
          "Ref": "Test"
        },
        "TargetId": "arn:aws:rds:test",
        "TargetType": "AWS::RDS::DBInstance"
      }
    },
    "TestSecretRotationSchedule": {
      "Type": "AWS::SecretsManager::RotationSchedule",
      "Properties": {
        "SecretId": {
          "Ref": "Test"
        },
        "HostedRotationLambda": {
          "RotationType": "PostgreSQLSingleUser",
          "RotationLambdaName": "SecretsManagerRotation",
          "VpcSecurityGroupIds": "sg-testid",
          "VpcSubnetIds": {
            "Fn::Join": [
              ",",
              [
                "subnet-test01",
                "subnet-test02"
              ]
            ]
          }
        },
        "RotationRules": {
          "AutomaticallyAfterDays": 45
        }
      }
    }
  }
}

1 answers

solution1
 0  2020-08-26 08:32:28

Maybe it has been updated since you last tried? I just used more or less than same syntax in yaml and it just deployed successfully in CFN.

    AuroraSecretRotationSchedule:
      Type: AWS::SecretsManager::RotationSchedule
      DependsOn:
        - SecretAuroraClusterAttachment
        - AuroraDBInstance
      Properties:
        HostedRotationLambda:
          RotationType: PostgreSQLSingleUser
          RotationLambdaName: "PGMasterSecretRotationLambda"
        SecretId: !Ref AuroraMasterSecret
        RotationRules:
          AutomaticallyAfterDays: 30

Funny thing is I would never have gotten it if not for your question-- I specified the MasterSecretArn parameter previously, which caused an error. Disclaimer: I haven't tested if this lambda actually works, just that it deployed w/o error.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create secrets in AWS Secrets Manager AWS Secrets Manager and javascript Retrieve secrets from AWS Secrets Manager How to store multiple secrets in AWS Secrets Manager? Alternatives of/Configuring AWS secrets manager VPC Endpoint for AWS Secrets Manager AWS Secrets Manager Exception AccessDenied AWS Secrets Manager Certificate issue AWS Secrets Manager cross account AWS and secrets (Systems Manager, Secrets Manager, Key Management Service)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM