Home > Back-end >  What does the secret have to contain for `AWS::RDS::DBProxy AuthFormat`
What does the secret have to contain for `AWS::RDS::DBProxy AuthFormat`

Time:11-15

To create an AWS::RDS::DBProxy using CloudFormation, you need to provide a SecretsManager Secret as the authentication method. In the below example, it's the secret pointed to by BootstrapProxySecretArn:

Resources:
  TestDBProxy:
    Type: AWS::RDS::DBProxy
    Properties:
      DBProxyName: !Ref ProxyName
      EngineFamily: MYSQL
      RoleArn:
        !Ref BootstrapSecretReaderRoleArn
      Auth:
        - {AuthScheme: SECRETS, SecretArn: !Ref BootstrapProxySecretArn, IAMAuth: DISABLED}
      VpcSubnetIds:

But the CloudFormation docs don't explain what this secret needs to contain. Is it a secret containing the password for that database username?

CodePudding user response:

The templates for different databases for secrete manager are here. For MySQL it would be:

{
  "engine": "mysql",
  "host": "<required: instance host name/resolvable DNS name>",
  "username": "<required: username>",
  "password": "<required: password>",
  "dbname": "<optional: database name. If not specified, defaults to None>",
  "port": "<optional: TCP port number. If not specified, defaults to 3306>"
}

Alternatively, you can always use AWS console to create the secret automatically for you for your database, and inspect its structure which then you can re-use in CloudFormation.

Page link:https//www.codepudding.com/Backend/191922.html

Prev:Ctrl c not stopping a Thread in Windows python3.7
Next:How to get the list of Nitro system based EC2 instance type by CLI?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding