search

aws-quickstart / quickstart-uipath-orchestrator

AWS Quick Start Team
Apache License 2.0
11 stars 14 forks source link

AWS Secrets Manager #43

Open techno-pixel opened 2 years ago

techno-pixel commented 2 years ago

Hi there,

I dont have much experience in AWS, at all, and I am standing up Orchestrator on a government network, therefore I need to implement secrets manager for the orchestrator password in the main.template.yaml file.

Currently I have this in the yaml file for the section containing the orchestrator password: (note the password and ARN values are fake)

OrchestratorPassword: Type: 'AWS::SecretsManager::Secret' Properties: Name: uipathtestjadsecretspass Description: Orchestrator Password SecretString: '{"password":"passwordexample"}' ReplicaRegions:

using this, i receive the error that the parameter "Properties" is invalid, however every documentation I look at has it, and I don't see what the issue is... if i remove it, then the error moves down to Description: and the YAML not being well-formed.

Please if anybody has any advice or knowledge on adding secrets to the template for orchestrator it would be greatly appreciated :)

ubikusss commented 2 years ago

Hey, please check and see if this is an indenting issue.

techno-pixel commented 2 years ago

image

techno-pixel commented 2 years ago

thanks for your quick reply, i have been playing with the indentation and also the yaml text trying to configure something that works, but all the linters say it is correct and no indentation configuration works, i receive this error

image

ubikusss commented 2 years ago

If I understand the use case correctly you want to store the secret you use for the orchestrator password in the deployment in a secrets manager secret

Most likely the issue is with KmsKeyId which is not properly indented. It's under ReplicaRegions : image

Here are some examples we used in another project we have:

RDSPassword:
    Type: 'AWS::SecretsManager::Secret'
    Properties:
      Description: Password for the SF RDS instance.
      GenerateSecretString:
        SecretStringTemplate: '{"username": "admin"}'
        GenerateStringKey: "password"
        PasswordLength: 30
        ExcludePunctuation: true
  OrgSecret:
    Type: 'AWS::SecretsManager::Secret'
    Properties:
      Description: Org secret
      SecretString: '{}'
  PlatformSecret:
    Type: 'AWS::SecretsManager::Secret'
    Properties:
      Description: Password for the SF platform.
      GenerateSecretString:
        SecretStringTemplate: '{"username": "admin"}'
        GenerateStringKey: "password"
        PasswordLength: 30
        ExcludePunctuation: true
  ArgoCdSecret:
    Type: 'AWS::SecretsManager::Secret'
    Properties:
      Description: Password for ArgoCd.
      GenerateSecretString:
        SecretStringTemplate: '{"username": "admin"}'
        GenerateStringKey: "password"
        PasswordLength: 30
        ExcludePunctuation: true