AWS Secrets Manager Secret

AWS::SecretsManager::Secret (CloudFormation)

The Secret in SecretsManager can be configured in CloudFormation with the resource name AWS::SecretsManager::Secret. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

• Description optional - String
• KmsKeyId optional - String
• SecretString optional - String
• GenerateSecretString optional - GenerateSecretString
• ReplicaRegions optional - List of ReplicaRegion
• Tags optional - List of Tag
• Name optional - String

Explanation in CloudFormation Registry

Creates a new secret. A secret is a set of credentials, such as a user name and password, that you store in an encrypted form in Secrets Manager. The secret also includes the connection information to access a database or other service, which Secrets Manager doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.

For information about creating a secret in the console, see Create a secret.

For information about creating a secret using the CLI or SDK, see CreateSecret.

To specify the encrypted value for the secret, you must include either the GenerateSecretString or the SecretString property, but not both. We recommend that you use the GenerateSecretString property to generate a random password as shown in the examples. You can't generate a secret with a SecretBinary secret value using AWS CloudFormation.

Note Do not create a dynamic reference using a backslash (\) as the final value. AWS CloudFormation cannot resolve those references, which causes a resource failure.