Home > OS >  How to retrieve an arn of secret with random suffix in AWS Cloudformation
How to retrieve an arn of secret with random suffix in AWS Cloudformation

Time:01-24

  1. I have an existing secret in secrets manager.
    The arn looks like that :
    arn:aws:secretsmanager:<region>:<accountid>:secret:<mysecret>-d1fX1Y
    As we all know the suffix is added by AWS.

"Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN. "

  1. I have a cloudformation template and I need somehow to get the arn of this secret into the template.

The arn is not static it may change.

As far as I understand it is impossible to use !Ref because the resource is not created in the same stack.

I've tried to use !Sub with wildcard but the result is the same as it doesn't do a lookup.

Maybe any1 have an idea or workaround for that?

Here is the part of the template.

Globals:
  Function:
    CodeUri: ./
    Timeout: 60
    Runtime: nodejs14.x
    VpcConfig:
      SecurityGroupIds: !Ref SecurityGroups
      SubnetIds: !Ref Subnets
    Environment:
      Variables:
        STAGE: !Sub "${Stage}"
        VERSION: !Sub "${Version}"
        SECRET_ARN: !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:mysecret-*"

CodePudding user response:

What you want to accomplish is to reference an Arn across Stacks? For example, if you export the ARN in the Stack creating the Secret, another Stack can reference that ARN with Fn::ImportValue.

Fn::ImportValue - AWS CloudFormation

The intrinsic function Fn::ImportValue returns the value of an output exported by another stack.

CodePudding user response:

You set it up so the ARN of the secret is passed in SSM parameter store and then use the parameter store value as a parameter in your cloudformation you can then use !Ref function to refer the secret value in your CF template.

  • Related