gpt4 book ai didi

python - 解析 Cfn L1 构造中使用 CDK 创建的 secret

转载 作者:行者123 更新时间:2023-12-05 02:03:14 25 4
gpt4 key购买 nike

如何使用 L2 Secret使用 Secrets Manager 创建以解析为 L1 Cfn 属性值?

from aws_cdk import (
core,
aws_secretsmanager as secretsmanager,
aws_elasticache as elasticache
)
class MyStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)

redis_password = secretsmanager.Secret(
self, "RedisPassword",
description="Redis auth",
generate_secret_string=secretsmanager.SecretStringGenerator(
exclude_characters='/"@'
)
)
self.redis = elasticache.CfnReplicationGroup(self, 'RedisCluster',
auth_token=redis_password.secret_value,
# other properties
)

这给出了错误

jsii.errors.JSIIError: Object of type @aws-cdk/aws-secretsmanager.Secret is not convertible to @aws-cdk/core.CfnElement

在 Cloudformation 中要解决 secret ,我会使用类似的东西

AuthToken: !Sub '{{resolve:secretsmanager:${MySecret}::password}}'

但是 L2 Secret不像 L1 构造那样输出 Cfn Ref(据我所知)

我错过了什么?

最佳答案

我只缺少 to_string()方法

from aws_cdk import (
core,
aws_secretsmanager as secretsmanager,
aws_elasticache as elasticache
)
class MyStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)

redis_password = secretsmanager.Secret(
self, "RedisPassword",
description="Redis auth",
generate_secret_string=secretsmanager.SecretStringGenerator(
exclude_characters='/"@'
)
)
self.redis = elasticache.CfnReplicationGroup(self, 'RedisCluster',
auth_token=redis_password.secret_value.to_string(),
# other properties
)

综合起来

{
"RedisPasswordED621C10": {
"Type": "AWS::SecretsManager::Secret",
"Properties": {
"Description": "Redis auth",
"GenerateSecretString": {
"ExcludeCharacters": "/\"@"
}
},
"Metadata": {
"aws:cdk:path": "my-cdk-stack/RedisPassword/Resource"
}
},
"RedisCluster": {
"Type": "AWS::ElastiCache::ReplicationGroup",
"Properties": {
"ReplicationGroupDescription": "RedisGroup",
"AtRestEncryptionEnabled": true,
"AuthToken": {
"Fn::Join": [
"",
[
"{{resolve:secretsmanager:",
{
"Ref": "RedisPasswordED621C10"
},
":SecretString:::}}"
]
]
},
"OtherProps": "..."
}
}
}

关于python - 解析 Cfn L1 构造中使用 CDK 创建的 secret ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65373681/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com