AWS Secrets Manager Secret
This page shows how to write Terraform and CloudFormation for Secrets Manager Secret and write them securely.
aws_secretsmanager_secret (Terraform)
The Secret in Secrets Manager can be configured in Terraform with the resource name aws_secretsmanager_secret
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
arn
optional computed - string -
description
optional - string -
id
optional computed - string -
kms_key_id
optional - string -
name
optional computed - string -
name_prefix
optional computed - string -
policy
optional computed - string -
recovery_window_in_days
optional - number -
rotation_enabled
optional computed - bool -
rotation_lambda_arn
optional computed - string -
tags
optional - map from string to string -
rotation_rules
list block-
automatically_after_days
required - number
-
Explanation in Terraform Registry
Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the
aws_secretsmanager_secret_rotation
resource. To manage a secret value, see theaws_secretsmanager_secret_version
resource.
AWS::SecretsManager::Secret (CloudFormation)
The Secret in SecretsManager can be configured in CloudFormation with the resource name AWS::SecretsManager::Secret
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
Description
optional - String -
KmsKeyId
optional - String -
SecretString
optional - String -
GenerateSecretString
optional - GenerateSecretString -
ReplicaRegions
optional - List of ReplicaRegion -
Tags
optional - List of Tag -
Name
optional - String
Explanation in CloudFormation Registry
Creates a new secret. A secret is a set of credentials, such as a user name and password, that you store in an encrypted form in Secrets Manager. The secret also includes the connection information to access a database or other service, which Secrets Manager doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.
For information about creating a secret in the console, see Create a secret.
For information about creating a secret using the CLI or SDK, see CreateSecret.
To specify the encrypted value for the secret, you must include either the
GenerateSecretString
or theSecretString
property, but not both. We recommend that you use theGenerateSecretString
property to generate a random password as shown in the examples. You can't generate a secret with aSecretBinary
secret value using AWS CloudFormation.Note Do not create a dynamic reference using a backslash
(\)
as the final value. AWS CloudFormation cannot resolve those references, which causes a resource failure.