Closed Stvad closed 3 years ago
It's been on my to-do list for a long time. But unfortunately cloudformation doesn't support that yet:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html Dynamic references for secure values, such as ssm-secure and secretsmanager, are not currently supported in custom resources.
One possible solution would be pass the ARN as a parameter and read the secret in the lambda
One possible solution would be pass the ARN as a parameter and read the secret in the lambda
I think that'd be the best approach given current limitations.
a very basic level support can be just resolving secret into env variables in lambda (which is not idea but cfn-supported)
What I'm trying to do:
That is to read stripe secret key value from SecretsManager vs providing it in code which is problematic.
I get the following error when trying to deploy this:
Expected outcome:
The key can be resolved from secrets manager.
Ideally I think this interface would actually accept the
SecretValue
instead of a string (and you can build that either directly from text or from SecretsManager/SSM/etc