Closed TomasChmelik closed 3 months ago
I'm sorry, where are you seeing "property description not available"?
CloudFormation does expose the ARN of the secret, but the full name of the attribute is MasterUserSecret.SecretArn
. Using only SecretArn
won't work. So, in your example, {"Fn::Sub": "${DatabaseCluster.MasterUserSecret.SecretArn}"}
should do what you want.
It seems that AWS updated/fixed the documentation. Previously it was just SecretArn
, or maybe I'm really stupid and overlooked this.
In any case it seems it should work now
According to the AWS documentation there should be "SecretArn" attribute on DBCluster resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#aws-resource-rds-dbcluster-return-values
It is a bit worrisome that its description is "Property description not available." but shouldn't this be available in CloudFormation?
When
ManageMasterUserPassword
is se to true the RDS will create new secret in secret manager which isn't referencable anywhere in CloudFormation template, which is where the RDS clusterSecretArn
attribute comes in