下面是我的 ECS 任务的 cloudformation 模板的一部分。它获取一个 secret /rds/rds_secret-D2fBVv,其中包含一个 json 键值对 secret ,例如 {"password":"1234ABCD","dbname":"my_db"}...
TaskDefinitionAPI:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: api
Secrets:
- Name: "DB_PASSWORD"
ValueFrom: "arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
根据本文档here .
但是在创建堆栈时,出现以下错误
ResourceInitializationError: unable to pull secrets or registry auth: Execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 1 time(s): secrets manager: failed to retrieve secret from arn:aws:secretsmanager:::secret:/rds/rds_secret-D2fBVv:SecretString:password: unexpected ARN format with parameters when trying to retrieve ASM secret
我怀疑这是因为我有一个 json 键值对作为 secret 。我已经尝试了很多修改,但 cloudformation 仍然提示。
最佳答案
根据this doc格式应该是
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"
但是你有:
"arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
应该是这样
arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:password::
关于amazon-web-services - 尝试检索 ASM key 时出现带有参数的意外 ARN 格式,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75818349/