Dynamic References

This allows to reference external parameters stored in Systems Manager Parameter Store and Secrets Manager within CloudFormation templates.
CloudFormation can retrieve the values of the specified reference during CREATE/UPDATE/DELETE operations.
These dynamic references can retrieve references from
- ssm
- ssm-secure
- secrets-manager

The syntax for the reference looks as follows,


    # Parameter Store
    '{{resolve:service-name:reference-key:version}}'
    
    # Examples
    '{{resolve:ssm:S3AccessControl:2}}' # SM Parameter store
    '{{resolve:ssm-secure:IAMUserPassword:3}}' # SM Secure Store

    # Secrets Manager

    '{{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}}'

    # Example
    '{{resolve:secretsmanager:MyRDSSecret:SecretString:username:10}}'

RDS and Secret Manager

When using RDS and cloud formation template, if ManagerMasterUserPassword is set as true, then Secrets will be created implicitly in Secrets Manager service.
Else we can explicitly create one and refer it in RDS CFT template via secret attachment.

PreviousCloudFormation Next17_Monitoring

Last updated 21 days ago

hashtagRDS and Secret Manager

RDS and Secret Manager