Secrets Manager - DocumentDB Construct
See original GitHub issue❓ General Issue
Secret’s value is not passed into a construct for DocumentDB, rather the whole SecretString is passed instead.
The Question
How does one resolve a SecretString from SecretsManager into a construct for DocumentDB? Is this possible?
It passes : {resolve:secretsmanager:arn:aws:secretsmanager:us-east-2:****secret:cdk/docdb-****:SecretString:password::}
but not the actual value
Code:
// Get Secret Values for Username and Password
const secret = sm.Secret.fromSecretAttributes(this, 'cdk/docdb', {
secretArn: '',
});
const credentials = {
username : secret.secretValueFromJson('username'),
password : secret.secretValueFromJson('password')
};
.....
// Create documentdb cluster
const sfDocCluster = new docdb.CfnDBCluster(
this,
"StorefrontDocdbCluster",
{
storageEncrypted: true,
availabilityZones: vpc.availabilityZones.splice(3),
dbClusterIdentifier: "StorefrontDocdbCluster",
masterUsername: credentials.username,
masterUserPassword: credentials.password,
vpcSecurityGroupIds: [sfSecurityGroup.securityGroupName],
dbSubnetGroupName: sfSubnetGroup.dbSubnetGroupName,
dbClusterParameterGroupName: sfDocParamGroup.name,
port
}
);
Console Result:
StorefrontDocdbCluster Property validation failure:
[Length of value {{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-2:****secret:cdk/docdb-****:SecretString:password::}}} for property {/MasterUserPassword} is greater than maximum allowed length {41},
Length of value {{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-2:****:secret:cdk/docdb-****:SecretString:username::}}} for property {/MasterUsername} is greater than maximum allowed length {63}]
Environment
- CDK CLI Version: 1.5
- Module Version:
- OS: OSX Mojave
- Language: TypeScript
Other information
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (7 by maintainers)
Top Results From Across the Web
How Amazon DocumentDB (with MongoDB compatibility ...
In Amazon DocumentDB, users authenticate to a cluster in conjunction with a password. With AWS Secrets Manager, you can replace hardcoded credentials in ......
Read more >AWS Secrets Manager integration
Create a secret in Secrets Manager that contains your Amazon DocumentDB cluster name, username, and password. Securely access your Amazon DocumentDB cluster ...
Read more >AWS Secrets Manager in Use for DocumentDB Databases
With Amazon Secrets Manager you can secure and manage database credentials used to access DocumentDB database clusters provisioned in your AWS ...
Read more >Amazon DocumentDB and AWS Secrets Manager Integration
In this video, you will learn how to leverage AWS secrets manager to store and rotate credentials for Amazon DocumentDB.
Read more >Create an Amazon Secrets Manager secret with automatic ...
This example creates a secret and an Amazon DocumentDB instance using the credentials in the secret as the user and password. The secret...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I don’t know, the documentation says:
But apparently there are some bugs here and there.