search

binxio / cfn-secret-provider

A CloudFormation custom resource provider for deploying secrets and keys
Apache License 2.0
141 stars 70 forks source link

Return Value "Name" for a keypair #22

Closed aerioeus closed 6 years ago

aerioeus commented 6 years ago

Hi, how can I get the Return Value "Name" for a keypair. merci A

mvanholsteijn commented 6 years ago

@aerioeus Which Name are you looking for? The Name of the user is passed in. The returned AccessKey can be used as a username with login on SMTP.

aerioeus commented 6 years ago

I am looking for the resource name, like the keypair name. When I try !Ref Keypair it returns the ARN. but for many uses like ECS I need the pure Keypair name. Right now I use the !split function to get the KeyName from the ARN.

mvanholsteijn commented 6 years ago

So, you actually looking to get the Name you provided as input parameter as output parameter. Right?

mvanholsteijn commented 6 years ago

Version 0.12.3 has the functionality you requested.

aerioeus commented 6 years ago

Merci, what returns the Name? Did you change the !Ref output or do I need to use !GetAtt resource.name?

mvanholsteijn commented 6 years ago

You need to do a !GetAtt resource.Name. The Ref customarily returns the physical resource id, which is the ARN in this case.

Cheers,

Mark

On Mon, Oct 1, 2018 at 9:12 AM aerioeus notifications@github.com wrote:

Merci, what returns the Name? Did you change the !Ref output or do I need to use !GetAtt resource.name?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/binxio/cfn-secret-provider/issues/22#issuecomment-425809928, or mute the thread https://github.com/notifications/unsubscribe-auth/AAjMa1IQbKy0zPGSiXxgIblU9HfwIqJ-ks5ugcBigaJpZM4W_ve1 .

-- ing.Mark van Holsteijn tel: +316-22-374-114

aerioeus commented 6 years ago

merci

aerioeus commented 6 years ago

sorry, doesnt seem to work,

I'm using:

  ECSKeyPair:
    Type: Custom::KeyPair
    DependsOn: CustomPrivateKey
    Properties:
      Name: ECSKeyPair
      PublicKeyMaterial:
        Fn::GetAtt:
        - CustomPrivateKey
        - PublicKey
      ServiceToken:
        Fn::Join:
        - ":"
        - - arn:aws:lambda
          - Ref: AWS::Region
          - Ref: AWS::AccountId
          - function:binxio-cfn-secret-provider

ECSKeyPairName:
Value: !GetAtt 'ECSKeyPair.name'
Description: ECSKeyPairName

and I'm getting the following error:

CustomResource attribute error: Vendor response doesn't contain name key in object arn:aws:cloudformation:eu-west-1:300746241447:stack/iam-stack-UserGroups-G5K80XQS8UMJ/4c970710-bb64-11e8-b88a-503ac9eaaa99|ECSKeyPair|086b41a6-afb3-4191-bef0-8ebb79e29914 in S3 bucket cloudformation-custom-resource-storage-euwest1

mvanholsteijn commented 6 years ago

You should use a capital N -> !GetAtt 'ECSKeyPair.Name'.

aerioeus commented 6 years ago

merci, typo, :-)

aerioeus commented 6 years ago

Is there any chance I could trouble you with extend the template to generate ssm-secure resources?

Merci Andreas

mvanholsteijn commented 6 years ago

the Custom::Secret allows you to generate values in the SSM parameter store of type SecureString. It also allows you to store a value, but imho this defeats the purpose as your secret will need to be passed in.

mvanholsteijn commented 6 years ago

PS: I would suggest to write:

        Fn::Join:
        - ":"
        - - arn:aws:lambda
          - Ref: AWS::Region
          - Ref: AWS::AccountId
          - function:binxio-cfn-secret-provider

as 

      !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-secret-provider'

Which is shorter and sweeter...

aerioeus commented 6 years ago

ok, let me have a look , that would be great, since calling the ssm-secure is supported by AWS since August, just creating one doesnt work (yet)

aerioeus commented 6 years ago

it seems there is an error in the yaml file, when I try to convert it I get: Error: SyntaxError: Unexpected token S in JSON at position 63

aerioeus commented 6 years ago

Merci, figured it out myself and tested it, works great, many thanks!!!

aerioeus commented 6 years ago

Hi, another question: How can I add a Description to the Secure Parameter?

aerioeus commented 6 years ago

i'm sorry to have to bother you again, but it doesnt work with the !GetAtt 'ECSKeyPair.Name'. the error is still : CustomResource attribute error: Vendor response doesn't contain Name key in object arn:aws:cloudformation:eu

when I try Value: !Select [1, !Split ["/", !Ref ECSKeyPair]] everything works fine; I have repeatedly updated the repository, so I dont know how to fix that..

aerioeus commented 6 years ago

another question; is it actually possible to generate multiple keypairs with this provider or is it limited to just one?

mvanholsteijn commented 5 years ago

Hi, another question: How can I add a Description to the Secure Parameter?

Yes. Just specify the Description property.

mvanholsteijn commented 5 years ago

another question; is it actually possible to generate multiple keypairs with this provider or is it limited to just one?

Yes you can. Just you other key names...

mvanholsteijn commented 5 years ago

i'm sorry to have to bother you again, but it doesnt work with the !GetAtt 'ECSKeyPair.Name'.

Did you deploy the latest vesion of the cfn-secret-provider into your account and created the keypair with it?