gpt4 book ai didi

amazon-web-services - 通过 CloudFormation 中的 SecretsManager 获取 AWS::RDS::DBCluster 的 MasterUserPassword

转载 作者:行者123 更新时间:2023-12-03 07:15:39 25 4
gpt4 key购买 nike

创建 AWS::RDS::DBCluster 时(Aurora-Serverless)在AWS CloudFormation中,有一个属性MasterUserPassword其输入指定为 string

那么,如何放置堆栈定义yaml,以便RDS定义不使用字符串,而是使用 AWS::SecretsManager::Secret 生成的随 secret 码?是否可以使用 !Ref 引用 Secrets-manager 生成的密码, !GetAtt还是其他方式?

Resources:
AuroraMysqlAppCredentialSecretStore:
Type: AWS::SecretsManager::Secret
Properties:
Name: AuroraMysqlAppCredentialSecretStore
GenerateSecretString:
SecretStringTemplate: '{"username": "admin"}'
GenerateStringKey: "password"
PasswordLength: 30
ExcludeCharacters: '"@/\'
ApprovalDbCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora
EngineMode: serverless
EngineVersion: '5.6'
DatabaseName: MyDatabaseName
MasterUsername: admin
MasterUserPassword: # HOW TO REFERENCE THE PASSWORD HERE??
DBClusterIdentifier: my-cluster-1
BackupRetentionPeriod: 35
DeletionProtection: false
ScalingConfiguration:
AutoPause: true
MaxCapacity: 8
MinCapacity: 2
SecondsUntilAutoPause: 300
DBSubnetGroupName: my-subnet-name

最后一点:Docs声明MasterUserPassword如果 SourceDBInstanceIdentifier 则不应指定或DBSnapshotIdentifier给出了属性,但我的配置两者都没有,所以显然我应该指定 MasterUserPassword .

最佳答案

您可以在cloudformation中使用动态引用https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html

ApprovalDbCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora
EngineMode: serverless
EngineVersion: '5.6'
DatabaseName: MyDatabaseName
MasterUsername: admin
MasterUserPassword: '{{resolve:ssm-secure:MasterPassword:10}}' #See link

关于amazon-web-services - 通过 CloudFormation 中的 SecretsManager 获取 AWS::RDS::DBCluster 的 MasterUserPassword,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59057481/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com